Skip to main content
Image coming soon

DORA Operational Resilience for Banking IT Security

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

DORA Operational Resilience for Banking IT Security

Build the incident classification matrix, TLPT scope, and third-party risk register your ECB supervisor will actually accept.

When an ICT incident hits the overnight triage queue, the DORA major-incident decision has to happen in two hours. Most banking security teams have an incident response playbook. Very few have the classification artefact that tells the SOC analyst whether to file with ECB or stand down.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

DORA's ICT risk management requirements are not new rules layered on top of existing security controls. They are a new evidentiary standard. The ECB examiner does not want to know that a vulnerability management process exists; they want to see the documented framework, the classification matrix, the TLPT scope document, and the third-party risk register, each meeting a specific RTS format. Banking IT security teams that built strong technical controls are now discovering those controls need to be repackaged into regulatory artefacts the security team has never had to produce before. The gap is not capability. It is documentation and process design.

What you walk away with

  • A completed DORA major-incident classification matrix with the five-threshold decision tree your SOC team can run in live triage.
  • A documented escalation chain and notification template for ECB, CSSF, and national competent authorities covering the four-hour and 72-hour reporting windows.
  • A third-party ICT risk register with tiering criteria and the contractual clause checklist DORA mandates for critical ICT providers.
  • A TLPT scoping brief aligned to the TIBER-EU framework, including the target threat intelligence report format and test plan structure.
  • An ICT risk management framework document covering the five required components with the evidence artefacts each demands.
  • An internal audit readiness pack with the control self-assessment format and gap analysis structure regulators prefer.

The 12 modules

Module 1. DORA Scope and Applicability: Drawing the ICT Boundary
Establish which ICT systems, assets, and third-party providers fall within your DORA scope. Covers the financial entity classification, the proportionality principle, and how to produce the scope boundary document your internal audit team and regulator use as the starting point for any ICT risk review. The module produces a scope inventory template and a classification decision worksheet ready for senior management review.
Module 2. The ICT Risk Management Framework Document
Build the mandatory ICT risk management framework document DORA requires financial entities to maintain. Covers the five required components, from risk identification through recovery, and the specific evidence artefact each component demands. Produces a draft framework document ready for senior management sign-off and regulatory submission, with section-by-section annotations explaining what examiners look for during a supervisory review.
Module 3. DORA Major-Incident Classification: The Five-Threshold Matrix
Build the classification matrix covering all five simultaneous DORA major-incident thresholds: user impact, duration, geographic spread, reputational exposure, and data criticality. Each threshold receives a quantified trigger and a borderline assessment guide. The module produces a triage decision tree and a completed classification template the overnight SOC team can run in the first two hours of any significant incident.
Module 4. Regulatory Notification: ECB, CSSF, and NCA Reporting Chains
Map the full DORA notification chain: who receives which report, at what interval (initial within four hours, intermediate within 72 hours, final within one month), and what each report must contain under the RTS on major incident reporting. Produces the escalation contact matrix, the notification template for each report type, and the internal authorisation workflow that must exist before any regulatory filing goes out.
Module 5. Third-Party ICT Risk Register and Ongoing Due Diligence
Build the ICT third-party risk register DORA requires, including the tiering methodology for critical versus non-critical ICT providers, the due diligence checklist for new and existing providers, and the contractual clause requirements DORA mandates for critical providers. Produces a live register template and a periodic review schedule that satisfies the ongoing monitoring obligation regulators will test during supervision.
Module 6. TLPT Scoping: Threat-Led Penetration Testing Under DORA
Understand the TIBER-EU framework requirements for significant financial entities, how to scope the threat intelligence phase, and how to produce the target threat intelligence report and the team-specific test plan. Covers who can act as the external threat intelligence provider, how TLPT relates to existing red team programmes, and what evidence the regulator expects after a completed TLPT cycle is closed.
Module 7. ICT Asset Inventory and Critical Function Dependency Mapping
Create the ICT asset register with the dependency mapping DORA requires, showing which assets support critical or important functions, how they connect to third-party providers, and where single points of failure sit in the chain. This asset map underpins both the risk management framework and the TLPT scoping exercise, and is the first document an ECB examiner typically requests at the start of an ICT risk review.
Module 8. Vulnerability Management and Patch Governance: DORA Evidence Standards
Structure a vulnerability management process that meets DORA's requirements for timely detection and remediation, including patch prioritisation by criticality score, the maximum acceptable remediation windows implied by the RTS, and the evidence trail regulators expect during an ICT risk review. Produces the vulnerability register format and the patch governance policy document with defined accountability lines and escalation triggers.
Module 9. SOC Alignment: Detection Controls and DORA Logging Requirements
Align SIEM, EDR, and threat intelligence feeds to DORA's detection requirements. Covers the logging retention periods the EBA ICT risk management guidelines imply, which anomaly detection capabilities are referenced in the RTS, and how to document monitoring controls within the ICT risk management framework. Produces the detection control register and a logging policy with regulatory rationale for each retention decision.
Module 10. ICT Continuity Testing: Scenarios, RTOs, and Evidence Packs
Build the ICT business continuity testing programme DORA requires, including scenario design for the ICT disruption cases regulators expect to see tested, recovery time objective documentation for critical functions, and the evidence pack an ECB examiner will request after a continuity exercise. Covers test scheduling, participant roles, and the post-exercise report format that satisfies the annual testing obligation under DORA.
Module 11. Internal Audit Readiness for the DORA ICT Risk Review
Prepare the evidence pack for an internal ICT risk audit against DORA: the control self-assessment format, the gap analysis structure regulators prefer, and how to present remediation plans with timelines that satisfy both internal audit and the ECB supervisory dialogue. Covers which controls are tested first, what sampling internal auditors typically apply to security controls, and how to handle findings that remain open.
Module 12. The Annual DORA ICT Risk Report: Format and Content Requirements
Structure the annual ICT risk report required by DORA, covering required content including risk profile, major incident summary, TLPT outcomes, and third-party concentration risk assessment. Explains how to align the report with the SREP dialogue and the operational resilience statement senior management will sign. Produces a report outline with section-by-section guidance and the data inputs each section draws from existing security operations.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Overnight triage of an ICT incident where the analyst must decide whether to file a major-incident report within four hours of detection.
An internal audit pre-notification that the ICT risk management framework will be reviewed against the DORA RTS requirements next quarter.
A third-party provider requesting a revised SLA that conflicts with the contractual requirements DORA mandates for critical ICT providers.
A TLPT cycle being initiated for the first time and the security team needing to produce a scope brief and threat intelligence mandate.

