Skip links

Digital Operational Resilience (DORA) — Training

 

What is Digital Operational Resilience?

Digital operational resilience refers to the ability of a financial entity to develop, guarantee and reassess its operational integrity from a technological point of view by directly or indirectly providing, through the use of the services of third-party IT service providers, all the IT-related capabilities necessary to ensure the security of the networks and information systems it uses, and which underpin the continued provision and quality of financial services.1

While the financial sector relies heavily on digital technologies, new cyber threats continue to emerge. In response, the European Union has developed the Digital Operational Resilience Act (DORA) to improve the operational resilience of the financial sector.

What is DORA?

DORA is the regulation that requires financial sector entities to ensure that they can resist, respond and recover from all types of ICT incidents, risks and threats. It was adopted by the European Parliament and the Council of the European Union on 14 December 2022, Regulation (EU) 2022/2554, and aims at harmonising and rationalising ICT risk management regulations to ensure their consistency throughout the EU. DORA requires financial entities to adhere to the principle of proportionality, which takes account of transaction size, risk profile and complexity.

DORA defines the basic requirements of financial entities in five main areas:

  1. ICT risk management Financial entities must establish and maintain an effective ICT risk management framework to effectively identify, classify and reduce ICT risks.
  2. Incident management: Financial entities must establish effective incident management and a harmonized framework for reporting ICT incidents to regulatory bodies, facilitating a better understanding of emerging threats and enabling coordinated responses.
  3. Digital Operational Resilience Tests: Financial entities must conduct regular tests to assess their ability to cope with ICT disruptions. This includes vulnerability assessments and penetration tests, with requirements that take into account the size and risk profile of the entity.
  4. Risk management of third party providers Recognizing the increasing use of third-party service providers, including cloud services, DORA sets rules for managing ICT risks in the supply chain, ensuring that financial entities monitor the resilience of their third-party service providers.
  5. Sharing information and information DORA encourages financial entities to share cyber-threats and other relevant information in order to improve collective understanding and advocacy against ICT threats.

Why is DORA important?

Effective January 17, 2025, financial entities will be required to ensure that they comply with DORA requirements. Non-compliance with DORA can result in significant penalties, reflecting the seriousness with which the EU perceives digital operational resilience. Although specific penalties may vary depending on the nature and severity of the non-compliance, they are designed to be dissuasive and proportionate.

Organizations need to adapt and update their digital operational resilience strategies to keep pace with changing technologies and threats. The ongoing process involves collaboration at all levels of the organisation, from management to the operational team, not to mention external partners and regulators.

How can I start?

The PECB Certified DORA Lead Manager training will help you gain knowledge and improve your skills in establishing, implementing and managing an ICT risk management framework in accordance with DORA requirements. PECB experts are looking forward to guiding you and helping you in the certification process to provide you with a rewarding experience.

DORA Lead Manager

 

The PECB Certified DORA Lead Manager training equips you with the necessary knowledge to drive and oversee the implementation of digital operational resilience strategies within financial entities to help them comply with the EU Operational Resilience Act (DORA).

Why should you participate?

Given that DORA will enter into force on January 17, 2025, the time is crucial to fully grasp its implications and requirements. Participate in the PECB Certified DORA Lead Manager training provides a unique opportunity to interact with industry experts and peers, fostering enriching discussions and sharing valuable ideas on best practices for digital business resilience. Through interactive sessions and practical exercises, you will get concrete perspectives on implementing effective strategies to mitigate ICT risks and improve the operational resilience of financial institutions.

In addition, participation in this training demonstrates your commitment to professional development and positions you as a competent leader in the changing landscape of digital operational resilience. After training and passing the exam, you can apply for the certificate « PECB Certified DORA Lead Manager ».

Who is the training for?

This training is intended for:

  • Executives and decision-makers of financial institutions
  • Compliance Officers and Risk Managers
  • IT professionals
  • Legal and regulatory staff
  • Financial Regulation and Cyber Security Consultants and Advisors

Learning objectives

At the end of this training, you will be able to:

  1. Understanding the regulatory landscape and compliance requirements of the DORA Regulation, based on five fundamental pillars, including ICT risk management, ICT incident management and reporting, digital operational resilience testing and risk management for third-party providers.
  2. Implement strategies and measures to improve business resilience and mitigate ICT risks in financial institutions, in line with DORA requirements and industry best practices
  3. Identify, analyse, assess and manage ICT risks affecting financial entities
  4. Develop and maintain robust ICT risk management frameworks, incident response plans, business continuity and disaster recovery plans
  5. Promote collaboration and communication with key stakeholders to ensure successful implementation and continued compliance with DORA
  6. Use industry tools and methodologies to monitor, assess and manage ICT risks and vulnerabilities, improving the overall security posture of financial institutions

Educational approach

  • The training includes interactive elements such as essay-type exercises and multiple-choice questions, some of which are scenario-based.
  • Participants are strongly encouraged to communicate and engage in discussions.
  • Multiple choice questions are designed to closely resemble the certification examination format.

Prerequisite

The main requirement to participate in this training is to have a fundamental understanding of the concepts of information security and cybersecurity and to become familiar with the principles of ICT risk management.

 

This website uses cookies to improve your web experience.
EnglishenEnglishEnglish
FrenchfrFrenchFrançaisEnglishenEnglishEnglish
0