Reflectiz DORA

Reflectiz DORA is a compliance-oriented web monitoring solution designed to help financial services organizations meet the requirements of the Digital Operational Resilience Act (DORA). It operates through a fully remote, agentless scanning architecture that requires only a target URL — no code insertion, no production system access, and no impact on platform performance. The solution addresses four core DORA requirement areas: **ICT Risk Framework and Safeguards:** Identifies potential ICT risks in third-party scripts and dependencies to enable rapid detection and mitigation. **Third-Party Risk Management:** Maps all scripts and trackers present on financial websites and platforms, helping organizations ensure that only DORA-compliant providers handle critical or important functions, including fourth-party dependencies. **Proportionality and Minimum Necessary:** The Privacy Dashboard detects unauthorized or unnecessary third-party data collection and flags scripts that continue tracking users after consent has been withdrawn. **Resilience Testing and Audit Controls:** Audits and highlights discrepancies between cookie/tracker classifications and the organization's publicly disclosed Privacy Policy, while maintaining update logs and providing reporting capabilities. The scanning engine covers all parts of a website, including iFrames and third-party elements, providing visibility into ICT dependencies and data flows. The architecture is designed to minimize attack surface by operating externally with no access to sensitive financial data.