DORA Training

DORA Training

The Digital Operational Resilience Act (DORA) sets a new regulatory standard for ICT risk management, incident reporting, business continuity and ICT third-party oversight in the European financial sector. To support organisations in meeting these far-reaching requirements, we offer two dedicated training programmes—tailored to the specific role you play under DORA.

Our DORA Training formats are designed to translate regulatory text, RTS/ITS, and ESA guidance into clear, actionable and audit-ready implementation steps. Whether you are a financial entity preparing for supervisory scrutiny, or an ICT service provider becoming subject to DORA obligations for the first time, our trainings provide the practical knowledge you need.

DORA Training for Financial Entities

Financial institutions face the most comprehensive obligations under DORA. This training is designed for banks, investment firms, payment/e-money institutions, insurers, asset managers and all other financial entities within the scope of Regulation (EU) 2022/2554.

Training Focus Areas

  • Governance & Organisation
    Management body responsibilities, roles, oversight functions, the required ICT risk control framework.
  • ICT Risk Management Framework (RMF)
    Risk identification, protection, detection, response, recovery, learning and evolving.
  • Incident Management & Reporting
    Incident classification, reporting timelines, RTS/ITS templates, communication procedures.
  • ICT Third-Party Risk Management
    Outsourcing registers, critical dependencies, subcontracting, monitoring and exit strategies.
  • Business Continuity & Disaster Recovery
    ICT BCM requirements, scenario testing, recovery objectives and documentation.
  • Operational Information Security
    Security controls, vulnerability management, monitoring, logging and threat intelligence.
  • Identity & Access Management
    Access controls, privileged access, segregation of duties.
  • Minimum Contractual Clauses
    Mandatory DORA contract requirements for all ICT third-party arrangements.

Who Should Attend

  • Compliance & Risk Officers
  • CIOs, CISOs, ICT Managers
  • Internal Audit
  • Legal & Procurement Teams
  • Project Leads for DORA Implementation

The training equips your organisation with complete clarity on all DORA Articles, RTS/ITS obligations and NCA expectations—ensuring you are ready for supervisory review.

DORA Training for ICT Third-Party Service Providers

ICT service providers now face direct regulatory expectations under DORA, especially those considered critical third-party providers (CTPPs) or providing essential ICT functions to financial institutions. This training is designed to help ICT vendors understand what they must practically do to remain compliant.

Training Focus Areas

  • Understanding Your Role Under DORA
    Obligations for standard ICT providers vs. critical third-party providers.
  • Minimum Contractual Clauses
    What must be included in every contract you sign with financial entities.
  • Security, Governance & Control Expectations
    Requirements for ICT security, incident management, monitoring and reporting.
  • Information Requests & Supervisory Oversight
    How ESAs and Lead Overseers may interact with ICT providers.
  • Subcontracting Rules
    Mandatory transparency and approval processes for ICT sub-outsourcing.
  • Audit Rights & Reporting
    How to structure evidence, documentation and annual reporting for clients.
  • Service Reliability & Business Continuity
    Testing, performance, SLAs and resilience expectations.
  • How to Prepare for DORA-Compliant Clients
    Aligning your service portfolio with the expectations of regulated financial entities.

Who Should Attend

  • ICT Providers, Cloud Service Providers, Software Vendors
  • CTOs, CISOs, Product Owners
  • Compliance & Security Leads
  • Outsourcing, Customer Success & Contract Teams

This training enables ICT providers to understand their obligations, avoid contractual and operational risks, and position themselves as trusted DORA-compliant partners in the financial sector.

Why Our DORA Training?

  • Based on Regulation (EU) 2022/2554, RTS/ITS, ESAs guidance and NCA supervisory statements
  • Delivered by experienced information security and financial-sector compliance professionals
  • Includes implementation examples, contract templates, checklists and audit-ready documentation
  • Practical, concise and aligned with real-world supervisory expectations

For questions or to schedule a training session, please contact us at any time.