Full wholesale catalog · 9 deliverables · no sign-up
DORA wholesale delivery catalog —
fixed price, fixed SLA, your brand.
Every deliverable your clients need to satisfy DORA obligations — built by a specialist, delivered under your brand, behind the scenes. Select from the catalog below; commission per engagement, no minimum.
To save as PDF: use your browser’s print function (Ctrl+P / Cmd+P → Save as PDF).
Nine deliverables — pilot set and extended catalog
Start with any pilot deliverable. As your client DORA pipeline grows, the extended catalog covers gap diagnostics, policy packs, ongoing third-party risk reviews, roadmaps, quarterly maintenance, and operational resilience — all fixed price, same behind-the-scenes model.
| Deliverable | Wholesale price | SLA | Standard scope |
|---|---|---|---|
| Pilot deliverables — P1–P3 | |||
| P1 — Outsourcing Register Setup | €2,500 | 5 business days* | Art. 28 register structure · supplier categorization (critical / non-critical) · monitoring procedures · DORA-clause checklist for new vendor contracts |
| P2 — Incident Classification Framework | €2,000 | 5 business days* | Art. 19 incident taxonomy · classification decision tree · regulator notification workflow · reporting templates · internal escalation procedure |
| P3 — Board Reporting Package | €1,800 | 5 business days* | DORA quarterly board ICT risk report template · KPI matrix · governance evidence pack · management summary section |
| Extended catalog — E1–E6 | |||
| E1 — ICT Risk Gap Assessment | €3,500 | 5 business days* | DORA compliance gap register (Art. 6–16 · Art. 17–19 · Art. 28–30 · Art. 11/12) · per-obligation risk rating · prioritized remediation backlog · catalog delivery sequence map |
| E2 — DORA Policy Pack 3-policy bundle |
€4,500 | 7 business days* | ICT Risk Policy (Art. 5/6) · ICT Incident Management Policy (Art. 17) · Business Continuity Management Policy (Art. 11/12) — three DORA-compliant policies delivered as one bundle |
| E3 — ICT Third-Party Risk Review repeatable quarterly |
€2,500 / review | 5 business days* | Quarterly vendor register review · critical provider classification (Art. 28) · concentration risk analysis · Art. 30 contract compliance check for new contracts · quarterly TPM risk summary for board reporting |
| E4 — Quarterly Catalog Maintenance per-deliverable refresh |
€1,200 / refresh | 3 business days* | Regulatory-update refresh of one previously delivered catalog item (P1 / P2 / P3 / E2 eligible) · client-context updates · version-tracked changes |
| E5 — DORA Roadmap & Prioritization | €3,000 | 5 business days* | 3–12 month DORA compliance programme roadmap · phased milestones · deliverable dependency map · resource estimate framework · regulatory deadline mapping |
| E6 — ICT BCP/DRP Framework | €3,500 | 7 business days* | Business Continuity Plan template (Art. 11/12) · Disaster Recovery Plan template · operational resilience testing methodology overview (Art. 25 obligations) |
| On request | |||
| E7 — MiCA × DORA Alignment For CASP-focused advisory firms |
On request | On request | ICT-risk alignment map for MiCA-authorised CASPs — where one deliverable satisfies both DORA and MiCA requirements, and where gaps remain. Enquire at info@cyadviso.com |
* Business days from confirmed start — CyAdviso confirms delivery capacity before the clock runs. Standard scope includes up to 20% customization at no additional cost; beyond that, a transparent T&M trigger at a fixed hourly rate applies, with an escalation procedure documented per deliverable before work begins. No open-ended scope creep. Deliverables provided as editable DOCX/XLSX + final PDF; partner may re-brand per their house style.
Same terms across every catalog engagement
Non-compete & confidentiality
12-month non-compete post-engagement as standard; 24-month available on request. CyAdviso does not approach, solicit, or communicate with your clients without your explicit written authorization. CyAdviso’s name does not appear in any deliverable. Existing direct end-client engagements are disclosed at onboarding — no surprises.
SLA basis
All SLAs run from a confirmed start: CyAdviso confirms delivery capacity and receives your scope documentation, then the clock begins. This keeps the SLA meaningful — you can commit a precise timeline to your client once start is confirmed, not when the booking is made.
Customization & scope
Standard scope includes up to 20% customization at no additional cost. Beyond that, a T&M trigger applies — at a fixed hourly rate, with an escalation procedure documented and agreed before work begins. The 3–5 most common beyond-scope items are specified in the pre-engagement scope document for every deliverable.
Payment terms: net 14 from invoice date, per deliverable. Pricing in this catalog is wholesale — your margin is the spread between wholesale cost and your client rate.
Start with one deliverable — or book a call first
No minimum commitment. Commission per deliverable. Most partners start with one pilot (P1, P2, or P3) to test quality before scaling.
-
1
Select a deliverable
Pick the catalog item that fits your immediate client need. If you’re not sure where to start, E1 (ICT Risk Gap Assessment) maps your client’s full DORA position and identifies which deliverables to prioritize.
-
2
Book a 15-minute discovery call
Confirm the deliverable scope, provide your client context, and set a confirmed start. The SLA clock begins once CyAdviso confirms capacity and receives your scope documentation.
-
3
Receive the deliverable under your brand
DOCX/XLSX + PDF, formatted to your brand standards. CyAdviso is not mentioned. You review, deliver to your client, capture the margin.
Prefer a printed reference? Use your browser’s Print / Save as PDF (Ctrl+P / Cmd+P). Nav and CTAs are hidden in the print view — the catalog table and terms print cleanly on A4.