DORA is a European regulation that requires financial institutions to ensure they are resilient to, can respond to, and recover from all types of ICT-related incidents, risks, and threats. The regulation was adopted on December 14, 2022, by the European Parliament and the Council of the European Union (Regulation (EU) 2022/2554). DORA aims for harmonization and simplification of regulations surrounding ICT risk management to ensure consistency and coherence within the EU.

DORA requires financial entities to adhere to the principle of proportionality, taking into account the size, risk profile, and complexity of their activities.

DORA encompasses five key areas of focus:

1 ICT risk management - Financial institutions must establish and maintain an effective ICT Risk Management framework to identify, classify, and mitigate ICT risks.

2 Incident management - Financial institutions must establish effective incident management and a harmonized framework to report significant ICT-related incidents to regulators. This helps in better understanding emerging threats and enables coordinated responses.

3 Digital operational resilience testing - Financial institutions are required to conduct regular tests to assess their capacity to withstand ICT disruptions. This includes vulnerability assessments and penetration testing, with requirements tailored to the size and risk profile of the entity.

4 Management of risks from third parties - DORA recognizes the increasing reliance on external service providers, including cloud services, and sets rules for managing ICT risks within the supply chain. Financial institutions must oversee the resilience of their critical external suppliers.

5 Information and intelligence sharing - DORA encourages financial institutions to share cyber threat information and other relevant data to enhance collective understanding and defense mechanisms against ICT threats.

This regulation is essential for organizations operating within the financial sector and helps them remain future-proof and resilient in an increasingly digital world.

As DORA comes into effect on January 17, 2025, there is no better time to thoroughly understand the implications and requirements. During interactive sessions and practical exercises, the DORA Lead Manager training provides a hands-on perspective on implementing effective strategies to manage ICT risks and applying best practices to strengthen the digital operational resilience of financial institutions.

Moreover, participating in this course demonstrates your commitment to professional development and positions you as a competent leader within the changing landscape of digital operational resilience. Upon successful completion of the training and examination, you can apply for the title "PECB Certified DORA Lead Manager."

In the DORA Lead Manager exam, you will be assessed on the following domains, for which the training will prepare you:

• Domain 1: Fundamental concepts of ICT risk management and digital operational resilience
• Domain 2: Preparing and planning the implementation of a DORA project
• Domain 3: ICT risks and the management of ICT-related incidents
• Domain 4: Testing digital operational resilience and managing ICT risks from third parties
• Domain 5: Evaluation and continuous improvement