DORA Compliance Providers Directory
19 auditors, consultancies, and GRC platforms that support DORA compliance across the EU. Ranked against our published methodology. Every profile lists strengths and limitations.
Showing 19 of 19 providers
Deloitte
Big 4
Deloitte is a Big Four network delivering DORA readiness assessments, ICT and operational-resilience advisory, third-party risk management, and threat-led penetration testing (TLPT) support. It serves the largest EU banks, insurers, and market infrastructures alongside a growing fintech practice.
PwC
Big 4
PwC is one of the Big Four professional-services networks, offering DORA gap assessments, ICT risk-management advisory, third-party risk programmes, and resilience-testing support across the full range of EU financial entities. Its scale and regulatory relationships make it a common choice for large, complex institutions.
EY
Big 4
EY (Ernst & Young) is a Big Four network providing DORA readiness and gap assessments, ICT and cyber-risk advisory, third-party risk programmes, and operational-resilience testing. It works across banking, insurance, and capital-markets clients throughout the EU.
KPMG
Big 4
KPMG is a Big Four network offering DORA gap analysis, ICT risk-management frameworks, third-party risk advisory, and regulatory-reporting support. With its global headquarters in the Netherlands, it maintains a strong EU-centred regulatory practice.
NCC Group
Cybersecurity specialist
NCC Group is a cybersecurity specialist offering threat-led penetration testing, security assurance, and resilience services directly relevant to DORA's digital operational-resilience testing pillar. It is a recognised provider of TLPT-style engagements for financial institutions.
OneTrust
GRC platform
OneTrust is a governance, risk, and compliance (GRC) software platform used to operationalise DORA requirements, including ICT third-party risk registers, incident workflows, and control mapping. It complements advisory firms rather than delivering audit services itself.
BDO
Mid-tier
BDO is a global network of public accounting, tax, and advisory firms and one of the largest mid-tier providers after the Big Four. Its risk-advisory and cybersecurity practices support financial entities with DORA gap assessments, ICT risk-management frameworks, third-party risk, and resilience testing across EU member states.
Forvis Mazars
Mid-tier
Forvis Mazars is an international audit, tax, and advisory partnership with deep roots in European financial services. Its regulatory and risk teams advise banks, insurers, and investment firms on DORA gap assessments, ICT governance, and third-party-risk arrangements.
Softstack
Cybersecurity / crypto-native
Softstack (formerly Chainsulting) is a Germany-based security firm specialising in smart-contract audits, blockchain security reviews, and penetration testing. For DORA, its relevance sits in the ICT security-testing and third-party-risk pillars, particularly for crypto-asset service providers, tokenisation platforms, and fintechs handling digital assets.
Grant Thornton
Mid-tier
Grant Thornton is a leading mid-tier network of independent audit, tax, and advisory member firms. Its financial-services risk and cyber teams help banks, insurers, and investment firms scope DORA obligations, run gap assessments, and build ICT risk-management and third-party-risk registers.
MetricStream
GRC platform
MetricStream is a governance, risk, and compliance (GRC) software vendor. Its platform supports DORA programmes with ICT and operational-risk management, third-party risk, incident management, and the register of information, rather than hands-on advisory or audit services.
RSM
Mid-tier
RSM is a global network of independent audit, tax, and consulting firms focused on the middle market. Its risk-advisory practices support financial entities with DORA readiness, ICT and third-party risk management, and operational-resilience reviews across European jurisdictions.