DORA (Digital Operational Resilience Act), implementing a digital resilience strategy
Satisfaction rate
4.8
Success rate
4.8
The target audience for training
ISSMs and security advisors, security architects, IT directors and managers, IT engineers, project managers, security auditors and IT regulatory lawyers.
What you will learn
The DORA framework is a European regulatory framework designed to strengthen the operational resilience of financial entities in the face of IT and cybersecurity risks. It imposes strict requirements in terms of IT risk management, cybersecurity testing, incident management and critical infrastructure resilience. By harmonising standards across the EU, DORA ensures greater protection against cyber threats, limiting disruption to financial services and strengthening digital confidence.
Training programme
- Duration: 2 days
Module 1: Information and communication technology (ICT) risk management
- DORA provisions reiterating the need to implement an ICT risk management system.
- Key principles and requirements for risk management in financial entities.
- Obligations relating to the ICT risk management framework.
Module 2: Management, classification and reporting of ICT incidents
- Provisions of the DORA regulation aimed at harmonising and rationalising the reporting of ICT incidents.
- Classification and reporting of ICT incidents.
- Notification to the competent ESA (European Supervisory Authorities) of major ICT-related incidents.
- Voluntary notification of major cyber threats to authorities such as EBA, EIOPA and ESMA.
Module 3: Digital operational resilience testing
- Digital operational resilience tests on the most critical parts of their information systems.
- Advanced tests based on Threat-Led Penetration Testing (TLPT).
- Large-scale live testing of threats, carried out by independent testing bodies.
Module 4: Managing the risks associated with third-party service providers
- Principles for managing third-party risks as part of ICT risk management.
- Provisions to be taken into account in the relationship with third-party service providers supplying ICT services.
- Europe-wide monitoring framework for critical third-party ICT service providers.
Module 5: Provisions relating to the exchange of information
- Strengthen the digital operational resilience of financial entities.
- Voluntary exchange of information and intelligence on cyber threats between different financial entities.
Assessment procedures
- The trainer assesses the participant's progress throughout the course by means of multiple-choice questions, simulations, practical work, etc.
- Participants also complete a placement test before and after the course to validate the skills they have acquired.
Training objectives
At the end of the course, participants will be able to :
- Understand the main objectives and key concepts of the DORA regulation
- Understanding the different types of cyber risk
- Identify data security and regulatory compliance obligations
- Learn about good digital security practices and raise awareness among employees
- Setting up and implementing a digital resilience strategy
Training prerequisites
Basic knowledge of cybersecurity and information systems security.
- Language : French
- Level : Fundamental
- Certification body : ACG CYBERACADEMY
- Certification: No
- Accessibility : Yes
- Duration: 2 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).