Does DORA affect only banks?

No. It covers a broad range of financial entities and their critical ICT dependencies, including external providers.

Does POLEGIS also support resilience testing and scenarios?

Yes. We design organizational requirements, test scenarios, escalation paths and evidence for risk, audit and executive functions.

Can DORA be aligned with ISO 27001 or NIS2?

Yes. We design one control and evidence model so the organization does not maintain three parallel compliance stacks.

NIS2 KSC DORA RODO ISO NIST

DORA

DORA: digital operational resilience in practice

DORA has applied since 17 January 2025 and requires financial entities to manage ICT risk, incidents, resilience testing and external providers as a continuous operating model, not a one-off project.

Book a DORA workshop Contact POLEGIS

DORA is ICT risk governance, not only a checklist

DORA combines ICT risk management, incident handling, resilience testing, third-party oversight and executive reporting into one regulatory operating model.

ICT control model and decision ownership.
Incident classification, escalation and reporting readiness.
Critical supplier assessment and outsourced ICT oversight.
Resilience testing and evidence of effectiveness.

POLEGIS service scope

Review the current ICT risk framework against DORA expectations.
Structure incident catalogs, thresholds, escalation and reporting paths.
Map suppliers, contracts, service registers and oversight obligations.
Prepare management, audit and process-owner materials.

Outcome for a financial organization

One DORA map instead of fragmented obligations across multiple teams.
A coherent model for controls, incidents, tests and supplier oversight.
An executive report showing compliance status, gaps and next actions.
Evidence ready for audit, risk office and regulatory functions.

Frequently asked questions

Does DORA require a full redesign of the security model?
Not always. In many cases the first step is to fix roles, metrics, registers and evidence before extending technology controls.

Does POLEGIS work with ICT contracts and suppliers too?
Yes. In practice this is one of the most critical DORA domains, so supplier governance is part of the scope.

Does the service end with a report?
No. The report is a starting point for implementation, not the finish line.

Contact

Send us a message

Use the form below to contact POLEGIS. You can provide e-mail, phone, or both.

Scope: KSC, NIS2, DORA, GDPR, digital resilience

Mode: consultation, implementation, audit readiness

Support: SME, public sector, critical and essential entities

Full name *

Company

E-mail

Phone

Message *

This form is used to handle business inquiries regarding POLEGIS services. Describe the case and provide at least one contact channel.

If you provide an e-mail address or phone number, enable consent for the matching communication channel.

I confirm that the form concerns a business inquiry and that the submitted contact data is accurate. I confirm that I have read the personal data processing notice related to handling this inquiry. I agree to be contacted electronically at the provided e-mail address. I agree to be contacted by phone at the provided number.

Data processing notice

The data controller is POLEGIS Sp. z o.o., Milenijna 43 / 2, 03-130 Warszawa, Polska. Contact regarding this form: biuro@polegis.pl.

We process the data to answer the inquiry, conduct correspondence, and prepare an offer or working discussion.
The legal basis is taking steps at the request of the contacting person and the controller’s legitimate interest in handling business relations.
We retain the data for the duration of the case and for the period necessary to secure potential claims and demonstrate the course of contact.
You have the right to access, rectify, erase, restrict processing, object, and file a complaint with the competent supervisory authority.