DORA – Digital Operational Resilience for Financial Sector Staff

To order your licenses, please send us a request (See action button “customized training”). You will receive the steps to follow. E-Learning accessible for a maximum of 12 weeks from the signing of the order form.

The Digital Operational Resilience Act (DORA) is a crucial component of the European Union's regulatory strategy to enhance ICT risk management and operational resilience in the financial sector. It imposes comprehensive requirements across areas such as incident handling, digital continuity, resilience testing, third-party oversight, and sector-wide collaboration.

While DORA is often viewed through a regulatory or technical lens, its successful implementation depends on the awareness and involvement of all staff, not just compliance, IT, or risk teams.

This eLearning programme has been designed to support financial institutions in building that broad-based understanding. It translates complex regulatory content into clear, role-relevant insights for non-specialist staff, highlighting how their actions contribute to the organisation’s resilience and compliance posture.

The course aligns with key learning objectives in staff training, digital culture, operational risk, and change enablement. It can be used as a foundational awareness module as part of onboarding, compliance refreshers, or broader DORA implementation programmes.

By the end of this training, participants will:

• Understand the purpose of the DORA regulation and how it enhances the organisation’s digital resilience by preventing and mitigating ICT-related risks and disruptions.
  

• Recognise their role in supporting DORA compliance—by reporting ICT issues, following internal policies and procedures, contributing to resilience tests, practicing good cyber hygiene and identifying when ICT third-party services are involved in their work or business processes.
  

• Appreciate the consequences of weak ICT governance or non-compliance, including regulatory sanctions, reputational damage, and operational disruptions, and understand how their contributions can help prevent such outcomes.

Module 1 – Introduction to DORA

• What is DORA, and why was it created?
  

• Why DORA matters for the organisation and all staff
  

• The five pillars of digital operational resilience
  

Module 2 – ICT Risks and Security Awareness

• Recognising ICT-related risks in everyday work
  

• Basic cyber hygiene: passwords, phishing, secure behaviour
  

• The importance of security awareness in protecting systems and data
  

• How staff help reduce risk by applying best practices
  

Module 3 – Incident Management

• What is considered an ICT incident and a major incident under DORA?
  

• Early detection: signs of problems and what to do
  

• Internal reporting channels and the importance of timeliness
  

• Your role in responding to and recovering from disruptions
  

Module 4 – Policies and Procedures

• Overview of updated staff-related rules supporting DORA compliance
  

• Following procedures related to incident response, tool usage, and testing
  

• Participating in drills and simulations, where applicable
  

• Accountability across roles and departments
  

Module 5 – ICT Third Parties

• Understanding what counts as an ICT third-party service
  

• Why identifying external providers is part of everyone's responsibility
  

• Examples of day-to-day third-party interactions (cloud tools, vendors, platforms)
  

• Staff role in helping ensure these services are logged and governed properly

This training programme is designed for a broad cross-section of staff across financial institutions. It supports organisations in building awareness and operational readiness for DORA compliance, particularly among non-specialist employees who interact with ICT systems, data, or third-party tools as part of their daily responsibilities.

The content is suitable for roles in:

• Business operations, back-office support, and client-facing functions
  

• Human Resources, Finance, Legal, and Administration
  

• Procurement and vendor management
  

• Risk, Compliance, and Audit
  

• IT, Security, and Project Management

The programme assumes no prior technical or regulatory expertise. It is intended to complement role-specific compliance, IT, or security training by offering foundational knowledge and reinforcing behavioural expectations that contribute to digital resilience across the organisation.

+/- 1 hour (the license remains active for 6 months).

At the end of the course, participants will receive a certificate of attendance issued by the House of Training.