<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=691116991096043&amp;ev=PageView&amp;noscript=1">
Skip to content
  • There are no suggestions because the search field is empty.

🛠 Create Your Own - DORA Risk Assessment Workflow

Learn how to use the DORA-focused risk assessment tailored for financial services IT vendors.

   Take Control

  Safeguard Compliance

  Estimated Read Time: 5 minutes

   Estimated Configuration Time: 20 Minutes

➕ Requires the Vendor Portal

⚠️ Requires 50 Custom Fields

Sections in this article:

Introduction

The DORA Risk Assessment best practice workflow uses a scored form to provide a seamless assessment of your vendor. Once this assessment has been sent to the vendor, they will receive an email asking them to complete and submit the form via the Vendor Portal. 

DORA Risk Assessment Questionnaire (Smart Form)

The questionnaire has a total of 50 questions that requires either a response from a dropdown list (Yes, No, N/A) or file attachment. The questionnaire is a pre-built Smart Form with all the questions pre-scored and weighted for ease, depending on the response.

Note: While the default scoring provides a structured approach, it's recommended to adapt these weightings based on your organisation's requirements. This ensures that the assessment aligns with internal guidelines and priorities, making it a more effective tool for risk evaluation.

Mandatory Configuration

The steps in this section outline the essential setup required to make your workflow fully functional.

The ⬇️ Additional Configuration ⬇️ section covers optional additions to expand the scope of your process or tailor the workflow to better align with your organisation’s unique policies, procedures, and Gatekeeper subscription features.

Add the Template

To get started, you'll need to add the template workflow:

  1. From the navigation menu, click Workflows.
  2. Click Add, then select Workflow Template.
  3. Click Create on the DORA Risk Assessment template.
  4. Amend the title if needed, then click Create.

Configure the DORA Risk Assessment Status Field

Creating a custom status field is required to determine which vendors are triggered onto the workflow:

  1. From the navigation menu, expand the Settings option, then click Configuration.
  2. Click Custom Data.
  3. Click an existing Vendor Custom Data Group or add a new one to store this field in. If you're planning to run more contract and vendor management processes in parallel, consider adding a custom data group to store all related statuses.
  4. Within the custom group, click➕ Add New Custom Field.
  5. Enter a label for the field, e.g. DORA Assessment Status, and select Dropdown list as the type.
  6. Add the following dropdown options then click Save.
    1. DORA Assessment Required ⚠️
    2. DORA Assessment Complete ✅
    3. N/A

    Configure the Trigger

    After creating the custom field, you need to configure the trigger using this as a condition:

    1. From the navigation menu, click Workflows.
    2. Expand the 3 dots on the relevant workflow, then select Workflow Triggers.
    3. Click the New DORA Assessment Required trigger to edit it.
    4. Click ➕ ADD to assign the field you created as the trigger condition, as below:
      1. DORA Assessment Status  ➡️  is one of  ➡️  DORA Assessment Required ⚠️
    5. Click Create, then set the trigger status to Live.

    Add the DORA Assessment Status to the Workflow

    You'll need to add the new status field to the workflow form, so that it can be updated automatically once a vendor completes the process.

    1. Click the start phase of the workflow to edit it.
    2. Navigate to Form, then click ADD SECTION and enter a section name.
    3. Select the following from the dropdown lists:
      1. Predefined: Vendor
      2. Custom Data Group: The custom group that contains the DORA status field
    4. Click Save.

    You should then hide this field on the workflow form, so that users cannot update it manually. To do this: 

    1. Click the cog icon to access the workflow configuration.
      dora cog icon
    2. Locate the form section that contains the DORA Assessment Status field.
    3. Select Hidden from the dropdown list on the start phase, then click the copy icon.
      copy dora phase settings
    4. Select the checkboxes for all other phases in the workflow. This will apply the settings for this section from the start phase to all other phases.
    5. Click Copy to save the changes.

    Set the AutoAction Values

    After adding the field to the workflow form, you'll need to configure the AutoActions so that it can be updated automatically. 

    1. Click the Review Completed ☑️ phase to edit it.
    2. From Actions, click Edit AutoAction Values alongside AutoAction | Update Vendor.
    3. Set the DORA Assessment Status dropdown value to DORA Assessment Complete ✅ .
    4. Click Save.

     

    Additional Configuration

    This section covers optional steps to adjust the workflow’s scope or default settings, helping you tailor it to your organisation’s needs.

    Configure Recurring Reviews ♻️

    As part of this process, you may be required to perform a DORA Assessment on an annual or recurring basis. If you need this process to repeat, follow the below steps:

    Add a Custom Date Field

    First, you'll need to add a custom date field that will be used to automatically pull vendors onto the workflow at the right time.

    1. From the navigation menu, expand the Settings option, then click Configuration.
    2. Click Custom Data.
    3. Click an existing Vendor Custom Data Group or add a new one to store this field in.
    4. Within the custom group, click➕ Add New Custom Field.
    5. Enter a label the field, e.g. DORA Yearly Review, and select Date as the type.
    6. Click Save.

    Add the Date Field to the Form

    You'll need to add the custom field to the workflow form, so that it can be populated automatically as part of the workflow. This is only required if you have not already added this section to the form. If you have, this field will be added automatically. 

    1. Click the start phase of the DORA Assessment workflow to edit it.
    2. Navigate to Form, then click ADD SECTION and enter a section name.
    3. Select the following from the dropdown lists:
      1. Predefined: Vendor
      2. Custom Data Group: The custom group that contains the DORA Review field.
    4. Click Save.

    Set the Date via AutoActions

    Once you have added the DORA Review Date field to the workflow, you'll need to configure the AutoAction settings so that the field is populated on the vendor's record when the workflow is complete:

    1. Click the Review Completed ☑️ phase to edit it.
    2. From Actions, click Edit AutoAction Values alongside ⚙️ AutoAction | Update Vendor.
    3. From the DORA Review field, select the relevant period of time e.g. 12 Months after Today.
    4. Click Save.

    Create a Trigger

    Finally, you'll need to create a trigger to pull vendors onto the workflow automatically when their DORA review date is approaching.

    1. From the navigation menu, click Workflows.
    2. Expand the 3 dots on the relevant workflow, then select Workflow Triggers.
    3. Click the DORA Risk Assessment - Refresh Required trigger to edit it.
    4. Under Conditions, click ➕Add then locate the newly created custom date field.
    5. Configure the condition, for example Next DORA Review occurs in 7 Days, then click Create.
    6. Click the pencil icon to set the Trigger Status to Live.

    Additional Setup Outside the Workflow

    If you’ve followed all of the steps above, your workflow is ready to launch. However, to help the process run as smoothly and reliably as possible, there are a few additional areas of your Gatekeeper tenant worth reviewing.

    Add the Custom Status Field to Other Workflows

    When running the DORA Assessment workflow alongside other vendor assessment processes, such as onboarding, it's recommended to set it to trigger automatically when a new vendor is added. This allows multiple onboarding actions to run in parallel, helping you onboard vendors faster. To learn about configuring this, see Parallel Workflows.

    Add Vendor Users

    Before vendors can complete the DORA Assessment questionnaire on the Vendor Portal, ensure that the relevant contacts have been added as vendor users:

    1. From the navigation menu, click Vendors.
    2. Click on the relevant vendor record to open it.
    3. Click the Vendor Users tab to view existing contact details.
    4. Click Add, then select Vendor User to add a new contact.