DORA | Instructor-led Training
Note: For the Digital Operational Resilience Act Trained Professional (DORATPro) online training, exam, and certificate of completion:
Instructor-Led Training
Possible modules of the tailor-made training program
The need for the Digital Operational Resilience Act.
- The FinTech Action Plan of 2018.
- The Digital Finance Package.
- NIS, NIS 2 and DORA.
- Public security, defence, national security.
- Outsourcing in financial services.
The Digital Operational Resilience Act, Important Articles.
CHAPTER I, General provisions.
- Subject matter.
- Scope.
- Definitions.
- Proportionality principle.
CHAPTER II, ICT risk management.
- Governance and organisation.
- ICT risk management framework.
- ICT systems, protocols and tools.
- Identification.
- Protection and prevention.
- Detection.
- Response and recovery.
- Backup policies and procedures, restoration and recovery procedures and methods.
- Learning and evolving.
- Communication.
- Further harmonisation of ICT risk management tools, methods, processes and policies.
- Simplified ICT risk management framework.
CHAPTER III, ICT-related incident management, classification and reporting.
- ICT-related incident management process.
- Classification of ICT-related incidents and cyber threats.
- Reporting of major ICT-related incidents and voluntary notification of significant cyber threats.
- Harmonisation of reporting content and templates.
- Centralisation of reporting of major ICT-related incidents.
- Supervisory feedback.
- Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions.
CHAPTER IV, Digital operational resilience testing.
- General requirements for the performance of digital operational resilience testing.
- Testing of ICT tools and systems.
- Advanced testing of ICT tools.
- Requirements for testers for the carrying out of TLPT.
CHAPTER V, Managing of ICT third-party risk.
- Section I, Key principles for a sound management of ICT third-party risk.
- General principles.
- Preliminary assessment of ICT concentration risk at entity level.
- Key contractual provisions.
- Section II, Oversight Framework of critical ICT third-party service providers.
- Designation of critical ICT third-party service providers.
- Structure of the Oversight Framework.
- Tasks of the Lead Overseer.
- Operational coordination between Lead Overseers.
- Powers of the Lead Overseer.
- Exercise of the powers of the Lead Overseer outside the Union.
- Request for information.
- General investigations.
- Inspections.
- Ongoing oversight.
- Harmonisation of conditions enabling the conduct of the oversight activities.
- Follow-up by competent authorities.
- Oversight fees.
- International cooperation.
CHAPTER VI, Information-sharing arrangements.
- Information-sharing arrangements on cyber threat information and intelligence.
CHAPTER VII, Competent authorities.
- Competent authorities.
- Cooperation with structures and authorities established by Directive (EU) 2022/2555 (the NIS 2 Directive).
- Cooperation between authorities.
- Financial cross-sector exercises, communication and cooperation.
- Administrative penalties and remedial measures.
- Exercise of the power to impose administrative penalties and remedial measures.
- Criminal penalties.
- Notification duties.
- Publication of administrative penalties.
- Professional secrecy.
- Data Protection.
CHAPTER VIII, Delegated acts.
- Exercise of the delegation.
CHAPTER IX, Transitional and final provisions.
- Review clause.
- Amendments.
- Entry into force and application.
Deadlines, references to NIS 2, National discretions.
- So many deadlines … Mark your calendar.
- All the 35 references to the NIS 2 Directive (Directive (EU) 2022/2555) in one list.
- Important national discretions (even in a regulation…).
Other new EU Directives and Regulations.
- The NIS 2 Directive.
- The Artificial Intelligence Act.
- The Critical Entities Resilience Directive (CER).
- The European Data Act.
- The European Data Governance Act (DGA).
- The European Cyber Resilience Act (CRA).
- The Digital Services Act (DSA).
- The Digital Markets Act (DMA).
- The European Chips Act.
- The Artificial Intelligence Liability Directive.
- The Framework for Artificial Intelligence Cybersecurity Practices (FAICP).
- The EU Cyber Solidarity Act.
- The Digital Networks Act (DNA).
- The European ePrivacy Regulation.
- The European Digital Identity Regulation.
- The European Media Freedom Act (EMFA).
- The Corporate Sustainability Due Diligence Directive (CSDDD).
- The Systemic Cyber Incident Coordination Framework (EU-SCICF).
- The European Health Data Space (EHDS).
- The European Financial Data Space (EFDS).
- The Financial Data Access (FiDA) Regulation.
- The Payment Services Directive 3 (PSD3), Payment Services Regulation (PSR).
- Internal Market Emergency and Resilience Act (IMERA).
- The European Space Law (EUSL).
NIS 2, DORA, or both?
- The Commission's Guidelines about the relationship between the NIS 2 Directive and the Digital Operational Resilience Act (DORA).
The final draft technical standards under the Digital Operational Resilience Act (DORA).
Instructor.
Our instructors are professionals with extensive, real-world experience in their respective fields. They are equipped to deliver full-time, part-time, or short-form programs, all customized to suit your specific requirements. Beyond teaching, our instructors provide hands-on guidance, offering real-world insights that help bridge the gap between theory and practice. You will always be informed ahead of time about the instructor leading your program.
Terms and conditions.
You may visit: https://www.cyber-risk-gmbh.com/Terms.html
Cyber Risk GmbH, some of our clients
