Fit2Trade
Digital Operational Resilience (DORA) for Credit Unions
Simple monthly, quarterly and annual checklists that make DORA compliance easy — even without an IT team.
Irish Credit Union–ready
Built for CBI IT expectations
Templates + evidence included
What DORA Means for Credit Unions
The Digital Operational Resilience Act is coming — and Irish Credit Unions will be expected to show clear evidence of ICT governance, cyber controls, vendor oversight and resilience testing.
But most CUs don’t have internal IT teams.
So we built a practical, guided approach that breaks DORA down into simple actions you can complete in <90 minutes each month.
- Clear responsibilities between Manager, Board & Vendors
- Simple monthly & quarterly checklists
- Evidence for future CBI IT reviews
- Zero jargon, no big projects
- Works with any IT provider
- All templates included
Simple, transparent pricing for Credit Unions
DORA Core and Pro include a full Governance and Policy Pack: ICT Governance Statement, complete ICT Policy Suite, Vendor Due Diligence Questionnaire, DORA-aligned Incident Response Form, Quarterly Oversight Reporting Pack, Annual ICT Self-Assessment Template, plus all supporting ICT Checklists listed below.
DORA Core
- The simplified DORA framework for smaller credit unions.
- What’s included
- DORA Essentials Module for all Staff
- DORA Checklist Guide
- 5 x Monthly DORA Checklists
- 7 x Quarterly DORA Checklists
- 3 x Annual DORA Checklists
- 8 x Credit Union ICT Policies (DORA-aligned)
- ICT Governance Statement
- Incident Response Reporting and Tracking
- Vendor Due Diligence Questionnaire
- Time commitment: ~1.5 hours per month
DORA Pro
- Full operational resilience framework — audit-ready.
- Everything in Core, PLUS;
- Full versions of all Lite Checklists and Complete ICT Policy Suite
- Annual ICT Self-Assessment
- Governance & asset inventory Checklists
- Cyber & endpoint control Checklists
- Network + logging + monitoring Checklists
- System hardening + secure config Checklists
- Vendor Due Diligence Questionnaire & Exit Strategy Checks
- Quarterly DORA Oversight Review Toolkit
- ICT Governance Board Pack
- Time commitment: ~3 hours per month
DORA Core – Checklists Included
Governance & Oversight
-
ICT Governance Checklist – Lite (8 mins • Quarterly)
-
DORA Gap Analysis – Lite (10 mins • Annual)
Cyber & Access Controls
- Cybersecurity Hygiene – Lite (8 mins • Monthly)
- User Access Management (12 mins • Monthly)
- System Access Log Review – Lite (7 mins • Monthly)
- Patch & Vulnerability Management Checklist (12 mins • Monthly)
- Email Security Checklist (12 mins • Quarterly)
- Remote Access Security Checklist (12 mins • Quarterly)
- Password & Authentication Policy (10 mins • Annual)
Vendor & Outsourcing
Vendor Risk & Outsourcing – Lite (10 mins • Quarterly)
Incident, Data & Resilience
-
Incident Management – Lite (7 mins • Monthly)
-
Data Breach Response (12 mins • Quarterly Review / As needed)
- Business Continuity / Disaster Recovery Checklist – Lite (7 mins • Annually)
Assets, Inventory & Configuration
-
ICT Asset & System Inventory Checklist – Lite (10 mins • Quarterly)
-
Mobile Device Security (12 mins • Quarterly)
DORA Pro – Additional Checklists
Governance & Oversight
-
ICT Governance Checklist (10 mins • Quarterly)
-
ICT Asset & System Inventory (15 mins • Quarterly)
- Quarterly DORA Oversight Review (15 mins • Quarterly)
-
DORA Gap Analysis (Full) (20 mins • Annual)
-
DORA Annual ICT Self-Assessment (25 mins • Annual)
Cyber & Access Controls
-
Cybersecurity Hygiene – Full (15 mins • Monthly)
-
System Access Log Review – Full (12 mins • Monthly)
-
Administrator Account Review (10 mins • Quarterly)
-
Mobile Device Security (12 mins • Quarterly)
-
Secure Configuration Checklist (20 mins • Annual)
-
System Hardening Checklist (20 mins • Annual)
-
Password & Authentication Policy (10 mins • Annual)
-
Logging & Monitoring Checklist (15 mins • Quarterly)
-
Network Security Checklist (15 mins • Quarterly)
Vendor & Outsourcing
-
Vendor Risk & Outsourcing – Full (15 mins • Quarterly)
-
Vendor Exit Strategy Checklist (15 mins • Annual)
Incident, Data & Resilience
-
Incident Management – Full (10 mins • Monthly)
-
Business Continuity / DR – Full (15 mins • Annual)
-
Digital Resilience Testing (Light-Touch) (12 mins • Annual)
- Data Retention & Disposal (15 mins • Annual)
A Complete Guide to Dora Checklists in Fit2Trade
What each Checklist is for, why it’s important and a guide to each checklist and question.
DORA Core – Policies Included
ICT Policies
-
Access Control Policy
-
Email & Internet Usage Policy
-
Mobile Device Security Policy (BYOD optional)
-
Password & Authentication Policy
-
Data Retention & Disposal Policy
-
ICT Governance Policy
-
Incident Management & Reporting Policy
-
Vendor Risk Management Policy (lite)
DORA Pro – Additional Policies
Governance & Management Policies
-
Business Continuity Policy (BCP)
-
Change Management Policy
-
Disaster Recovery Policy (DRP)
-
ICT Governance Policy
-
ICT Risk Management Policy
-
Operational Resilience Policy
Cybersecurity & Technical Control Policies
- Backup & Restore Policy
- Cybersecurity Policy
- Endpoint Protection & Antivirus Policy
- Information Security Policy
- Logging & Monitoring Policy
- Multi-Factor Authentication (MFA) Policy
- Network Security Policy
- Patch & Vulnerability Management Policy
- Privileged Access Management Policy (PAM)
- Secure Configuration Policy
- System Hardening Policy
Vendor & System Management Policies
-
Cloud Services Usage Policy
-
ICT Asset & Inventory Management Policy
-
System Acquisition & Implementation Policy
-
Vendor Risk Management Policy (Full)
Data Protection & Handling Policies
-
Acceptable Use Policy (AUP)
-
Data Classification Policy
-
Data Encryption Policy
-
Data Handling & Storage Policy
Awareness, Training & Reporting Policies
-
Information Sharing & Threat Intelligence Policy
-
Reporting Suspicious Activity Policy (Cyber & Fraud)
-
Security Awareness & Training Policy
How Fit2Trade Makes DORA Easy
Step 1: Monthly & Quarterly Checklists
Small, guided tasks with clear instructions.
Step 2: Evidence Automatically Stored
PDFs, logs, screenshots and reports kept neatly.
Step 3: Show the Board & Auditor
One-click reports with everything in the right format.
See how it would look for your credit union
We’ll walk you through a real checklist, show you the reporting dashboard, and help map Dora Core or Pro to your current IT set-up.