Skip to main content
DORA Auditor

DORA Compliance Providers Directory

19 auditors, consultancies, and GRC platforms that support DORA compliance across the EU. Ranked against our published methodology. Every profile lists strengths and limitations.

Showing 19 of 19 providers

Deloitte

Big 4

4.5 out of 5

Deloitte is a Big Four network delivering DORA readiness assessments, ICT and operational-resilience advisory, third-party risk management, and threat-led penetration testing (TLPT) support. It serves the largest EU banks, insurers, and market infrastructures alongside a growing fintech practice.

BanksInsurance companiesInvestment firms
View profile

PwC

Big 4

4.5 out of 5

PwC is one of the Big Four professional-services networks, offering DORA gap assessments, ICT risk-management advisory, third-party risk programmes, and resilience-testing support across the full range of EU financial entities. Its scale and regulatory relationships make it a common choice for large, complex institutions.

BanksInsurance companiesInvestment firms
View profile

EY

Big 4

4.4 out of 5

EY (Ernst & Young) is a Big Four network providing DORA readiness and gap assessments, ICT and cyber-risk advisory, third-party risk programmes, and operational-resilience testing. It works across banking, insurance, and capital-markets clients throughout the EU.

BanksInsurance companiesInvestment firms
View profile

KPMG

Big 4

4.4 out of 5

KPMG is a Big Four network offering DORA gap analysis, ICT risk-management frameworks, third-party risk advisory, and regulatory-reporting support. With its global headquarters in the Netherlands, it maintains a strong EU-centred regulatory practice.

BanksInsurance companiesInvestment firms
View profile

NCC Group

Cybersecurity specialist

4.2 out of 5

NCC Group is a cybersecurity specialist offering threat-led penetration testing, security assurance, and resilience services directly relevant to DORA's digital operational-resilience testing pillar. It is a recognised provider of TLPT-style engagements for financial institutions.

BanksInvestment firmsPayment institutions
View profile

OneTrust

GRC platform

4.0 out of 5

OneTrust is a governance, risk, and compliance (GRC) software platform used to operationalise DORA requirements, including ICT third-party risk registers, incident workflows, and control mapping. It complements advisory firms rather than delivering audit services itself.

BanksInsurance companiesInvestment firms
View profile

BDO

Mid-tier

4.0 out of 5

BDO is a global network of public accounting, tax, and advisory firms and one of the largest mid-tier providers after the Big Four. Its risk-advisory and cybersecurity practices support financial entities with DORA gap assessments, ICT risk-management frameworks, third-party risk, and resilience testing across EU member states.

BanksInsurance companiesInvestment firms
View profile

Forvis Mazars

Mid-tier

3.9 out of 5

Forvis Mazars is an international audit, tax, and advisory partnership with deep roots in European financial services. Its regulatory and risk teams advise banks, insurers, and investment firms on DORA gap assessments, ICT governance, and third-party-risk arrangements.

BanksInsurance companiesInvestment firms
View profile

Softstack

Cybersecurity / crypto-native

4.3 out of 5

Softstack (formerly Chainsulting) is a Germany-based security firm specialising in smart-contract audits, blockchain security reviews, and penetration testing. For DORA, its relevance sits in the ICT security-testing and third-party-risk pillars, particularly for crypto-asset service providers, tokenisation platforms, and fintechs handling digital assets.

Crypto-asset service providersFintech startupsICT third-party providers
View profile

Grant Thornton

Mid-tier

3.9 out of 5

Grant Thornton is a leading mid-tier network of independent audit, tax, and advisory member firms. Its financial-services risk and cyber teams help banks, insurers, and investment firms scope DORA obligations, run gap assessments, and build ICT risk-management and third-party-risk registers.

BanksInsurance companiesInvestment firms
View profile

MetricStream

GRC platform

3.9 out of 5

MetricStream is a governance, risk, and compliance (GRC) software vendor. Its platform supports DORA programmes with ICT and operational-risk management, third-party risk, incident management, and the register of information, rather than hands-on advisory or audit services.

BanksInsurance companiesInvestment firms
View profile

RSM

Mid-tier

3.8 out of 5

RSM is a global network of independent audit, tax, and consulting firms focused on the middle market. Its risk-advisory practices support financial entities with DORA readiness, ICT and third-party risk management, and operational-resilience reviews across European jurisdictions.

BanksInsurance companiesInvestment firms
View profile