The Digital Operational Resilience Act (DORA) is fundamentally changing the approach to ICT risk management and cyber security. Whereas previously a combination of documents, spreadsheets and one-off audits could suffice, today a continuous, managed and demonstrable system is expected. It is in this context that Excel, as widespread and practical as