DORApp Blog

About Provable Resilience by DORApp

Provable Resilience by DORApp is a practitioner blog for financial institutions navigating DORA in the real world.

We created this blog because too much DORA content stops at interpretation. Financial institutions need more than summaries of the regulation. They need practical ways to structure ownership, improve data quality, coordinate third-party oversight, manage incident workflows, maintain evidence, and stay ready for regulatory scrutiny all year round. That is the gap this blog is built to fill.

The blog is closely connected to the product thinking behind DORApp. DORApp was designed as a cloud-based, modular platform that helps financial institutions move from checkbox compliance to provable operational resilience. It combines the Register of Information, ICT third-party risk workflows, incident management, audit trail, and automation into one structured operating model. The same philosophy shapes this publication: practical, evidence-oriented, and focused on execution.

Who this blog is for

  • Compliance managers and officers
  • ICT risk managers
  • Operational resilience leads
  • CISOs, CIOs, and IT governance leaders
  • Regulatory reporting teams
  • Procurement and third-party risk teams
  • Internal and external auditors
  • Consultants supporting financial institutions

These audiences match the ones DORApp itself already addresses in its webinar and product positioning.

What we believe

DORA works best when it becomes part of daily operations, not a once-a-year scramble.
That means:

  • fewer spreadsheets,
  • clearer accountability,
  • stronger evidence,
  • better workflows,
  • and automation wherever it reduces friction without weakening control.

That philosophy mirrors the DORApp product and Holisentra positioning around standardizing controls, automating evidence and reporting, and connecting cyber, operational, and third-party risk.

What you can expect from us

We aim to publish content that is:

  • practical rather than academic,
  • useful for both lean and mature teams,
  • grounded in implementation realities,
  • and written for decision-makers as well as delivery teams.

You should expect articles, guides, commentary, checklists, and implementation notes that help you make better decisions faster.

Meet the authors

Matevž Rostaher

Matevž Rostaher is Co-Founder and Product Owner of DORApp. He brings deep experience in building secure and compliant ICT solutions for the financial sector and is positioned by DORApp as an expert trusted by financial institutions on complex regulatory and operational challenges. DORApp’s own webinar materials list him as CEO and Co-Founder of Skupina Novum d.o.o. and CEO and Co-Founder of FJA OdaTeam d.o.o. His articles should carry the voice of someone who understands not just compliance requirements, but the systems and delivery realities behind them.

Uroš Orešič

Uroš Orešič is Co-Founder of DORApp and a specialist in building impactful digital innovations. Public DORApp materials and LinkedIn search results position him as a co-founder focused on turning DORA requirements into practical, scalable digital solutions for financial institutions. His perspective fits especially well for articles about simplification, automation, operating models, and how to stay lean while improving resilience.

Together, Matevž and Uroš write from the intersection of regulation, software, and operational execution. Their perspective is shaped by real implementation work, product building, and direct exposure to the friction financial institutions face when DORA has to work across compliance, risk, IT, procurement, governance, and leadership. That is why this blog is not about theory alone. It is about making DORA executable.