Governance

TLPT (Threat-Led Penetration Testing)

An advanced form of security testing mandated by DORA Articles 26-27 for significant financial entities. TLPT uses real-world threat intelligence to simulate adversary tactics and test an organization's detection, response, and recovery capabilities against realistic attack scenarios.

Threat-Led Penetration Testing (TLPT) represents the most rigorous form of resilience testing under DORA. Unlike traditional penetration testing that focuses on finding technical vulnerabilities, TLPT takes a holistic approach by simulating realistic attack scenarios based on current threat intelligence relevant to the specific financial entity.

DORA requires significant financial entities to conduct TLPT at least every three years. The tests must be performed by qualified external testers, cover critical or important functions, and be conducted on live production systems to ensure realistic results. The TLPT framework under DORA is closely aligned with the TIBER-EU framework.

The TLPT process involves three phases: a threat intelligence phase where realistic attack scenarios are developed based on the entity's threat landscape, a red team testing phase where qualified testers attempt to compromise critical functions using identified tactics, and a closure phase where results are analyzed, remediation plans are developed, and findings are reported to the competent authority.

Learn More

Discover how Matproof can help you achieve TLPT (Threat-Led Penetration Testing) compliance.

View framework page

TLPT compliance by city

FrankfurtMunichBerlinHamburgDüsseldorfStuttgartCologne

Related Terms

DORA (Digital Operational Resilience Act)

An EU regulation that establishes uniform requirements for the security of network and information systems in the financial sector. DORA became mandatory on January 17, 2025, and applies to banks, insurance companies, investment firms, and their critical ICT service providers.

Penetration Testing

A simulated cyberattack against a system, network, or application to evaluate its security. Penetration testing identifies vulnerabilities that could be exploited by real attackers and is required under DORA's digital operational resilience testing framework.

Operational Resilience

The ability of an organization to deliver critical operations through disruption. In the context of DORA, it specifically refers to digital operational resilience — the capacity of financial entities to build, assure, and review their technological operational integrity.

Automate compliance with Matproof

DORA, SOC 2, ISO 27001 — get audit-ready in weeks, not months.

Request a demo