CPEs: 24
Instructor: Dennis Cox
Level: Intermediate
Tuition: £2,995.00
Register Now

NEW Digital Operational Resilience Act (DORA) – Regulation and Impact CRP057

Location: UK EU MENA WAT GCC Time Zones

First Date: Feb 26 - 28 2024

Duration: 3 days

Programme Director: Dennis Cox

All Dates & Locations
Venue Details

Experience the highly-interactive expert-led social learning through Virtual Classroom via Cisco WebEx from Risk Reward.

All our 2024 Live, on-site and Live Virtual Classroom events feature shared (or discrete) live chat between delegates and the expert, participate in topical surveys, polling questions, group exercises and case studies for a tried -and- true engaging and gratifying learning experience.

Need to bring this course in house, train your team or 1:1? Simply contact us for significant cost savings and dates best suited to meet your specific needs.

Agenda Highlights

 Session 1:  The Digital Operational Resilience Act (DORA) 

Session 2: ICT Risk Management

Session 3: ICT Related Incident Management , Classification and Reporting

Session 4: Digital Operational Resilience Testing

Session 5: Management of ICT Third-party risk

Session 6:  Other matters

Session 7:  The DORA Project


The Digital Operational Resilience Act or DORA brings into law matters previously dealt with through the provision of regulatory standards.  The Bank for International Settlements (BIS) published its principles for the management of operational resilience in March 2021.  Whilst this did refer to ICT it had a wider focus.  This is legislation applied in the EU and takes elements of those principles to be enshrined in law.

Accordingly firms that were thinking that there was flexibility in applying the BIS principles will find that some elements of that flexibility have been clarified in this Act.  Firms need to urgently appreciate the extent of these requirements and reconsider the project plans that they have implemented. This timely training event is designed to explain the scope, scale and contents of this important legislation and enable delegates to consider the actions that they will be required to take.

Who Should Attend

This course is designed for the following parties involved with financial institutions:

  • The Board
  • Risk management
  • ICT management
  • Internal audit
  • Compliance
  • Regulators

Additional Course Information

What Does It Cover?

Session 1:  The Digital Operational Resilience Act (DORA) 

  • Subject matter
  • Relationship to BIS guidance
  • Scope
  • Definitions
  • Proportionality
  • Timetable

 Session 2: ICT Risk Management

  • Governance and organisation
  • ICT risk management framework
  • ICT systems, protocols and tools
  • Identification
  • Protection and prevention
  • Detection
  • Response and recovery
  • Back up policies and procedures
  • Restoration and recovery procedures and methods
  • Education and training
  • Communication
  • Simplified ICT risk management Framework

Session 3: ICT Related Incident Management, Classification and Reporting

  • Classification of ICT-related incidents and cyber threats
  • Reporting major ICT related incidents
  • Voluntary notification of significant cyber risks
  • Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions

Session 4: Digital Operational Resilience Testing

  • General requirements for the performance of digital operational resilience testing
  • Testing of ICT tools and systems
  • Threat led penetration testing (TLPT)
  • Requirements for testers for the carrying out of TLPT

Session 5: Management of ICT Third-party risk

  • General principles
  • Preliminary assessment of ICT concentration risk
  • Key contractual provisions
  • Designation of critical ICT third-party service provider
  • Structure of the oversight framework
  • Inspections
  • Ongoing oversight
  • Guidance

Session 6:  The DORA Project

  • What needs to be done?
  • Critical components
  • The project plan
  • Project governance
  • Actions and activities
Learning Objectives

By the conclusion of this session delegates will have gained an insight into the new requirements of the Digital Operational Resilience Act. Specifically, they will have addressed:

  • Aims and goals
  • ICT risk management
  • ICT incident management
  • Third party ICT risk management
  • Digital operational resilience testing
  • Penalties and proceedings

Delegates who complete the course will receive a Certificate with equivalent CPD/CPE credits via email; and for those who require an assessment as a demonstration of competency via training a 20 multiple-choice questions and answers quiz, remotely invigilated with results report and 1 resit, is available at no additional charge when requested at time of reservation.

Social Learning & Methods

Highly interactive expert-led intensive presentation, Q&A, group real-time in-depth case studies, regulation and discussion supported by key principles and theory. The virtual learning platform uses safe, industry preferred encrypted Cisco WebEx to optimize live face-to-face visual interaction, discrete chat, for polling and quizzes.

(An invitation via email with access link is included for all participants.)


NEW Digital Operational Resilience Act (DORA) – Regulation and Impact

Course Fee

Apply 10% discount code RISK10 by December 15, 2023 at check-out

Course Fee (per person):
GBP £2,995.00 (+ UK VAT when applicable)

Number of delegates:

Data Privacy & Update of Contact Details Risk Reward Limited is fully compliant with the Data Protection Act. The information you provide will be safeguarded by Risk Reward Ltd. We do not rent, sell or exchange your details to anyone without your consent. Your details are never given to third parties. If you wish to update your details, please email: with your OLD and NEW details. Please allow 10 days to see the changes take effect. Thank you.

Terms and Conditions: You can cancel at any time. Due to the on-going COVID 19 environment cancellations may be made at any time for either a full refund or a credit towards another event occurring within the following 6 month period. Simply email or telephone the London Client Services team at to advise your preference and we will do our best to accommodate your circumstances. Risk Reward Ltd receives the right to a final decision in the event of a dispute.

All Risk Reward public courses are guaranteed to run although those offered by affiliates are subject to demand
SKU: TEMPLATE-26 Category:

Quick Contact

    Get in touch and see how Risk Reward can help you

    Our London team are ready to answer questions, provide information & choices to help make your public seminar booking in a prompt, professional & friendly manner.

    Get in touch and see how Risk Reward can help you

    Our London and Miami teams are ready to listen carefully to your needs, take the brief, explore options, offer suggestions and help you in a professional and friendly manner.