Digitalisation has driven rapid and deep change in the financial sector. Transactions now occur within seconds, customer expectations are higher than ever, and technological infrastructure forms the core of business. However, these advancements also heighten the risks organisations face. Cyber attacks, system outages, and technological failures can result not just in financial losses but also in damage to trust, reputation, and possible regulatory action.
The European Union’s Digital Operational Resilience Act (DORA) was designed to respond to this new risk environment. DORA requires financial institutions to effectively manage information technology risks, maintain operational continuity in times of crisis, and ensure that these processes are owned at the highest management level. At this point, the responsibilities of senior managers include not only maintaining operational processes, but also establishing the organisation’s strategic resilience vision, preparing for crisis scenarios and aligning the entire organisation around this vision.
Today, operational resilience in the financial services sector has evolved beyond a mere regulatory requirement. Elements such as investor confidence, customer loyalty, and brand reputation are now directly dependent on this capability. The requirements outlined under DORA compel organisations to act not only to comply but also to gain a sustainable competitive advantage.
New Developments in the Context of DORA
In 2025, the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) published draft secondary legislation on the implementation of DORA. These regulations:
- Clarified Critical Event Notification Times (pre-notification within 4 hours).
- Third-party audit requirements (especially for cloud providers).
- Minimum standards for the frequency of tests (at least one penetration test per year).
These developments require senior executives to bring their technology, legal, compliance and risk management units together within the same strategic framework.
DORA is European in scope, but its impact is global. While regulations such as FFIEC and NIST SP 800-53 in the US adopt similar operational resilience principles, authorities in the Asia-Pacific region, such as MAS (Singapore) and HKMA (Hong Kong), are also developing similar regulations. As a result, global financial institutions are positioning compliance with DORA as a competitive advantage.
Why Should Organisations Get DORA Training?
DORA training provides the following benefits in the areas of IT risk management, regulatory compliance consulting, and operational resilience in the financial sector:
- Regulatory Compliance Consulting: Reduces legal risks and protects against penalties.
- Reputation Protection: Maintains customer trust through crisis management and communication plans.
- Operational Continuity: Provides strategic preparedness for uninterrupted service delivery.
- Investor and Customer Trust: A robust cybersecurity infrastructure enhances stakeholder confidence.
- Competitive Advantage: Strengthens the ‘reliable institution’ image.
The training courses we offer under the DORA Regulation include:
- DORA Awareness Training, 1 day
- DORA Implementation Training, 2 days
- DORA Awareness and Implementation, 3 days
- DORA Lead Manager Training, 4 days
The following individuals are eligible to attend the courses:
- Senior managers and strategic decision-makers in financial institutions,
- Compliance managers and risk management specialists,
- Information technology (IT) managers and technical teams,
- Legal department and regulatory affairs professionals,
- Consultants specialising in financial regulations and cybersecurity,
- Internal auditors and consultants,
- Information security specialists,
- Business continuity and compliance consultants,
Topics covered in our 1-day DORA Awareness Training:
- Scope and Organisations Covered by DORA,
- Key Objectives of DORA,
- IT Risk Management Requirements,
- Incident Reporting Obligations,
- Business Continuity and Resilience Testing,
- Third-Party Risk Management,
- Key Challenges and Solutions in the Compliance Process,
- Comparison of DORA with Global Standards,
- Practical Steps for DORA Compliance
Topics covered in our 3-day DORA Awareness and Implementation training include:
- DORA’s basic objectives, scope and identification of regulated entities,
- Background of DORA and the development process of digital operational resilience in financial services,
- Establishment of IT risk management policies, processes and controls,
- Detailed description of incident reporting processes, timelines and structure,
- Types, methodologies, and frequency of resilience testing,
- Third-party risk management strategies, contractual requirements, and monitoring methods,
- Information sharing processes, establishment of secure channels, and trust-building,
- Development of a DORA compliance strategy through gap analysis and risk assessment,
- Integration with existing systems (e.g., ISO/IEC 27001, ISO 27701) and prioritisation of compliance,
- Creation and optimisation of incident response and reporting workflows,
- Sharing best practices for penetration testing and threat-focused exercises,
- Reducing risks associated with third-party providers and improving SLAs,
- Implementing continuous improvement processes and preparing for DORA changes.
Our 4-day CPD-approved Dora Lead Manager Training includes the following topics:
- Introduction to DORA concepts and requirements
- Gaining the ability to plan and implement compliance processes
- Developing methods to reduce IT risks and increase operational resilience in financial institutions
- Adopting international best practices in cybersecurity and digital operational risk management
- Effectively applying ICT risk management, incident management, testing, third-party risk management, and information sharing processes,
- Knowledge of technology-based testing (penetration testing, vulnerability assessment, threat-based penetration testing),
- Managing third-party supplier risks and monitoring contractual obligations,
- Review, continuous improvement, and case studies,
- Final course exam.
As CFECERT, we offer customised, internationally compliant, professional training and assessment services to organisations under the Digital Operational Resilience Act (DORA) and other Management Systems.
Trust CFECERT’s expertise to align your organisation with DORA, build a resilient structure against cyber threats, and prepare for global regulations. For training and assessment requests, contact us immediately at info@cfecert.co.uk.
