ECZ-ID DORA Readiness

Organise ICT operational-resilience evidence for DORA-style review.

Free, local-first. No source upload. No sign-in to run a check.

• Surfaces operational-resilience policy and related evidence — locally, by filename and path.
• Builds a local, claim-free evidence summary you can review and share.
• Routes to Resolver lookup, implementation guidance and supported setup.

Who this is for

ICT suppliers and regulated teams preparing DORA-style operational-resilience review.

What you can do in under a minute

1. Open or scan the workspace — run ECZ-ID DORA Readiness: Review / Scan Workspace.
2. Review the evidence — observed and not-observed, in plain English.
3. Open implementation guidance or continue supported setup where relevant.

What it looks for

• Operational-resilience policy
• Incident-response evidence
• ICT third-party register
• Resilience-testing / continuity evidence

Example use cases

• Assembling operational-resilience and incident evidence.
• Checking the ICT third-party register and continuity tests are present.

What results mean

Results describe observed evidence and public-proof posture — never a safety, approval, certification or compliance verdict:

evidence observed · evidence not observed · review required · no public proof reference found yet · re-check before reliance · your local policy decides.

There is no “pass/fail”. Local policy decides what is sufficient, and you should re-check before reliance.

Recommended next steps

• Show evidence — observed and not-observed, no verdict.
• Build evidence summary — a local, claim-free document you can review and save explicitly.
• Open implementation guidance — Developer Gateway.
• Open Resolver — read-only public proof lookup.
• Request Resolver Proof — for a third-party target (claim-free request).
• Begin supported setup — hand off to TrustOps (metadata only).
• Re-check later — re-run before you rely on a result.

Privacy & permissions

See the bundled PRIVACY.md for the full notice.

Frequently asked questions

Is this extension free?

Yes. Every local check is free — you never need to sign in or pay to run one.

Does it upload my source code?

No. Detection is filename/path only; no source, prompts, secrets or tool payloads ever leave your device, and there is no telemetry.

Does a missing item mean something is wrong?

No. “Evidence not observed” is neutral — your local policy decides what is sufficient.

What does it do when the public interface service is unavailable?

It keeps working from a bundled, verified fallback contract. A refresh is optional and user-initiated.

What it does not do

• No source / prompt / secret upload, and no telemetry.
• Writes no canonical truth, decides no BOUND state, creates no entitlement.
• Makes no safety, approval, certification or compliance claim.
• Runs no checkout or payment — commercial actions happen only in TrustOps.

Install & first use

1. Install ECZ-ID DORA Readiness from the Visual Studio Marketplace (publisher EcoCitizenz).
2. Open a project and trust the workspace.
3. Run ECZ-ID DORA Readiness: Review / Scan Workspace and review the evidence.

Links & support

• Resolver (read-only proof): https://resolver.ecocitizenz.org
• TrustOps (supported setup): https://trustops.ecocitizenz.com/start
• Developer Gateway (docs & support): https://developers.ecocitizenz.com
• Privacy: see the bundled PRIVACY.md file

ECZ-ID is an independent project and is not affiliated with or sponsored by Microsoft, GitHub, VS Code, OpenAI, Anthropic, Google, or AWS. ECZ-ID helps make identity, authority, and resolver posture easier to review. Local policy decides whether this is sufficient.