Single courses
DORA Training Overview
DORA overview
DORA (Digital Operational Resilience Act) is an EU regulation that became effective in 2022, and enforceable from 17 January 2024 by fines of up to 4% of annual global turnover. Its aim is to protect the digital economy by fortifying financial infrastructure in the EU against cyber security threats and risks, and to improve the outlook for business continuity across the EU economy.
The Act recognises that risk is not contained within financial-sector entities. Risk is spread along the digital supply chain and involves hardware, software and services used by financial-sector entities. Weaknesses in any part of the financial ecosystem could threaten the economy. Under DORA, responsibility starts with financial services organisations: they must ensure that all the organisations in their ICT supply chain understand and comply, in appropriate measure, with the requirements of DORA.
Financial organisations are spearheading the change. They will require their suppliers to change practices and/or update contracts. To keep or win business from financial-sector entities, ICT organisations will need to revise their practices and demonstrate compliance. Training will help you embed appropriate ways of working across your supply chain and sharing information on risks and incidents with a central authority.
Threats are real, and DORA has arisen from a backdrop of cyber security and privacy breaches in critical national infrastructure, including attacks on central banks. The financial crash of 2008 highlighted that risk is hard to contain. While DORA has commercial implications for organisations, it has wider implications for national security and international stability. Open banking and innovation in finance are giving more choice and convenient ways of paying, saving and borrowing. DORA is there to safeguard us all in the light of new freedoms opened up by technology. New levels of awareness, collaboration and coordination are emerging, and DORA is driving a new sense of accountability for all involved.
Who needs DORA training?
While the regulatory spotlight is on financial services entities, DORA is about mitigating risk across the digital supply chain. It impacts a wide range of financial services entities including lenders, investors, insurers, payment institutions, and others.
All these financial entities, if operating in the EU, are required to identify all their ICT-supported business functions. This must be done in detail – listing the roles and responsibilities of individuals and all their dependencies in relation to ICT risk. Legal, compliance, IT and customer services functions are likely to be affected, and responsible individuals in each will need to gain at least a working knowledge of DORA to fulfil their roles competently. The remits of many different role-holders are expanding to encompass DORA. Our training courses help role-holders upskill in a timely and engaging way.
ICT stands for information and communications technology. It is a term used in other EU regulations such as PSD2 (Payment Services Directive) and NIS2. It covers ICT suppliers like Microsoft and Google, as well as small businesses supporting financial services organisations.
Demonstrating DORA compliance in your systems, processes and customer contracts will help you retain key financial services customers and win new business.
For those working as auditors for key cyber security-, IT- or financial services-related standards, and those working as compliance consultants, training provides you with the understanding, qualifications and credibility to expand your remit to include DORA. Our training courses help you quickly build on your existing skills and knowledge to incorporate DORA compliance.
If you are involved in building, maintaining or testing your networks and IT infrastructure, then you play a vital role in terms of DORA compliance. The regulation specifies that regular resilience testing is essential and that any identified risks or breaches need to be dealt with systematically. Understanding how your role fits into the financial services and IT sectors and plays a part in protecting the EU economy will help you act faster and smarter in alignment with prescribed procedures. Your skill sets are becoming increasingly critical. Becoming DORA-proficient and nurturing your own professional development can bring greater meaning and motivation to your career.
Free brochure: DORA training courses for organisations and specialist consultants
Organisations in scope for DORA need reliable consultants, compliance experts, auditors and security services such as penetration testing and ethical hacking. DORA training equips consultants to serve this market. Certifications will help you stand out from untrained advisers and provide your services when they are needed most. Find out about the courses on offer for your role.
Beat the deadline
DORA is now effective in EU law, and all those in scope need to demonstrate compliance before January 2025. It takes time to adjust or create systems, test them and be confident in them, and longer still to ensure that third-party suppliers are also up to date and in line with DORA.
Training will help you compress the lead time from awareness to verified compliance. Starting early is a risk-reduction strategy in itself, and every organisation affected by DORA will need to plan to maintain staff awareness and DORA competencies in all the relevant business functions – achieving compliance is contingent upon having robust plans to have DORA-competent staff to maintain DORA-compliant systems and frameworks.
Auditors and compliance consultants and could be called upon to carry out DORA compliance audits alongside other audits that you regularly perform for customers. Training now will prepare you for that additional business opportunity.
All courses
For progressive learning, choose from individual courses starting with the Foundation course and moving on to the Practitioner, Lead Auditor or Compliance Officer courses.
For a fast-track to DORA qualifications, choose a combination course.
All courses lead to professional qualifications recognised by HR teams everywhere and that are ISO 17024 certified.
Buying for your business? For a full price list, contact our training experts. There are great discounts for block bookings, in-house training and corporate accounts.
DORA: certified training
Certified DORA Foundation Training Course
Certified DORA Foundation Self-Paced Online Training Course
Certified DORA Foundation (C-DORA F) Exam Voucher
Certified DORA Practitioner Training Course
Certified DORA Practitioner Self-Paced Online Training Course
Certified DORA Practitioner (C-DORA P) Exam Voucher
Certified DORA Compliance Officer Training Course
Certified DORA Compliance Officer Self-Paced Online Training Course
Certified DORA Compliance Officer (C-DORA CO) Exam Voucher
Certified DORA Lead Auditor Training Course
Certified DORA Lead Auditor Self-Paced Training Course
DORA: certified training
Combination courses
Certified DORA Foundation and Practitioner Combination Training Course
Certified DORA Foundation and Practitioner Self-Paced Online Combination Training Course
Certified DORA Foundation and Compliance Officer Combination Training Course
Certified DORA Foundation and Lead Auditor Combination Training Course
Certified DORA Foundation and Lead Auditor Combination Self-Paced Training Course
Certified DORA Foundation and Lead Auditor Module Combination Training Course
Certified DORA Foundation and Lead Auditor Module Combination Self-Paced Online Training Course
Why choose IT Governance for your training needs
Renowned experts. We are the recognised global leader in the fields that we train in. IT Governance led the world’s first ISO 27001 certification project and introduced the world’s first certified GDPR training. Since then, more than 30,000 professionals have trained with us. 
