Nine months after the DORA compliance deadline, financial institutions are entering a new phase of supervisory expectation. Initial implementation is no longer enough - regulators are shifting focus towards evidence of operational resilience, maturity of Third Party Risk Management practices, and ongoing maintenance of the Register of Information (RoI).

This checklist has been designed to provide practical guidance for Q4 2025 and into 2026, helping you validate your current compliance position, identify gaps, and prepare proactively for regulatory scrutiny. It is structured to support both operational teams responsible for delivery and senior management accountable for oversight.

Use this as a working document to track progress, assign responsibilities, and ensure that key elements such as governance, testing, documentation, and reporting are not only in place — but demonstrably embedded.

Fill out the form to access the DORA Compliance Checklist

 
Cyber Risk

DORA Managed Service

With 30 years of experience in enabling financial entities with asset safety, Thomas Murray is uniquely positioned to support your organisation through DORA compliance and beyond.

At Thomas Murray, we offer a full suite of services to support your organisation in meeting DORA requirements. Our solutions are designed to be flexible — available as one-off engagements, fully managed services, or technology-only offerings.

Learn more