DORA: Digital Operational Resilience for EU Financial Entities

Overview
A 5-module decision-based scenario course covering the Digital Operational Resilience Act (Regulation (EU) 2022/2554). The learner manages an ICT incident classification, builds and audits a third-party register, runs a threat-led penetration test (TLPT), executes an exit strategy, and faces a supervisory examination. Approximately 120 minutes total. Course delivered in English.
Target Audience:
ICT risk managers, third-party risk officers, CISOs, compliance leads, and operational resilience teams at EU credit institutions, payment institutions, investment firms, insurance undertakings, crypto-asset service providers, and other financial entities under DORA scope
Features and USPs:
Stakeholder HUD with live credibility scoring across regulator, clients, board, and vendor. Document redline review for the Article 28 register. Inline calibration micro checks. Threat-led penetration test (TLPT) decision tree. Legally reviewed by qualified EU counsel.
Learning Objectives:
- Classify an ICT incident under Article 18 and decide reporting trigger
- Maintain a DORA-compliant third-party register meeting Article 28 standards
- Scope and run a threat-led penetration test under Article 26
- Plan and execute an Article 28(8) exit strategy from a critical ICT third party
- Engage with a Lead Overseer or competent authority during examination