ServiceNow & DORA Compliance Benchmark Survey – Einar & Partners Research Unit

Hello and thank you for participating in our DORA Compliance Benchmark Survey

Please read the questions carefully. In case of any unclarity, don't hesitate to reach out!

We are more than happy to help you.

1. What best describes your role within your organization?

Organizational Progress & Governance

This section explores your organization’s overall progress and governance approach in aligning with DORA and other regulatory compliance requirements.

1.1 How far has your organization progressed in identifying and formally registering Critical or Important Functions (CIFs)?

Not started
In planning phase
In progress, partially complete
Fully identified and registered

1.2 If applicable, are the Critical Functions within your organisation registered in ServiceNow?

Yes
No
In progress, partially complete
Not applicable

1.3 Who is primarily responsible for identifying Critical or Important Functions (CIFs)?

1.4 Have you defined a formal classification framework for Critical or Important Functions (CIFs) (e.g., critical, high, medium, low)?

Yes, standardized and applied in ServiceNow
Yes, but only in manual documents
Not yet

1.5 Have you mapped third-party dependencies for your Critical or Important Functions (CIFs) in ServiceNow?

Yes, fully mapped
Yes, partially mapped
Not yet
Not applicable

ServiceNow Capabilities & Adoption

This section assesses how your organization utilizes ServiceNow for compliance and operational resilience. It focuses on the level of adoption, key capabilities in use, and how effectively ServiceNow supports your DORA and IT governance objectives

2.1 Which ServiceNow modules do you currently use for DORA compliance? (Select all that apply)

2.2 How would you rate the data quality of your CMDB, specifically in relation to the mapping of Critical or Important Functions (CIFs)?

Very poor – largely incomplete or inaccurate
Poor – partial coverage
Moderate – usable but with gaps
Good – mostly accurate and complete
Excellent – fully reliable

2.3 Do you use ServiceNow Discovery or Service Mapping to map (3rd party) dependencies of your Critical or Important functions (CIFs)?

Yes, extensively
Yes, partially
No, but planning to
No

2.4 How integrated are your BCM practices within ServiceNow, is there a link to the criticality of the Critical or Important Functions (CIFs)?

Fully integrated
Partially integrated
Limited integration
Not integrated

2.5 Do you use CMDB health dashboards or metrics to monitor data quality?

Yes regularly
Yes, occasionally
No

Registry of Information & Incident Reporting

This section examines how your organization maintains its registry of critical information and manages incident reporting. It focuses on processes, tools, and practices that support accurate tracking, timely reporting, and regulatory compliance.

3.1 Has your organization established a DORA Registry of Information for critical ICT services and dependencies?

Yes, fully implemented and maintained
In progress
Planned but not started
No

3.2 Is ServiceNow used to populate or maintain the DORA Registry of Information?

Yes, fully automated
Yes, partially automated
No, manual process
Not applicable

3.3 Have you automated reporting from ServiceNow to support regulatory submissions (e.g., Registry of Information, incident reports)?

Yes, fully automated
Yes, partially automated
No, manual process
Not applicable

3.4 Does your organization have a defined workflow for reporting ICT-related incidents to regulators in line with DORA requirements?

Yes, fully defined and tested
Defined but not yet tested
In development
No

3.5 Are major incidents tracked in ServiceNow with links to CIFs and regulatory reporting obligations?

Yes, consistently
Sometimes
No

Risk, Compliance & Roles

This section explores how your organization manages risk and compliance under DORA. It focuses on defined roles, responsibilities, and accountability structures that ensure adherence to regulatory requirements and effective risk management.

4.1 Does your organization have Service Owners responsible for mapping services in the CMDB?

4.2 Are critical process owners formally accountable for keeping ServiceNow data up to date?

Yes, fully accountable
Partially accountable
No

4.3 How often do you perform internal reviews to ensure DORA compliance in ServiceNow?

Quarterly
Biannually
Anually
Never

Challenges & Pain Points

This section examines the key challenges and pain points your organization faces in implementing DORA-related processes. It focuses on obstacles, bottlenecks, and areas where improvements are needed to strengthen compliance and operational resilience.

5.1 What are the top 3 challenges your organization faces in achieving DORA compliance with ServiceNow?

5.2 How frequently do you experience misalignment between business and IT on critical process identification?

Very often
Sometimes
Rarely
Never

5.3 How significant is the skills gap in using ServiceNow for DORA compliance?

Very significant
Moderate
Small
None

5.4 Are there integration gaps between ServiceNow modules (ITOM, CMDB, BCM, Contract Management) affecting DORA compliance?

Yes, major gaps
Yes, minor gaps
No

Best Practices & Future Outlook

This section looks at what your organization does well in DORA compliance and how you plan for the future.

6.1 What best practices have been most successful in your organization for DORA compliance in ServiceNow?

6.2 What additional support or capabilities in ServiceNow would accelerate DORA compliance?

6.3 How valuable would benchmarking with other financial organizations be for improving your DORA compliance?

Very valuable
Somewhat valuable
Not very valuable
Not valuable at all

Thank You for Your Participation

We sincerely thank you for taking the time to complete this survey. Your insights and experiences are invaluable in helping us better understand the current state of DORA Compliance and its future direction. We deeply appreciate your contribution.

Get the results and insights of this survey

line ServiceNow? organization

Legal Confirmation

I agree to share the information with Einar & Partners Research Unit.
I don't agree to share the information with Einar & Partners Research Unit.

ServiceNow & DORA Compliance Survey