Insider insights. We keep you up to date with breaking news and developments in relevant standards, regulations, best practice and cyber threats, giving you the ‘first to know’ advantage and time to prepare your organisation. 
Structured career pathways. We help you navigate a wide range of qualifications to build a career. Through accessible and affordable training and events, you can earn CPD points to empower your professional journey, maintain your qualifications and improve your business impact.
Engaging experiences. Our courses and learning materials are built and delivered by subject-matter experts and innovative instructional design specialists with years of practical, hands-on experience. 
More ways to learn. We offer the widest range of learning formats per course than any other training provider, including instructor-led courses, self-paced online training and bespoke courses for organisations. We also offer a unique blended learning method, designed for the digital age, which combines Live Online, self-paced and expert tuition.
Learn to earn. Pay by credit card online or by invoice. If you are personally investing in your career, you can spread the cost with our finance options. Fantastic discounts on books and courses are available for training graduates and corporate partners. 
The elegant solution for DORA compliance
Our unchallenged position as the authority on implementing ISO standards, and cyber security governance, risk and compliance frameworks allows us to adjust and align existing practices to help you achieve DORA compliance efficiently, calmly and ahead of schedule.
We help you develop robust procedures, policies and frameworks without overengineering or reinventing systems. We want you to gain clarity so you can speed up your journey to compliance without DORA becoming a financial and regulatory burden.
Cost-and-time-efficient packages.
Operational resilience is a time-sensitive priority. We have created concentrated learning packages with our combination training courses. At IT Governance, we are committed to helping you get where you need to be, faster.
Our corporate packages enable organisations to block-buy training for employees, contractors and even suppliers engaged in DORA implementation projects. In addition, since to obtain compliance you need to show you have plans to maintain compliance, you will want to ensure that you can quickly upskill employees to cover all the required competencies, applying the DORA principle of continual improvement. Plan ahead, maximise your budget and access a range of additional benefits.
Complete support for DORA compliance
At IT Governance, we provide:
- Training to upskill staff, project teams and those with ongoing accountability;
- Toolkits, including customisable policies and procedures to accelerate implementation;
- Books to deepen your understanding in key areas;
- Consultancy to augment or steer your project teams to compliance efficiently and in sync with existing compliance-related activities; and
- Free resources that help you deepen your understanding, including white papers, articles, and webinars with expert speakers.
For individual career growth, role-specific learning and professional training for teams, we offer a broad range of courses, structured learning pathways and a variety of ways to learn, from instructor-led courses to blended online or self-paced courses.
We also offer simple and fun e-learning courses for staff awareness. These short sessions can be taken online at any time. That’s another way we help you train for new responsibilities and to excel in your role.
FAQs
Combination courses let you take two short courses in one concentrated time block. It saves time by skipping the recap of what was covered in the lead-in course. You can still take the two online exams at the end.
Some combination courses enable those already qualified in a core discipline such as lead auditor to skip the prerequisite courses and reduce the total cost and time of becoming certified in a new area or at a more advanced level.
Yes. You can purchase the exam vouchers separately.
There is no formal pre-reading. However, reading around DORA before a course will help you absorb the information more easily during the training. There are some great articles in our resource hub and we have a handy guidebook that is a quick pre-read and a good memory prompter after the training.
DORA is a new European framework that focuses on embedding a more robust and resilient approach to delivering digital capabilities in financial markets.
The framework’s purpose is to help financial services companies ensure they can maintain resilient operations through severe operational disruption caused by cyber security and ICT issues.
The DORA risk management framework builds on previous industry-specific guidelines and introduces a single consistent supervisory approach. It aims to harmonise security and resilience practices across financial services companies operating in the EU and their ICT providers.
DORA applies to more than 22,000 financial entities and ICT service providers operating within the EU, as well as the ICT infrastructure supporting them from outside the EU. The Act introduces specific and prescriptive requirements for all financial market participants including (but not limited to) banks, investment companies, insurance undertakings and intermediaries, crypto asset providers, data reporting providers and Cloud service providers.
DORA defines requirements around consistent ICT risk management, comprehensive resilience testing capabilities (including threat-led penetration testing) and third-party risk management, ensuring a consistent provision of services across the entire value chain.
The five key topics at the centre of DORA are:
- ICT risk management;
- Reporting on ICT-related incidents;
- Digital operational resilience testing;
- Management of third-party risk; and
- Information and intelligence sharing.
The Act is unique in introducing an EU-wide oversight framework on critical ICT third-party providers, as designated by the European supervisory authorities.
DORA entered into force on 16 January 2023. With a two-year implementation period, financial entities will be expected to be compliant with the Act by 17 January 2025. Audits and inspections could happen before the compliance deadline and may be conducted by the same auditors that judge compliance with other regulatory standards.
For a summary of all the roles in small and large organisations that will be impacted by DORA, and who could benefit from specific types of training or support, talk to a training expert: we will send you a free infographic and guide.