Against that backdrop, Dora is not radical. Most of its requirements reflect established good practice: clearly defined risks, named ownership, detailed mapping of systems and dependencies, and ...