ICT Security Awareness Trainings

ICT Security Awareness Trainings

Mandatory Training Under Article 13(6) DORA

Strengthen your organisation’s digital operational resilience with fully compliant ICT Security Awareness Training aligned with Article 13(6) DORA in conjunction with Article 5(2)(g) DORA.
Our programmes ensure all staff – from operational employees to senior management and ICT third-party providers – have the competence and behavioural security readiness required under the Digital Operational Resilience Act.

We offer four dedicated training tracks, each available as:

  • Open Seminar (premium hotel venue)
  • In-House Training (on your premises)
  • Live Webinar
  • SCORM-compliant E-Learning (LMS-ready)

Purpose of ICT Security Awareness Training

Under DORA, financial entities must ensure that human-factor risk is systematically reduced across the entire organisation. ICT security awareness is not optional: it is a mandatory component of the ICT risk management framework, directly supporting:

  • prevention and detection of ICT incidents (Articles 9 and 10)
  • response and recovery procedures (Article 11)
  • incident reporting (Article 17)
  • oversight duties of the management body (Article 5(2)(g))
  • resilience of critical and important functions
  • behavioural risk reduction against phishing, impersonation, social engineering and insider threats

Our training programmes are structured, role-specific, audit-ready and fully aligned with regulatory expectations.

Basic Security Awareness Training

For all employees across the organisation

Available as: Open Seminar • In-House • Webinar • SCORM E-Learning

This foundational training covers essential ICT security principles for daily work and remote environments.

Core topics include:

  • secure handling of information and ICT assets
  • password hygiene and multi-factor authentication
  • phishing, social-engineering and impersonation detection
  • safe email, internet and collaboration-tool usage
  • confidentiality, integrity, availability and authenticity
  • secure behaviour in hybrid and remote workplaces
  • internal reporting channels for suspicious activity and ICT anomalies

The programme fulfils all baseline DORA requirements for broad workforce training under Article 13(6).

Basic Security Awareness Training

Advanced Security Awareness Training

For privileged users, ICT staff and high-risk functions

Available as: Open Seminar • In-House • Webinar • SCORM E-Learning

Designed for staff with elevated access rights or technical responsibilities.

Content includes:

  • secure identity and privileged-access management
  • endpoint hardening, configuration security and secure coding principles
  • change-management awareness and operational risk implications
  • incident detection, log awareness and escalation obligations
  • cloud, SaaS and third-party security contexts
  • threat intelligence awareness and vulnerability handling

This training supports high-risk functional roles as required under Articles 9, 10 and 13 DORA.

Advanced Security Awareness Training

Security Awareness for Senior Management

For management body and senior leadership

Available as: Open Seminar • In-House • Webinar • SCORM E-Learning

Specifically tailored to fulfil the Article 5(2)(g) DORA competence requirement for the management body.

Topics include:

  • strategic ICT risk governance responsibilities
  • oversight of incident management, BCP/DR and ICT third-party arrangements
  • decision-making during ICT disruptions
  • understanding RTO/RPO, BIA outcomes and resilience metrics
  • resource-allocation duties, including budgeting for training
  • regulatory accountability for ICT risk and digital resilience

This programme ensures that senior management possesses the required ICT security competence and oversight capability.

Security Awareness for Senior Management

Security Awareness for ICT Third-Party Service Providers

For vendors with logical or physical access to ICT assets

Available as: Open Seminar • In-House • Webinar • SCORM E-Learning

Under Article 13(6) DORA and Article 30(2)(i) DORA, financial entities must train relevant ICT third-party service providers.

Core topics include:

  • entity-specific ICT security rules and secure-access expectations
  • confidentiality and data-handling obligations
  • incident notification requirements and escalation routes
  • alignment with contractual clauses under Article 28 DORA
  • secure behaviour for remote operations and privileged access

This programme ensures third-party alignment with your internal ICT risk management framework.

Security Awareness for ICT Third-Party Service Providers

Options

All four tracks can be delivered as:

Open Seminar

Professional, interactive sessions ideal for individual bookings or small teams.

In-House Training

Tailored delivery on your premises, aligned with your ICT environment, policies and threat landscape.

Live Webinar

Flexible, instructor-led virtual training for distributed or international teams.

SCORM-Compliant E-Learning

Fully digital, LMS-ready modules with assessments, tracking, certification and version control.

All formats meet DORA’s documentation and auditability requirements.

Documentation and Certification

Each training provides:

  • attendance and completion records
  • assessment results and remediation actions
  • versioned training materials
  • compliance documentation for supervisory inspections and internal audit
  • evidence for DORA Article 13(6) proof of competence
ICT security awareness programmes