Application for DORA
Compliance

Automate risk analysis, manage action plans, and report incidents. Our application streamlines ICT service dependency mapping in full accordance with DORA regulations.

Book a demo

They trusted us

RIG DORA: Your All-in-One Compliance Solution

Built on the RED INTO GREEN GRC platform, RIG DORA provides the essential tools to meet regulatory requirements. Our solution features dedicated modules for Risk Analysis and Incident Management, alongside a specialized DORA Register designed to handle complex ICT supplier data in accordance with EBA standards.

Module: Risk Analysis

Automate your entire risk management lifecycle, from initial assessment to action plans and reporting. RIG provides a visual map of dependencies among assets, processes, and security measures, enabling you to monitor real-time progress and analyze how various elements affect your overall risk posture.

Learn more

Module: TPRM & DORA Register

Manage third-party risk by assessing, monitoring, and auditing suppliers. Go through the DORA compliance process related to ICT service providers. In the DORA Register, you centralize structured information in accordance with the EBA data model:

  • organizational structure (entities and their relationships)
  • financial assets and their locations (asset value)
  • business activities (business functions)
  • support network (suppliers and contracts)
  • expenditure on this support (contract values)
  • potential weaknesses (critical functions)
  • risk tolerance (threshold parameters for critical functions – risk acceptance level for each supplier)

Send correct CSV reports to the legislator.

Learn more

Module: Incident Register

Record, categorize, and classify ICT incidents while automating notifications to relevant authorities. RIG enables you to analyze exactly how incidents affect organizational assets, simplifying procedure verification and providing the data needed to justify budgets for critical security measures.

Learn more

Data and Reporting

The solution features an advanced analytical engine that automatically consolidates data from all critical compliance areas. This includes activity records, risk assessments (such as DPIA), data processing agreements, incident logs, and individual rights requests, alongside full documentation for GDPR, NIS2, and DORA.

The platform transforms this raw information into intuitive reports and interactive dashboards. These tools provide clear visualizations of threat levels, security maturity, and regulatory status. With one-click Excel exports (.xlsx) and real-time KPIs, the platform empowers Management and the CISO to monitor security posture effectively and make data-driven business decisions.

Integrations

Vulnerability Scanner Integration:

  • Automate the synchronization of vulnerability scan results directly into the RED INTO GREEN system.
  • Link detected vulnerabilities to specific risks and controls to strengthen the risk management framework.
  • Accelerate the risk assessment cycle and the creation of corrective action plans.
  • Ensure continuous updates to the organization’s security status.

CMDB (Configuration Management Database) Integration:

  • Contextualize IT assets, including servers, applications, and devices, within the broader risk management process.
  • Map identified risks and vulnerabilities directly to specific assets.
  • Support the automation of complex compliance workflows and audit processes.
  • Analyze the immediate impact of incidents on critical business services.
Product

RIG DORA

Interested in learning more about the product, pricing, or subscription options? Contact us today to get all your questions answered.

Book a demo Find out the price

Details of the functionalities in the RIG DORA module

  • Registers
    (documentation archive)

    • Incident registers
    • Process registers
    • Register of suppliers
    • Security register
    • Vulnerability register
    • Threat register
    • Information register for all contractual arrangements for the use of ICT services provided by external ICT service providers
    • Register of contracts with suppliers
    • Register of DPO contact details
    • Register of contractual provisions

  • Assessments

    • Supplier compliance assessments
    • Incident assessments

  • Logs

    • Compliance Officer’s logbook

  • Repository

    • DORA risk management framework

  • Automatically checking the impact of a given plan on the level of risk in the organization

    • Flexible selection of the level: threat, asset, vulnerability
    • Selection of areas to create a plan (information security according to ISO 27001, business continuity according to ISO 22301, personal data)
    • Choice of impact modalities – reducing the likelihood of the threat materialising, reducing the impact, reducing the likelihood of the impact occurring
    • Enabling or disabling the plan and preview of its operation in analytical functionalities

  • Surveys

    • ICT vendor surveys

  • Automated assessments

    • Information security risk assessments
    • Risk assessments for business continuity

  • Integrations via API

  • Analytics

    • Dynamic filtering
    • Adding and rearranging columns and rows (drag&drop)
    • Dynamic aggregation
    • Building analytical perspectiveswith one, two or more dimensions
    • Selecting summary from item counts, summing values, calculating percentages
    • Customised reports
    • Workflow – tasks for users

  • Organization mapping

  • Reports

    • Reports for the management board
    • Reports for the supervisory board
    • Reports for regulatory authorities
    • Reports for counterparties
    • Automated reports on assets, vulnerabilities, security, supplies, processes, and much more

  • Dictionaries

Book a demo
Product – RIG DORA

Learn about the DORA compliance process

Learn more