Offensive Security
We prepare financial institutions for TLPT tests under DORA
We deliver the full TLPT cycle under DORA - from Threat Intelligence through controlled red team attacks to documentation accepted by national and EU regulators. We serve both roles: TI Provider and Test Provider.
Last updated: April 2026
DORA & TLPT is a SEQRED service covering dora and tiber-eu compliant tlpt testing. threat intelligence, red teaming, regulator report.
Offensive Security
DORA requires designated financial institutions to conduct TLPT tests every 3 years, based on the updated TIBER-EU framework. The process involves three teams - TI Provider, Red Team and Control Team - and requires coordination with the supervisory authority from day one. Providers must demonstrate at least five references, and the test team must meet experience requirements (manager 5+ years, testers 2+ years). The ability to serve both roles - threat intelligence and red team - is rare in the market, and for the client it means operational consistency and simpler coordination.
Scope
Test plan development and scope agreement with the supervisory authority
Threat Intelligence - threat profiling specific to the institution and sector
Dual-role delivery - we serve as both TI Provider and Test Provider
Controlled attacks on core banking systems, payment platforms and digital channels
Supply chain resilience and ICT service provider integration testing
Purple Team report - joint session with the client's Blue Team
Final documentation compliant with TIBER-EU (February 2025 update) and DORA Articles 26-27
Process
Scoping
We agree the scope with the client and supervisory authority. We define escalation rules and no-go zones.
Threat Intelligence
Our TI team prepares a threat report: actors, TTPs, and attack vectors specific to the financial sector.
Red Team execution
A multi-week campaign covering phishing, exploitation, lateral movement, and attempts to access critical systems.
Purple Team
Joint workshops with the client's Blue Team - reviewing discovered attack paths and remediation recommendations.
Regulatory report
We deliver documentation ready for submission to the supervisory authority.
FAQ
How does TLPT differ from standard penetration testing? +
TLPT is a multi-week operation based on real threat intelligence and the TIBER-EU framework, whereas a standard pentest has a narrower scope and shorter duration.
Does DORA require TLPT tests from every financial institution? +
No - the obligation applies to entities designated by the supervisory authority as significant. We help assess whether your organisation falls under this requirement.
How long does a full TLPT cycle take? +
A typical project takes 3 to 6 months, including the Threat Intelligence phase, attack execution, and reporting.
Can the tests disrupt production systems? +
We apply strict escalation rules and no-go zones agreed before the engagement - business continuity is the priority.
Is the TLPT report accepted by regulators? +
Yes - we prepare the documentation in a format compliant with TIBER-EU requirements, accepted by European regulators.
How does SEQRED price its services? +
Pricing is based on an individual estimate of our consultants' time, considering the project scope and complexity. We present the offer broken down by phases - so you see exactly what you're paying for and can make decisions at each stage.
Can I speak with an expert before making a decision? +
Yes - an initial consultation is always welcome and free of charge. We help define the actual scope of your needs, which allows us to prepare a rational offer tailored to your organization.
What affects the cost of DORA-compliant TLPT testing? +
The estimate covers the scope of the Threat Intelligence phase, number of attack scenarios, and reporting requirements for the regulator. Each TLPT test is designed individually.
We'll discuss scope, methodology, and timeline.
Free consultation, no strings attached.