Attending the DORA Lead Manager course equips trainees with a comprehensive set of knowledge, skills, and awareness necessary to lead and implement operational resilience strategies aligned with the Digital Operational Resilience Act (DORA). Here’s a breakdown of what they will be able to do in each area:

1. Knowledge

Trainees will gain deep insights into the technical, regulatory, and operational aspects of DORA. This includes:

• DORA Requirements and Compliance:
• Understand the full scope of the Digital Operational Resilience Act, including its regulatory requirements for financial entities and ICT third-party providers.
• Knowledge of ICT risk management policies, incident reporting obligations, and relate testing requirements set out by DORA.
• Operational Resilience Frameworks:
• Grasp the methodologies for creating and implementing a robust operational resilience framework.
• Understand and classify the importance of business continuity plans and disaster recovery specific to digital and ICT-related disruptions.
• Cybersecurity Protocols:
• Acquire knowledge of key cybersecurity principles necessary for defending against cyber threats, mitigating risks, and maintaining operational continuity.
• Third-Party Risk Management:
• Learn about the risks posed by ICT third-party service providers and how to establish risk management controls in contracts and due diligence processes.
• Governance and Reporting:
• Understand the governance structure required for DORA compliance, including roles, responsibilities, and internal reporting structures for boards of directors and executive management.

2. Skills

Practical skills acquired in the DORA Lead Manager course are crucial for managing resilience initiatives and regulatory requirements. These include:

• Risk Management and Assessment:
• Ability to identify, assess, and prioritize ICT risks within an organization.
• Develop and implement effective risk mitigation strategies to ensure continuous operations during disruptions.
• Incident Response and Recovery:
• Gain proficiency in designing and executing incident response plans for various ICT-related crises, such as cyberattacks or system failures.
• Motivate and lead teams in coordinating response and recovery efforts, ensuring quick restoration of services.
• Cybersecurity Management:
• • Implement and oversee advanced cybersecurity measures, including conducting penetration tests, vulnerability assessments, and ensuring the system's resilience against breaches.
  • ICT Third-Party Management:
  • Evaluate and monitor ICT third-party risks, ensure vendors meet DORA compliance standards, and integrate them into the organization's overall resilience plan.
  • Communication and Reporting:
  • Skillfully communicate digital resilience issues to various stakeholders, including regulators, internal teams, and executives.
  • Prepare and deliver comprehensive reports that outline resilience strategies and compliance progress to the board of directors and external regulatory bodies.
  3. Awareness

  Building awareness is key to embedding resilience within the organization’s culture. Trainees will develop and participate:

  • Regulatory Awareness:
  • Strong understanding of the evolving regulatory environment, ensuring that the organization stays up-to-date with changes in DORA and other relevant frameworks, like the NIS Directive or GDPR.
  • Awareness of regulatory expectations around digital operational resilience, including the need for regular audits, testing, and improvement.
  • Organizational Resilience Awareness:
  • Cultivate a culture of resilience within the organization by promoting awareness of operational risks, business continuity, and disaster recovery across all levels of the business.
  • Foster an understanding among staff about the importance of continuous improvement, ensuring that the organization regularly tests and strengthens its resilience posture.
  • Cyber Threat Awareness:
  • Increased awareness of the evolving nature of cyber threats, including potential cyberattacks, phishing attempts, or data breaches. Trainees will be equipped to educate staff about cybersecurity hygiene and proactive measures.
  • Global Best Practices:
  • Awareness of international standards and best practices in operational resilience, such as those set by ISO 22301 (Business Continuity) or NIST (National Institute of Standards and Technology) cybersecurity frameworks.

  In summary, after completing the DORA Lead Manager course trainees will be able to navigate the regulatory landscape, manage and mitigate ICT risks, respond to crises, and create a resilience-oriented culture in their organization. Their knowledge, skills, and awareness will allow them to implement and oversee a resilient digital infrastructure that is compliant with DORA and protects against operational disruptions.

• Financial institutions executives and decision-makers
• Compliance officers and risk managers
• IT professionals
• Legal and regulatory affairs personnel
• Consultants and advisors specializing in financial regulation and cybersecurity

• Introduction to the concepts and requirements of DORA
• ICT-related risk and incident management
• ICT third-party risk management and information sharing
• Review and continual improvement