Tools & Checklists
Essential Reading
Financial Services Cyber Risk Assessment Tool
FCA thematic reviews consistently find that more than 60% of smaller regulated firms have significant cybersecurity gaps — particularly in incident response, third-party risk, and MFA.
FCA Operational Resilience Checklist
PS21/3 full compliance deadline was March 2025. FCA supervisory reviews are actively assessing operational resilience — gaps in IBS identification, impact tolerances, and testing are the most common findings.
DORA Gap Analysis Template for UK Financial Firms
DORA in force January 2025. UK firms with EU operations or EU ICT providers are in scope. A structured gap analysis is the starting point for any credible compliance programme.
Third-Party ICT Risk Register Template for Financial Services (DORA and FCA SS2/21 Compliant)
DORA Article 28 requires a mandatory register of all ICT third-party service providers. FCA SS2/21 requires equivalent records for material outsourcing arrangements. Both require ongoing maintenance.