Everstake Home
Products Solutions Security Resources Developers Company
Everstake DORA

Company News

Everstake Completes Independent DORA Controls Assessment

Everstake completed an independent assessment of its ICT controls against selected EU DORA requirements, reviewed by Prescient Security under ISO 19011. The report, available through the Everstake Trust Center, gives EU institutional clients documented evidence for their own third-party due diligence.

JUN 22, 2026

Last updated JUN 22, 2026 · V1

TL;DR

  • Everstake completed an independent assessment of its ICT controls against selected requirements and control expectations under the EU Digital Operational Resilience Act (DORA).
  • The review was conducted by Prescient Security under ISO 19011 audit standards, with controls evaluated as of June 5, 2026.
  • The full report is published on the Everstake Trust Center at security.everstake.one.

What Is DORA?

DORA is the EU Digital Operational Resilience Act, a regulation that sets requirements for how financial entities manage information and communication technology (ICT) risk. It covers ICT risk governance, incident reporting, operational resilience testing, and oversight of third-party technology providers.

DORA applies to financial entities operating in the EU and, by extension, establishes oversight requirements for certain third-party service providers that support them. The framework took effect across the EU in January 2025.

Unlike SOC 2 Type II or ISO/IEC 27001:2022, DORA has no formal certification scheme. Alignment with relevant DORA control expectations can be demonstrated through assessment and attestation, rather than a pass/fail certificate, which is why at Everstake we describe this work as a completed controls assessment.

Why DORA Matters for Institutional Staking Providers

DORA raises the operational resilience bar for any technology provider supporting EU financial entities. Institutional clients subject to DORA must account for the ICT risk introduced by their service providers, including staking infrastructure providers.

A documented DORA controls assessment gives those clients direct evidence for their own third-party risk reviews. Without it, the assessment burden falls entirely onto the client during diligence.

For a staking provider, the relevant controls span ICT risk management, incident handling, resilience testing, and the security of the validator and signing infrastructure. An independent review against these areas demonstrates that the infrastructure is governed to standards comparable to those used in traditional finance.

“We engineer our infrastructure to stay operational under stress, and an independent DORA controls assessment lets us validate that resilience against the same standards EU financial institutions are held to,” 

said Denys Avierin, CIO at Everstake. 

“Our EU institutional clients are directly accountable for the ICT risk their providers introduce. This assessment gives them documented, independently reviewed evidence to rely on in their own third-party due diligence.”

What the Assessment Covered for Everstake

At Everstake, we have engaged Prescient Security to assess ICT controls across our staking infrastructure against relevant DORA requirements. The review was performed under ISO 19011, the international standard for auditing management systems, with controls evaluated as of June 5, 2026.

Prescient Security is the same independent assurance firm that conducted Everstake’s SOC 2 Type II, ISO/IEC 27001:2022, and NIST CSF 2.0 assessments. 

The resulting DORA report is available in full through the Everstake Trust Center for client diligence.

Part of a Broader Compliance Program

The DORA controls assessment complements Everstake’s existing attestations and certifications, which already cover security, privacy, and cybersecurity governance. 

The current set includes:

  • SOC 2 Type II: independent verification of internal control effectiveness over time.
  • ISO/IEC 27001:2022: certified information security management system.
  • NIST CSF 2.0: cybersecurity maturity assessed at a score of 4.16, in the “Optimized” tier.
  • GDPR and CCPA: data protection and privacy compliance across the EU and California.

Everstake treats compliance and operational excellence as parallel workstreams. The infrastructure is engineered for uptime and resilience, and that engineering is then evidenced through independent assessment against recognized frameworks.

Details on every framework are available at the Everstake Trust Center.

Request the Full Report

Custodians, exchanges, and asset managers subject to DORA can access the complete controls assessment through the Everstake Trust Center  for use in third-party risk reviews. 

To discuss how Everstake supports institutional diligence requirements:

Contact Institutional Staking Team

Share with your network

Sign Up for
Our Newsletter

By submitting this form, you are acknowledging that you have read and agree to our Privacy Notice, which details how we collect and use your information.