Skip to main content
DORA Auditor

Best DORA Auditors for Banks

Ranking (19)

#ProviderBest forPricingScoreRating
1Deloitte

Big 4

Banks, Insurance companiesenterprise86/100
4.5 out of 5
Profile →
2PwC

Big 4

Banks, Insurance companiesenterprise86/100
4.5 out of 5
Profile →
3EY

Big 4

Banks, Insurance companiesenterprise85/100
4.4 out of 5
Profile →
4KPMG

Big 4

Banks, Insurance companiesenterprise84/100
4.4 out of 5
Profile →
5NCC Group

Cybersecurity specialist

Banks, Investment firmspremium70/100
4.2 out of 5
Profile →
6OneTrust

GRC platform

Banks, Insurance companiespremium68/100
4.0 out of 5
Profile →
7BDO

Mid-tier

Banks, Insurance companiespremium66/100
4.0 out of 5
Profile →
8Forvis Mazars

Mid-tier

Banks, Insurance companiespremium65/100
3.9 out of 5
Profile →
9Softstack

Cybersecurity / crypto-native

Crypto-asset service providers, Fintech startupsmid64/100
4.3 out of 5
Profile →
10Grant Thornton

Mid-tier

Banks, Insurance companiespremium64/100
3.9 out of 5
Profile →
11MetricStream

GRC platform

Banks, Insurance companiesenterprise61/100
3.9 out of 5
Profile →
12RSM

Mid-tier

Banks, Insurance companiesmid61/100
3.8 out of 5
Profile →
13Crowe

Mid-tier

Banks, Insurance companiesmid60/100
3.8 out of 5
Profile →
14Fusion Risk Management

GRC platform

Banks, Insurance companiesenterprise59/100
3.9 out of 5
Profile →
15WithSecure

Cybersecurity specialist

Banks, Insurance companiespremium58/100
4.1 out of 5
Profile →
16Kudelski Security

Cybersecurity specialist

Banks, Investment firmspremium56/100
4.0 out of 5
Profile →
17TÜV SÜD

Certification / testing

Banks, Insurance companiesmid56/100
3.9 out of 5
Profile →
18SureCloud

GRC / resilience

Banks, Insurance companiesmid56/100
3.8 out of 5
Profile →
19DQS

Certification body

Banks, Insurance companiesmid53/100
3.7 out of 5
Profile →

How we rank

Every provider is scored on the same seven criteria, DORA expertise, regulatory track record, entity coverage, geographic coverage, service breadth, client evidence, and pricing transparency, set out in our published methodology. This category surfaces the providers most relevant to banks; where fewer than three qualify, we add the highest-ranked generalists so the shortlist stays practical. We may earn referral fees from listed providers; this does not affect scores.

Frequently asked questions

Which auditor is best for DORA compliance at a bank?
Are banks subject to threat-led penetration testing under DORA?
How are the bank-focused providers ranked?