Digital Operational Resilience Act (DORA) - Course - ZISHI
+44 (0) 204 551 8568 info@thezishi.com

Digital Operational Resilience Act (DORA)

Understand DORA requirements, ICT risk management and operational resilience across EU and UK frameworks

Delivery:

Various

Course code:

R105DPR

Digital Operational Resilience Act (DORA)

For group bookings, to discuss tailored delivery or for any questions about this course, please get in touch:

+44 (0) 204 551 8568
info@thezishi.com
Register for course updates

Tailored for you

All courses can be delivered ONSITE, ONLINE or BLENDED to suit your distinct requirements.

Whether one-to-one or group deliveries, entry level or boardroom executives, our consultants are here to develop a programme to meet your specific business needs.

Simply contact us to discuss your requirements.

Contact Us

Courses you may also be interested in:

Course Overview

 

The Digital Operational Resilience Act (DORA) is reshaping how financial institutions manage Information and Communication Technology (ICT) risk, cyber resilience and operational continuity. This course provides a practical understanding of DORA requirements, alongside UK and EU operational resilience frameworks and explores how internal audit and risk functions can assess, test and strengthen resilience capabilities.

 

Learning Objectives

 

Upon successful completion of this course, participants will be able to:

  • Understand the scope and objectives of DORA and the UK’s Operational Resilience regimes and how these reshape regulatory expectations across Europe.
  • Recognise the growing emphasis on Board and senior management accountability, including links to SMCR and Fitness & Propriety standards.
  • Compare EU and UK approaches and understand implications for cross border governance, including clear allocation of responsibilities between parent entities, branches and subsidiaries.
  • Assess control frameworks for ICT risk, third-party management, incident response and scenario testing under new regulatory expectations.
  • Consider effective audit strategies to test operational resilience readiness, assurance coverage and management oversight.
  • Identify how firms must strengthen training programmes, ensuring staff at all levels are equipped to meet resilience and ICT risk obligations.
  • Highlight practical challenges, good practices and opportunities for audit to drive continuous improvement in resilience maturity.

Course Modules

 

  • Introduction / Regulatory Landscape

– Overview of converging cyber/operational resilience regimes

– Mapping to existing frameworks: CAF, ISO 27001, operational resilience guidelines and supervisory expectations for governance and management bodies

– Internal audit coverage

 

  • DORA – Key Risks, Audit Focus & Tests

– ICT risk management framework – oversight/ governance

– ICT incident reporting

– Resilience testing for critical functions

– ICT third party risk

 

  • UK Cyber Security & Resilience (NIS) Bill

Key themes for Internal Audit:

– Scope: UK operators of essential and important services

– Core duties: proportionate risk management and security controls

– Enforcement and governance

 

  • NIS2 – EU Cyber & Resilience Expectations

– Scope: “essential” and “important” entities by sector and size; extraterritorial reach to non EU entities

– Cybersecurity risk management measures including supply chain aspects

– Management body duties and liability: approval and oversight of cybersecurity measures, mandatory training for leadership, and potential personal liability for failures

– Audit Tests and scope of controls

 

  • Common Themes, Action Points & Wrap up

– Recap of themes and how internal audit can add value

– Breakout session and discussion on audit plans

– Action Points

FAQs

What is the Digital Operational Resilience Act (DORA)?

DORA is an EU regulation designed to strengthen the digital operational resilience of financial institutions by setting requirements for ICT risk management, incident reporting, testing and third-party oversight.

Who needs DORA training?

DORA training is relevant for internal auditors, risk and compliance professionals, IT risk specialists and senior managers responsible for operational resilience in financial services.

What are the key areas covered by DORA?

DORA focuses on ICT risk management, incident reporting, resilience testing, third-party risk and governance responsibilities for senior management.

How does DORA differ from UK operational resilience regulations?

DORA introduces a harmonised EU framework, while the UK has its own operational resilience and cyber regulations. Firms operating across both jurisdictions must align with both regimes.

What will I learn on this course?

You will learn how to assess ICT risk frameworks, understand regulatory expectations, design audit approaches and strengthen operational resilience in line with DORA and UK requirements.

For group bookings, to discuss tailored delivery or for any questions about this course, please get in touch:

+44 (0) 204 551 8568
info@thezishi.com
Register for course updates

Tailored for you

All courses can be delivered ONSITE, ONLINE or BLENDED to suit your distinct requirements.

Whether one-to-one or group deliveries, entry level or boardroom executives, our consultants are here to develop a programme to meet your specific business needs.

Simply contact us to discuss your requirements.

Contact Us

Courses you may also be interested in:

The course is currently unavailable

We will notify you when it is available again. Just leave your email address:

Request info

Interested in this topic?

Sign up now and stay informed about upcoming dates and similar programmes.

You need to login first to add to Favourites

My Account