The PECB Certified DORA Lead Manager training course is designed to equip professionals with the essential skills and knowledge to lead, manage, and oversee the implementation of digital operational resilience strategies within financial institutions. The course focuses on ensuring compliance with the European Union’s Digital Operational Resilience Act (DORA), which aims to enhance the security and resilience of digital financial services across the EU.
What Is Digital Operational Resilience (DORA)?
Digital operational resilience refers to the ability of a financial entity to build, assure, and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions.1
As the financial sector heavily relies on digital technologies, new cyber threats continue to emerge. In response, the European Union has developed the Digital Operational Resilience Act (DORA) to enhance digital operational resilience in the financial sector.
What Is DORA?
DORA is a regulation that requires entities in the financial sector to ensure they can withstand, respond to, and recover from all types of ICT-related incidents, risks, and threats. It was enacted by the European Parliament and the Council of the European Union on December 14, 2022, Regulation (EU) 2022/2554, and seeks to harmonize and streamline regulations related to ICT risk management, ensuring consistency and coherence across the EU. DORA requires financial entities to adhere to the principle of proportionality, which considers their operations’ size, risk profile, and complexity.
DORA sets out the key requirements for financial entities in five main areas:
- ICT risk management: Financial entities must establish and maintain an effective ICT risk management framework to effectively identify, classify, and reduce ICT risks.
- Incident management: Financial entities must establish effective incident management and a harmonized framework for reporting major ICT-related incidents to regulatory bodies, facilitating a better understanding of emerging threats and enabling coordinated responses.
- Digital operational resilience testing: Financial entities must conduct regular testing to assess their capacity to withstand ICT disruptions. This includes vulnerability assessments and penetration testing, with requirements tailored to the entity’s size and risk profile.
- Third-party risk management: Recognizing the increasing reliance on third-party service providers, including cloud services, DORA sets out rules for managing ICT risks in the supply chain, ensuring that financial entities have oversight over the resilience of their critical third-party providers.
- Information and intelligence sharing: DORA encourages financial entities to share cyber threat intelligence and other relevant information to enhance collective understanding and defense mechanisms against ICT threats.
Why Is DORA Important?
As of January 17, 2025, financial entities will be required to ensure compliance with DORA requirements. Noncompliance with DORA can result in significant penalties, reflecting the seriousness with which the EU views digital operational resilience. While the specific penalties can vary based on the nature and severity of the noncompliance, they are designed to be dissuasive and proportionate.
Organizations must adapt and update their digital operational resilience strategies to keep pace with evolving technologies and threats. This ongoing process involves collaboration across all levels of the organization, from executive leadership to operational staff, as well as with external partners and regulators.
Why should you attend?
As DORA will come into force on January 17, 2025, there’s never been a more crucial time to grasp its implications and requirements thoroughly. Attending the PECB Certified DORA Lead Manager training course offers a unique opportunity to engage with industry experts and peers, fostering valuable discussions and insights into best practices for digital operational resilience. Through interactive sessions and practical exercises, you will gain real-world perspectives on implementing effective strategies to mitigate ICT risks and enhance digital operational resilience in financial institutions.
Additionally, attending this course demonstrates your commitment to professional development and positions you as a competent leader in the evolving landscape of digital operational resilience. Upon successfully completing the training course and exam, you can apply for the “PECB Certified DORA Lead Manager” credential.
Learning objectives
After completing this training course, you will be able to:- Understand the regulatory landscape and compliance requirements outlined in DORA, focusing on key pillars such as ICT risk management, ICT-related incident management and reporting, digital operational resilience testing, and ICT third-party risk management
- Implement effective strategies and measures to enhance digital operational resilience and mitigate ICT risks within financial institutions, aligning with DORA requirements and industry best practices
- Identify, analyze, evaluate, and treat ICT risks relevant to the financial entities
- Develop and maintain robust ICT risk management frameworks, incident response plans, business continuity and disaster recovery plans
- Foster collaboration and communication with key stakeholders to ensure successful implementation and ongoing compliance with DORA
- Utilize industry-standard tools and methodologies for monitoring, assessing, and managing ICT risks and vulnerabilities, enhancing the overall security posture of financial institutions
Educational approach
- The training course incorporates interactive elements, such as essay-type exercises and multiple-choice quizzes, some of which are scenario-based.
- Participants are strongly encouraged to communicate and engage in discussions.
- The quizzes are designed in a manner that closely resembles the format of the certification exam.
Course Agenda
- Day 1: Introduction to the concepts and requirements of DORA
- Day 2: ICT-related risk and incident management
- Day 3: ICT third-party risk management and information sharing
- Day 4: Review and continual improvement
- Day 5: Certification exam
Course Features
- Lecture 0
- Quiz 0
- Duration 5 days
- Skill level Intermediate
- Language English
- Students 0
- Assessments Yes
Requirements
- The main requirement for participating in this training course is having a fundamental understanding of information security and cybersecurity concepts, and familiarity with ICT risk management principles.
Features
- Certification and examination fees are included in the price of the training course
- Participants will receive the training course material containing over 450 pages of explanatory information, examples, best practices, exercises, and quizzes.
- An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- If candidates fail the exam, they can retake it within 12 months following the initial attempt for free.
Target audiences
- Consultants and advisors specializing in financial regulation and cybersecurity
- IT professionals
- Compliance officers and risk managers
- Legal and regulatory affairs personnel
- Financial institutions executives and decision-makers