What you get with this course

  • 12 text-based modules covering every major DORA ICT risk management artefact, from the scope boundary document to the annual compliance report.
  • Downloadable templates for each module: classification matrix, notification chain, third-party risk register, TLPT scope brief, asset inventory, and audit readiness pack.
  • A hand-built implementation playbook tailored to your role and the specific artefacts your team is responsible for producing.
  • Self-paced access in the Art of Service learning environment, provisioned within 24 hours of purchase.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

The incident classification decision runs through whoever is on call and a shared document nobody has tested under pressure. The notification chain lives in Outlook and depends on the right person being reachable in the first two hours. Third-party ICT risk is tracked in a spreadsheet that has not been reviewed since the last vendor contract renewal.

After

A tested classification matrix with a decision tree the SOC runs from the first alert. A documented notification chain with the authorisation workflow and regulatory contacts pre-populated. A live third-party risk register with tiering and the DORA contractual clause checklist built in, ready for the next supervisory review.

What happens if you do not address this

The ECB supervisory review of DORA compliance is ongoing across EU financial entities. Institutions that cannot produce the required documentation when asked face mandatory remediation timelines, potential supervisory measures, and the reputational cost of a public enforcement action. The classification matrix and notification artefacts are not optional documentation. They are the primary evidence regulators use to assess whether an entity is operationally resilient.

Who it is for

IT security analysts and senior security engineers at regulated financial entities, typically three to eight years into a banking security career, responsible for incident response, threat intelligence, vulnerability management, or SOC operations. They understand the technical landscape but have not previously had to translate that technical work into DORA-compliant regulatory documentation. They are being asked to produce artefacts they were not trained to build.

Who this is NOT for. Security architects designing greenfield infrastructure with no regulatory reporting obligations. CISOs at entities with dedicated compliance teams handling all DORA documentation. Consultants who are already delivering DORA readiness engagements to financial clients.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Estimated four to six hours across the 12 modules, structured so each module produces a usable artefact by the end. No prerequisite beyond a working familiarity with ICT security operations in a regulated financial environment.

Why $199 is the right number

Generic DORA compliance training covers the regulation at the policy level. This course is for the practitioner who needs to produce the artefacts, not understand the law. The EBA published RTS are the source material; the course translates them into templates and workflows the security team can use without waiting for a consultant engagement.

FAQ

Does this cover the EBA RTS on ICT risk management or just the DORA Level 1 text?
Both. The modules work through the Level 1 obligations and the specific artefact requirements in the EBA Regulatory Technical Standards on ICT risk management, incident classification, and third-party risk. Where the two diverge in scope or format requirements, the module explains why.
Is this relevant if our team focuses on SOC operations rather than compliance documentation?
Yes. DORA makes the security operations team responsible for artefacts at the intersection of detection controls and regulatory compliance, including the incident classification decision, the SIEM logging policy, and the vulnerability governance evidence trail. This course covers exactly those artefacts.
Can the templates be adapted if our entity operates across multiple EU jurisdictions with different national competent authorities?
Yes. The notification chain module covers the multi-NCA scenario, including how to sequence notifications when an incident crosses jurisdictions and which authority takes the lead. The templates include fields for each NCA contact and their specific reporting format preferences.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.