Services · Assessment
Has the bank sent you a DORA addendum?
The DORA act took effect in Norway on 1 July 2025, and banks and insurers are now sending DORA addenda to all their ICT suppliers — including small development and consulting firms. We review your contract against the requirements in DORA Article 30, show you exactly what’s missing, and build the document pack that lets you answer your financial-sector customer with confidence.
Assessment
Price
from NOK 10,000
excl. VAT · single contract NOK 10,000–20,000 · full pack NOK 25,000–70,000
All prices excl. VAT.
What’s included
- A gap matrix per contract: every requirement in DORA Article 30 against what your agreement actually says
- A plain-language explanation of what each requirement means in practice for a small supplier
- An assessment of what you should accept, negotiate or ask to change — as a basis for negotiation
- A “ready for financial customers” document pack: a continuity description, a security description and answers to typical supplier questionnaires
- A prioritized action list for the gaps that require real changes on your side
- A review meeting before you respond to the customer
How we work
- 01
Free intro call
We look at the addendum or questionnaire you’ve received and define the scope — one contract or the full pack. Fixed price before we start.
- 02
Contract review
We map your agreement and your practice against the requirements in DORA Article 30 and build the gap matrix.
- 03
Document pack
We produce the documents your financial customer expects to see, based on how you actually work — not wishful thinking.
- 04
Review and response
We go through the matrix, the actions and the document pack together, so you can answer the customer precisely and on time.
A fit for you if
- deliver IT services, software or consulting to banks, insurers or other financial institutions
- have received a DORA addendum or supplier questionnaire and don’t know what you can safely sign
- want to use DORA readiness as a competitive edge with new financial-sector customers
- are 2–20 people with no compliance function of your own
Common questions
What does DORA supplier readiness cost?
Reviewing a single contract costs NOK 10,000–20,000 excl. VAT. The full pack with a gap matrix, action list and complete document pack costs NOK 25,000–70,000 excl. VAT, depending on the number of contracts and how much documentation already exists.
How long does it take?
A single contract usually takes 1–2 weeks. The full pack normally takes 3–5 weeks from kickoff. If you have a response deadline from the customer, we tell you honestly whether it’s realistic before we start.
We’re not a financial institution — does DORA apply to us?
DORA places requirements on the financial institutions, not directly on you — but they must push those requirements into their contracts with ICT suppliers. Financial institutions submitted their ICT contract registers to Finanstilsynet — the Norwegian financial supervisory authority — in March 2026, and many are now cleaning up their supplier agreements. That’s why small suppliers are receiving DORA addenda right now.
What can the delivery be used for — and not?
The gap matrix and document pack give you an overview and a solid basis for responding to and negotiating with your financial customer. This is an assessment and gap analysis with a clearly defined scope — not a certification and not legal advice. The contract negotiation itself and legal questions are referred to a lawyer.
Can’t we just sign the addendum and hope for the best?
That’s a risk: the addenda often contain audit rights, incident notification and exit-plan requirements that genuinely bind you. The gap matrix shows what you’re actually taking on — so you sign with your eyes open, or negotiate where needed.
What if we’re missing a lot of what’s required?
That’s common, and it’s why the action list is prioritized: what must be in place before you respond, and what can be handled over time. If you need help with the measures themselves — say backup or access control — those are separate services, kept clearly apart from the assessment.
Often bought together with
Security posture assessment (NIST CSF 2.0)
A maturity scorecard across six functions, top-10 actions and a 12-month roadmap — a neutral yardstick.
from NOK 12,000
Security review (NSM baseline principles)
Interviews, a technical check and vulnerability scanning — a top-10 action list in a report management understands.
NOK 14,900–29,900
Business backup (Microsoft 365 backup)
Backup of email, OneDrive, SharePoint and Teams — with a restore routine that has actually been tested.
NOK 4,900–7,900