Your Strategic Partner in Compliance and Security

With 30 years of experience in enabling financial entities with asset safety, Thomas Murray is uniquely positioned to support your organisation through DORA compliance and beyond.

Our expertise lies at the intersection of cyber security, financial services, and regulatory compliance. Our consulting team works closely with financial entities, delivering insights based on real threat actor activity and industry-specific intelligence. We provide financial entities with real time insights based on threat actor activity and industry intelligence, with data sourced from the dark web, internet forums, and open sources to ensure comprehensive coverage. This means we offer timely and actionable intelligence tailored to your specific needs.

Comprehensive Support Across All DORA Pillars

At Thomas Murray, we offer a full suite of services to support your organisation in meeting DORA requirements. Our solutions are designed to be flexible — available as one-off engagements, fully managed services, or technology-only offerings.

Whether you need targeted advisory support, end-to-end implementation, or simply access to our Orbit Risk platform for internal and ICT third-party risk assessments, we tailor our approach to your organisation’s needs and regulatory obligations.

In addition, DORA Programme Management Services are available across each of the regulatory pillars — helping you coordinate activities, track progress, and ensure strategic alignment across your compliance efforts.

ICT Risk Management

We help organisations build robust ICT risk frameworks and governance models:

  • Framework review and updates

  • Digital operational resilience strategy, policy, and procedure development

  • Implementation support via ad hoc consulting, managed service, or technology-only delivery (Orbit Risk)

  • Risk assessments aligned to DORA requirements

  • Management and employee training and awareness

ICT Incident Reporting

Ensure timely and structured incident response and escalation:

  • Plan and process reviews

  • Tabletop exercises to simulate response capabilities

  • Support for classification, notification and reporting procedures as required under DORA

Digital Operational Resilience Testing

Validate resilience through comprehensive technical testing:

  • Vulnerability scans across infrastructure and application layers

  • Penetration testing (standard and threat-led)

  • Cloud security reviews

  • Source code reviews

  • Threat-led testing strategy and documentation

Third Party Risk Management

Manage risk exposure from critical ICT service providers:

  • TPRM framework review and development

  • Strategy and policy documentation

  • Substitutability assessments and exit planning

  • TPRM assessments and ongoing monitoring support

  • Register of Information (RoI) maintenance and reporting

How we deliver DORA Compliance

Our proven methodology ensures full DORA alignment, with minimal disruption to your daily operations.

1. Initial Gap Analysis

1. Your Current State

We begin by assessing your organisation’s current DORA compliance status, including both completed and planned activities.

2. Custom Roadmap

2. Tailored Service Package

We identify your current challenges and areas requiring support, then design a customised DORA compliance service package. This includes the appropriate delivery model – whether one-off, technology-led, or a fully managed service.

3. Hands-On Implementation

3. Hands-On Implementation

We provide hands-on support to implement governance processes, documentation, testing, assessments, and reporting practices in line with DORA requirements.

4. Ongoing Monitoring and Advice

4. Ongoing Monitoring

By staying on top of regulatory updates, we manage your ongoing implementation in line with evolving requirements and organisational priorities.

Trusted by Global Financial Institutions

Explore how we help leading organisations achieve DORA compliance and enhance their digital operational resilience.

Multiple pension funds of one of the largest tech companies in the world

Multiple pension funds of one of the global technology leaders

One of the largest global technology companies has multiple pension funds in scope for DORA. Thomas Murray conducted detailed assessments of existing documentation, implemented key controls, and delivered a tailored DORA compliance roadmap, including recommendations on contract terms and statements of work. We are currently supporting the ongoing implementation of several roadmap elements.
Two insurance businesses, for a global organisation​

Two insurance businesses, for a global organisation​

A global organisation with two partially integrated insurance businesses in the Nordics worked with Thomas Murray to conduct a DORA self-assessment, including multiple rounds of interviews to gather compliance data. We provided a tailored DORA compliance roadmap, which included recommendations on business integration and contract terms.
AIFM and Management companies in multiple EU jurisdictions​

AIFM and Management companies in multiple EU jurisdictions​

The board of an Alternative Investment Fund Manager and management company commissioned Thomas Murray to conduct a high-level review of DORA compliance. Our team completed a DORA self-assessment and gathered additional compliance insights in a half-day session. We provided an executive summary outlining board roles and responsibilities, key areas for consideration, and recommended actions for senior management.

Contact us to discuss a tailored approach to your DORA readiness and ongoing compliance

Let Thomas Murray guide your organisation through the complexities of DORA compliance, with expert-led support every step of the way. Whether you’re just beginning to assess your readiness or require ongoing managed services, we’re here to help.

 

Why DORA Matters

Why DORA matters

Complying with DORA is not just a regulatory requirement – it’s a strategic advantage.

  • Improved Resilience – Ensure your organisation can quickly recover from disruptions.

  • Stronger Cyber Security Posture – Reduce your vulnerability to evolving threats.

  • Stakeholder Confidence – Demonstrate robust governance and risk oversight to regulators, investors, and clients.

  • Third-Party Risk Control – Gain clarity over your ICT provider ecosystem and reduce reliance on any single vendor.

Thomas Murray DORA experts

Shreeji Doshi

Shreeji Doshi

Director, GRC | Cyber Risk

sdoshi@thomasmurray.com
Edward Starkie

Edward Starkie

Director, GRC | Cyber Risk

estarkie@thomasmurray.com