Loading...
Every ICT third party (Articles 28–30) has to be assessed — and re-assessed — continuously. By hand, that doesn't scale.
An analyst reads a 50-page contract against a checklist — for every single vendor.
Weeks per assessment, inconsistent between analysts, and expensive when you outsource it.
New vendors, renewals, annual reviews — the work never stops.
DORA has applied since January 2025, and the financial entity stays accountable for every provider.
Upload vendor ICT documentation and get a structured DORA compliance gap report in minutes.
Auto-generate security questionnaires, invite vendors to respond, and get LLM-scored compliance results instantly.
Ask compliance questions in natural language. The agentic copilot searches your docs and DORA articles.
Automated 24-hour alerts for certification expiry (90/30/7 days), contract renewal, and overdue assessments.
One-click EBA-compliant DORA Article 28(3) XLSX export — RT.01.01 to RT.04.01 sheets generated automatically.
A real-time DORA compliance score per workspace, with a 30-day trend and Red/Amber/Green status — board-ready at a glance.
Track vendor risk decisions, criticality tiers, and gap remediation across your whole third-party estate in one register.
Generate a downloadable Word (.docx) DORA gap-analysis report per vendor — formatted for review and submission.
Workspace isolation, MFA, PII detection, audit logging, and encrypted secrets — built for regulated industries.
Most tools make you fill in registers by hand, or give you an answer you can't defend.
Powerful but heavy, expensive, and months to deploy — and you still fill the registers and read the documents yourself.
Fast, but a throwaway answer: no citations, no audit trail, no sign-off, no view of your whole portfolio.
Reads the actual evidence — the contract, SOC 2, ISO — cites every finding, and lets your expert review-and-sign, across your entire vendor portfolio.
Upload vendor contracts, ICT policies, and audit reports — parsed, chunked, and embedded into a high-quality RAG pipeline automatically.
Zero infrastructure required
Fill in a form — Retrieva handles the rest.
Upload vendor contracts, ICT policies, and audit reports. Retrieva parses, chunks, and embeds them automatically.
AI analyses documents against each DORA article and classifies coverage as covered, partial, or missing.
Send tokenised due diligence questionnaires and get scored responses back without vendor logins.
Query your knowledge base in natural language and get cited answers grounded in your own documentation.
Generate regulator-ready outputs including the Register of Information and gap remediation artefacts.
Every finding is traceable back to the source text. Built to be audited, not to impress.
Your vendors' documents are sensitive. They're treated that way.
Each vendor's documents are walled off — enforced at both the database and the vector layers, so nothing leaks across workspaces.
Your documents are vectorised in-house — they are not sent to a third-party embedding API.
Field-level AES-256 encryption at rest, httpOnly session cookies, and per-IP rate limiting on credential surfaces.
Delete a vendor and its data goes with it — documents, vectors, assessments and files are purged.
20-day free trial on all plans. No credit card required to start.
Vendor documents are isolated per workspace, encrypted at rest, and embedded in-house (never sent to a third-party embedding API). Deleting a vendor erases its data.
No. Retrieva does the evidence-heavy part — reading documents and producing cited DORA gap reports — and complements your existing registry or GRC.
DORA ICT third-party risk: gap analysis against Articles 28–30, Article 30 contract review with clause sign-off, due diligence questionnaires, and a Register of Information export.
Yes. The interface is bilingual (FR/EN) and the assistant answers in the language of your question.
Upload a contract or a vendor's security documents and get a cited DORA gap report in minutes — not days.