Purpose of the Training
The purpose of this training is to equip executive leadership – including CEOs and board members – with a clear and actionable understanding of the Digital Operational Resilience Act (DORA). As the regulation applies to all financial sector entities in the EU, it introduces new legal obligations in the areas of ICT risk management, incident reporting, third-party oversight, and business continuity. Executives must be prepared to lead the organization in aligning with DORA and embedding digital resilience at a strategic level.
Introduction
The financial sector is increasingly reliant on digital systems and third-party technology providers. With this reliance comes vulnerability to cyber threats, ICT disruptions, and operational failures. DORA (Regulation (EU) 2022/2554) was adopted to harmonize how financial entities in the EU manage digital risks and ensure they remain operationally resilient under stress.
This training is structured into two key parts:
- Part I provides the context, explains the regulation’s foundations, and defines executive responsibilities.
- Part II focuses on the practical application of DORA requirements, including incident response, supplier risk management, and real-world scenarios.
By the end of this session, leadership will understand what actions are expected from them, how to embed DORA principles into governance, and where to begin in their compliance journey.
Final View and Key Takeaways
DORA is not just a compliance obligation – it’s a shift in how financial organizations must approach resilience, accountability, and oversight in the digital age. Executive leadership plays a critical role in ensuring the company is not only compliant, but also prepared to respond, recover, and continue delivering services under digital strain.
Key takeaways:
- DORA assigns clear governance responsibilities to senior leadership.
- Executives must oversee risk frameworks, continuity strategies, and third-party relationships.
- Early preparation is key – risk awareness, internal alignment, and resource planning should begin now.
Leadership engagement is not optional. DORA requires it, and the stability of your organization depends on it.
Curriculum
- 8 Sections
- 0 Lessons
- 2 Hours
- DORA Basics: Context and Purpose• What led to the creation of DORA (rise in cyber threats, international regulations). • Who the regulation applies to – all financial entities operating within the EU. • How DORA relates to NIS2 and other EU laws.0
- Executive Responsibilities under DORAWhat CEOs and the board must know: • Approving the IT risk management strategy. • Ensuring organization-wide implementation of DORA requirements. Executive involvement in: • Oversight of ICT service providers. • Supervision of business continuity and incident response plans.0
- Fundamentals of Risk ManagementHow an effective ICT risk management system should look: • Identification of risks. • Assessment and implementation of controls. • Defining risk tolerance and managing residual risk.0
- Incident Management System• How to detect and classify incidents (criteria and thresholds). • When to report to supervisory authorities. • What management should know about incident reporting and regulatory communication.0
- Third-Party (Supplier) Risk Management• What constitutes “critical or important functions.” • Requirements for contract content and internal policy. • How the ICT service register works – what information must be included. • Managing subcontractors and exit strategies.0
- Business Continuity and Resilience Planning• Requirements for testing and documenting continuity plans. • The management’s role in test planning and review. • Recovery & response planning after an incident.0
- Case Study: Incident Scenarios and Executive ResponseReal or modelled scenarios: • Cyberattack, supplier failure, data loss. • How the executive team should respond, with emphasis on communication and operational assurance.0
- Questions, Discussion & Recommendations• Where to start when preparing for compliance. • What resources are needed and what challenges might arise.0
Reikalavimai
- Pradinės žinios apie technologijas, saugumą, rizikas, trečių šalių valdymą
Tikslinė auditorija
- Vadovai, valdyba, vadovybė
