Your strategic compliance and security partner

With more than 30 years’ experience delivering asset safety to financial entities, we’re uniquely positioned to help your organisation achieve full DORA compliance.

Our expertise lies at the intersection of cybersecurity, financial services, and regulatory compliance. We provide real-time insights based on threat actor activity and industry intelligence, with data sourced from the dark web, internet forums, and open sources - ensuring comprehensive coverage and actionable intelligence tailored to your specific needs.

Comprehensive DORA support

At Thomas Murray, we offer a full suite of services to help your organisation meet DORA requirements. Our flexible solutions are available as one-off engagements, fully managed services, or technology-only solutions.

We deliver:

  • Targeted advisory support.
  • End-to-end implementation.
  • Orbit Risk for internal and ICT third-party risk assessments.
  • DORA Programme Management Services, helping you coordinate activities, track progress, and ensure strategic compliance efforts across regulatory pillars.
ICT Risk Management
We help you build robust ICT risk frameworks and governance.
  • Framework reviews and updates.
  • DORA strategy, policy and procedure development.
  • Implementation support - through consulting, managed service, and technology.
  • DORA-aligned risk assessments.
  • Awareness training.
ICT Incident Reporting
Fast, structured incident response.
  • Plan and process reviews.
  • Tabletop exercises to simulate response capabilities.
  • DORA classification, notification and reporting support.
Digital Operational Resilience Testing
Validate your resilience through comprehensive technical testing.
  • Vulnerability scans across infrastructure and application layers.
  • Penetration testing (standard and threat-led).
  • Cloud security reviews.
  • Source code assessment.
  • Threat-led testing strategy and documentation.
Third Party Risk Management
Manage your risk exposure from critical ICT service providers.
  • TPRM framework review and improvement.
  • Strategy and policy documentation.
  • Substitutability assessments and exit planning.
  • TPRM monitoring and support.
  • Register of Information (RoI) maintenance and reporting.

Delivering DORA compliance

Our proven methodology ensures full DORA alignment, with minimal disruption to your daily operations.

1. Initial Gap Analysis

1. Your current state

We begin by assessing your organisation’s current DORA compliance status, including both completed and planned activities.

2. Custom Roadmap

2. Tailored service package

We identify your current challenges, then design a customised DORA compliance support package, including the appropriate delivery model (one-off, technology-led, or a fully managed service).

3. Hands-On Implementation

3. Hands-on implementation

We provide hands-on support to implement governance processes, documentation, testing, assessments, and reporting practices, in line with DORA requirements.

4. Ongoing Monitoring and Advice

4. Ongoing monitoring

We assess the latest regulatory updates then manage your ongoing implementation in line with your evolving requirements and organisational priorities.

Our DORA implementations

We've helped leading organisations achieve DORA compliance and enhance their digital operational resilience.

Multiple pension funds of one of the largest tech companies in the world

Evaluating DORA scope for a large global tech company with multiple pension funds

One of the largest global technology companies has multiple pension funds in scope for DORA. We conducted detailed assessments of their existing documentation, implemented key controls, and delivered a tailored DORA compliance roadmap, including recommendations on contract terms and statements of work. We’re currently supporting their ongoing roadmap implementation.
Two insurance businesses, for a global organisation​

Assessment of two insurance businesses for a global organisation

We worked with a global organisation with two partially integrated insurance businesses in the Nordics to conduct a DORA self-assessment, including multiple rounds of interviews to gather compliance data. We then delivered a tailored DORA compliance roadmap, including recommendations on business integration and contract terms.
AIFM and Management companies in multiple EU jurisdictions​

Review of AIFM and management companies

The board of an Alternative Investment Fund Manager and management company, commissioned us to conduct a high-level review of their DORA compliance. 
Our team completed a DORA self-assessment and gathered additional compliance insights in a half-day session. We then provided an executive summary, outlining board roles and responsibilities, key areas for consideration, and recommended actions for senior management.

Contact us to discuss your DORA readiness.

Whether you’re just beginning to assess your DORA readiness or require ongoing managed services, our experts are here to help.

 

Thomas Murray DORA experts

Shreeji Doshi

Shreeji Doshi

Director, GRC | Cyber Risk

sdoshi@thomasmurray.com
Edward Starkie

Edward Starkie

Director, GRC | Cyber Risk

estarkie@thomasmurray.com