Best Practice Templates
      Back to home
      1. Knowledgebase
      2. Workflows
      3. Best Practice Templates

      🛠 Create Your Own - DORA Risk Assessment Workflow

      Learn how to use the DORA-focused risk assessment tailored for financial services IT vendors

         Take Control

        Safeguard Compliance

        Estimated Read Time: 5 minutes

         Estimated Configuration Time: 20 Minutes

      ➕ Requires the Vendor Portal

      ⚠️ Requires 50 Custom Fields

       

      Sections in this article:

      Getting Started

      Adding the Template

      1. Head to the Workflows page
      2. Hit Add > Workflow Template
      3. Select the DORA Risk Assessment  Template
      4. If necessary, amend the new workflow's Title
      5. Hit ✅ Create

       

      Mandatory Configuration

      Configuring the "DORA Risk Assessment Status" Field

      Creating a 'DORA Risk Assessment Status' field is mandatory as it allows us to create a field that can then flag Vendors for the DORA Assessment workflow.

      1. Head to Settings > Configuration > Custom Data
      2. Select an existing Vendor Custom Data Group or add a new one to host the status field 
      3. In the Vendor Custom Group, hit ➕ Add New Custom Field
      4. Label your field DORA Assessment Status and select the type of Dropdown list
      5. Select Add Many and then add the below dropdown options and hit ✅ Save

      DORA Assessment Required ⚠️

      DORA Assessment Complete ✅

      N/A

      Configuring the Trigger

      1. Go to the Workflows page
      2. Click the three dots to edit the workflow then select Workflow Triggers
      3. Select the New DORA Risk Assessment Required trigger
      4. Use the + ADD to assign the field you created as the trigger condition, as below:

      DORA Assessment Status  ➡️  is one of  ➡️  DORA Assessment Required ⚠️

         5. Click ✅ Create

         6. Set the trigger status to Live

      Add the DORA Assessment Status to the Workflow and set it as Hidden

      1. Open the AutoStart phase, then select Form
      2. Scroll to the bottom of the form, then select Add Section
      3. Give the section a name. Under Predefined, select Vendor, then select the Custom Data Group that you chose to host the DORA Assessment Status question
      4. Select ✅ Save
      5. You should also Hide this field throughout the Workflow. If so, head to the form of each phase you wish to hide the field, then scroll to the bottom and select Hidden

      AutoAction Setting the Status when done

      1. Head to the Review Completed ☑️ phase & hit Edit this Phase
      2. Navigate to the Actions tab
      3. Alongside ⚙️ AutoAction | Update Vendor, hit Edit AutoAction Values
      4. Set the DORA Assessment Status dropdown value to DORA Assessment Complete ✅
      5. Hit ✅ Save 

      Email Template

      Once this assessment has been sent to the vendor, they will receive an email asking them to complete and submit the form via the Vendor Portal.

      DORA Risk Assessment Questionnaire (Smart Form)

      The questionnaire has a total of 50 questions that requires either a response from a dropdown list (Yes, No, N/A) or file attachment. The questionnaire is a pre-built smart form with all the questions and pre-scored/weighed for ease depending on the response.

      While the default scoring provides a structured approach, Third Party Risk Managers should adapt these weightings based on their organization's specific risk profile and appetite. This ensures that the assessment aligns with internal guidelines and priorities, making it a more effective tool for risk evaluation.

       

      Additional Configuration

      Perform your DORA Risk Assessment Review Annually via a "Refresh" ♻️

      As part of this process, you may be required to perform a DORA risk check on an annual/recurring basis. If you need this process to repeat, follow the below steps:

      Adding a Date field to the data model

      1. Head to  Settings > Configuration > Custom Data
      2. Open your Vendor Data custom data group
      3. Select + Add New Custom Field
      4. In the Label field, put DORA Yearly Review, and put Date in the Type field.
      5. Select ✅ Save.

      Adding the Date Field to the Form

      Only follow these steps if you have not already added this section. If you have, this field should have automatically been  added.

      1. Head to your DORA Risk Assessment workflow
      2. Select the AutoStart phase to edit it
      3. Open the Form tab of the AutoStart phase
      4. Scroll to the bottom of the form, then select + Add Section
      5. In the Predefined section, select Vendor and in the Custom Data Group section, select Vendor Data then select ✅ Save

      Setting the Date via AutoActions

      1. Head to the Review Completed ☑️ phase
      2. Select Actions from the right-hand navigation menu
      3. Under the AutoAction | Update Vendor section, select Edit AutoAction Values
      4. Scroll to the bottom of the page, and next to DORA Yearly Review select the period of time you would like to pass between reviews (e.g. 12 Months after Today)
      5. Hit  ✅ Save

      Creating a Trigger

      1. Head to the Workflows page
      2. Under the DORA Risk Assessment workflow, select the three dots, then select Workflow Triggers
      3. Select the DORA Risk Assessment - Refresh Required trigger
      4. Under Conditions, select + Add then locate the date field previously created
      5. Select your operators (e.g. Next DORA Review occurs in 7 Days)
      6. Select ✅ Create
      7. Set the Trigger Status to Live