DORA - Digital Operational Resilience Act

EU rules on ICT risk, resilience, and compliance for financial institutions

What you'll learn
Understand the purpose, structure, and scope of application of the Digital Operational Resilience Act (DORA).
Explain the key DORA requirements for ICT risk management in financial organizations.
Navigate the core components of digital operational resilience, including incident management, resilience testing, and third-party risk.
Apply DORA requirements in practice to build a digital risk management framework and ensure compliance.
Differentiate between management responsibility, internal control functions, and supervisory mechanisms under DORA.

Requirements
Previous experience in digital resilience, cybersecurity, or regulatory requirements is not mandatory.
A basic understanding of the organization’s financial activities and general risk management principles is an advantage.
A willingness to learn the requirements of the Digital Operational Resilience Act (DORA) and the principles of building an ICT risk management framework.
Basic computer skills and access to the course learning materials.

Requirements
Previous experience in digital resilience, cybersecurity, or regulatory requirements is not mandatory.
A basic understanding of the organization’s financial activities and general risk management principles is an advantage.
A willingness to learn the requirements of the Digital Operational Resilience Act (DORA) and the principles of building an ICT risk management framework.
Basic computer skills and access to the course learning materials.
Description
This course contains the use of artificial intelligence.

This foundational course is dedicated to the Digital Operational Resilience Act (DORA) - the EU Regulation on digital operational resilience in the financial sector, which establishes mandatory requirements for ICT risk management for financial institutions and their critical technology providers.

Throughout the course, you will gain a clear and structured understanding of what DORA compliance means, who it applies to (financial institutions, payment organizations, investment firms, insurance companies, crypto-asset service providers, etc.), what responsibilities are imposed on management, and how the Regulation’s requirements are implemented in practice. The course explains the key elements of DORA: the ICT risk management framework, incident reporting requirements, digital resilience testing (including advanced testing), third-party risk management, concentration risk oversight, and the supervisory framework for critical ICT providers.

The material is presented in an accessible format, without excessive technical complexity, making the course understandable even for participants without a deep technical background. You will learn how the regulatory logic of DORA is structured, why it is not a certification but a management model, which requirements are strategically critical for financial organizations, how the multi-layered supervisory system functions (national regulators and European supervisory authorities), and how DORA differs from standards such as ISO 27001 and other technical frameworks.

The course will be useful for board members of financial institutions, top executives, CROs, CISOs, risk management leaders, lawyers, compliance professionals, internal auditors, cybersecurity specialists, as well as those responsible for building or coordinating a digital resilience framework within an organization.

The program is practice-oriented and focused on real managerial decision-making. Upon completion of the course, you will better understand the strategic logic of DORA, be able to assess your organization’s level of readiness, conduct a gap analysis, identify critical ICT functions and dependencies, develop an implementation roadmap, and integrate the Regulation’s requirements into corporate governance. The knowledge gained will help enhance digital resilience, reduce operational and regulatory risks, and strengthen the trust of regulators and partners.

Disclaimer: Certain parts of this course were created or enhanced using artificial intelligence tools, including audio processing and translation support. All content has been reviewed, verified, and curated by the instructor to ensure accuracy, relevance, and educational value.

Who this course is for
Executives and board members of financial organizations responsible for digital resilience and risk management.
Professionals in cybersecurity, ICT risk management, internal control, and compliance.
Specialists in digital transformation and operational functions within the financial sector.
Consultants and auditors working with or planning to work with the requirements of the Digital Operational Resilience Act (DORA).
Anyone seeking a structured understanding of DORA and the principles of digital operational resilience.