Result-proven cybersecurity.
+371 2256 5353 support@offseq.com

Theme

Book a consultation

The Digital Operational Resilience Act has applied since 17 January 2025, and supervisors are no longer asking whether you have started — they want evidence. DORA stands on five pillars: ICT risk management, incident reporting, resilience testing, third-party risk and information sharing. We turn that obligation into genuine resilience, grounded in how your institution would actually be attacked.

At the sharp end is Threat-Led Penetration Testing. The DORA TLPT technical standards took effect in mid-2025 and TIBER-EU was updated to align — including a mandatory purple-teaming closure phase. We run intelligence-led, covert adversary simulations against your live production systems, with an external threat-intelligence provider and a minimum multi-week active red-team phase, while the blue team stays unaware — so you measure detection and response as they really are.

We confirm whether you are in scope, run TIBER-EU-aligned engagements (including pooled testing where you share critical infrastructure with peers), and connect findings back to your ICT risk framework, your Register of Information on third-party arrangements, and your major-incident reporting workflows.

17 Jan 2025
DORA in force across the EU
TIBER-EU
aligned threat-led testing

How it works

  1. 01

    Scoping & applicability

    Confirm DORA scope and TLPT applicability; agree critical functions and rules of engagement.

  2. 02

    Gap assessment

    Measure ICT risk, third-party risk, incident reporting and testing against DORA and the RTS.

  3. 03

    Threat intelligence & targeting

    External provider builds threat scenarios and targeting against your critical functions.

  4. 04

    Red team execution

    Covert, intelligence-led testing of live systems with the blue team unaware.

  5. 05

    Closure & reporting

    Mandatory purple teaming, remediation roadmap and authority-ready evidence.

Packages

Essential

DORA five-pillar gap assessment and resilience-testing readiness roadmap.

Popular

Comprehensive

Full DORA program support with third-party risk and incident-reporting workflows.

Enterprise

End-to-end TIBER-EU-aligned TLPT with threat intelligence and purple-team closure.

Helpful tools

Scope a test Build a scoped brief in a minute NIS2 / DORA scope check See if the regulations apply to you Security maturity check Score yourself across six domains

Scope a test

support@offseq.com · +371 2256 5353

Scope a test Get in touch

All services

Offensive

Security Audits

Uncover hidden vulnerabilities before attackers do.

 Engineering

Secure Code Review & SAST

Find vulnerabilities in the source, before they ship.

 AI

AI & LLM Security

Red team your AI before attackers and regulators do.