Skip to main content
Image coming soon

DORA ICT Risk Management for Bank Security Analysts

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

DORA ICT Risk Management for Bank Security Analysts

Build the audit-ready ICT risk artefacts your supervisory examiner expects, not just the controls that satisfied your certification body.

Your ISO 27001 evidence library is well-organised and thoroughly documented. It does not contain what DORA requires. The ICT asset register with resilience classification, the risk appetite documentation with ICT-specific tolerance thresholds, the four-pillar ICT risk management framework narrative, the incident classification decision tree aligned to DORA's tiered reporting timeline: none of these are artefacts your certification process ever asked you to produce. The supervisory examiner will ask for all of them.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

DORA's ICT risk management requirements are not a repackaging of ISO 27001. The regulation has its own evidence structure, its own artefact categories, and its own supervisory review format. An analyst who has spent years building certification-grade documentation finds that the DORA gap is not in the controls themselves but in the translation layer between what exists and what the ACPR or ECB examiner expects to find in a structured evidence binder. That translation layer does not write itself, and generic DORA training programs describe what is required without teaching an analyst how to build the specific documents. The ICT asset register needs resilience classification that a standard CMDB export does not provide. The risk appetite documentation needs ICT-specific tolerance thresholds that your CRO's broad risk appetite framework does not include. The incident classification workflow needs to align to DORA's three-tier reporting timeline in a format your SOC can use in real time. Each of these is a buildable artefact. This course teaches how to build each one.

What you walk away with

  • Map your existing ISO 27001 or NIST CSF controls to DORA's four-pillar ICT risk management framework with article-level evidence citations.
  • Build an ICT asset register with DORA-compliant resilience classification from your existing CMDB or asset tracking data.
  • Draft ICT-specific risk appetite documentation with tolerance thresholds that satisfy DORA's Article 6 requirements alongside your institution's broader risk governance.
  • Construct an incident classification workflow aligned to DORA's tiered reporting timelines for use by your SOC in real time.
  • Assemble a complete DORA evidence pack structured for supervisory review by the ACPR or ECB.

The 12 modules

Module 1. The DORA Four-Pillar ICT Risk Management Structure
Map DORA's ICT risk management requirements across its four operational pillars: governance and strategy, ICT risk identification and protection, detection and response, and recovery and learning. Understand which articles assign obligations to the information security function specifically versus the management body versus third-party arrangements. Learn how supervisory examiners at the ACPR structure their opening review session and which evidence categories they prioritise in the first two hours of an on-site inspection.
Module 2. Building the DORA-Compliant ICT Asset Register
Construct the ICT asset register from your existing CMDB, network documentation, and asset tracking data using DORA's Article 8 classification criteria: critical, important, and standard ICT assets. Learn how to document interdependencies between assets in a format that demonstrates resilience assessment rather than simple inventory. Understand what an examiner's first question about your asset register will be and how to structure the register so that question has a documented answer.
Module 3. ICT Risk Appetite Documentation with Tolerance Thresholds
Translate your institution's broad risk appetite framework into ICT-specific tolerance thresholds that satisfy DORA's Article 6 requirements. Learn the structural difference between what your CRO's risk appetite statement covers and what DORA requires the security function to document as a separate ICT risk appetite annex. Draft the ICT tolerance thresholds for availability, integrity, confidentiality, and service continuity in a format your management body can approve and your examiner can cite.
Module 4. Mapping Existing Controls to DORA Articles
Take your current ISO 27001 control library or NIST CSF implementation and produce a DORA-cited evidence map showing which controls address which articles, which need supplementary documentation to satisfy DORA's specific requirements, and which represent genuine gaps requiring new artefacts. Includes a control-to-article mapping template and a worked example showing common translation patterns between ISO 27001 Annex A controls and DORA's protection requirements under Articles 9 through 13.
Module 5. Incident Classification and the DORA Tiered Reporting Regime
Master DORA's mandatory incident classification criteria distinguishing major incidents from significant cyber threats and standard operational disruptions. Build the classification decision tree your SOC can apply in real time using the criteria in the regulatory technical standards. Understand the reporting timelines for each tier, initial notification, intermediate report, and final report, along with what evidence the examiner will request following a reported incident in a subsequent supervisory visit.
Module 6. Third-Party ICT Risk and Concentration Assessment
Document your institution's dependency on critical ICT third-party providers under DORA's Chapter V requirements. Learn how to produce the concentration risk assessment for cloud infrastructure providers, core banking platform vendors, and data processing partners. Understand what the Register of Information requires in terms of contractual clauses, exit strategies, and risk scoring, and which fields an ACPR examiner reads first when reviewing third-party ICT risk documentation.
Module 7. Change Management Evidence Under DORA's ICT Requirements
Structure your change management logs and impact assessments to satisfy DORA's Article 9 requirements for documented ICT change processes. Learn what an ICT change impact assessment means in a DORA supervisory context versus a standard ITSM change ticket. Build the change evidence trail that shows your institution's ICT risk management process captures material changes consistently, with documented security function review at each material change classification threshold.
Module 8. ICT Business Continuity and Recovery Documentation
Translate your existing business continuity planning documentation into DORA's ICT business continuity framework. Learn the DORA-specific requirements for Recovery Time Objectives and Recovery Point Objectives at the ICT service level rather than the business process level, how to document crisis communication escalation paths in supervisory-accepted format, and how to test documentation completeness using a core banking platform outage scenario before a supervisory visit.
Module 9. TLPT Readiness for Significant Institutions
Determine whether your institution falls under DORA's threat-led penetration testing requirements and what the TIBER-EU process requires from your security function if it does. Learn what a TLPT readiness assessment looks like, what documentation the external test team requires before beginning the controlled red team engagement, and how your analyst role changes when DORA-mandated testing is underway versus a standard penetration testing programme run by your internal security team.
Module 10. Assembling the DORA Evidence Binder
Assemble the outputs of the preceding modules into a structured evidence binder organised around DORA's supervisory review framework. Learn how examiners navigate a well-structured evidence pack versus a document collection, which sections they review in the first session, and how to write the covering narrative that maps your institution's implementation to specific articles and regulatory technical standards. Includes a binder template with the section order used in common ACPR review formats.
Module 11. Common Gaps and Remediation Prioritisation
Review the most common ICT risk management gaps identified in DORA supervisory review cycles: incomplete asset classification, missing ICT-specific risk appetite documentation, incident classification workflows that do not align to DORA's tiered timeline, and third-party ICT registers with missing contractual clause documentation. Learn how to prioritise remediation by supervisory materiality rather than internal severity scoring, and how to present a gap remediation plan that gives your CISO clear readiness visibility.
Module 12. Sustaining DORA Compliance Through the Annual Review Cycle
Build the operational cadence for DORA's ongoing ICT risk management requirements. Understand what triggers an ad-hoc ICT risk assessment versus the scheduled annual review, how to maintain your evidence artefacts as your institution's ICT landscape changes through platform migrations and new third-party arrangements, and how to structure the annual ICT risk assessment report for management body approval in a format that also satisfies supervisory documentation requirements.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Your DORA gap assessment shows gaps but does not tell you how to build the specific artefacts that close them. Modules 3, 4, and 5 address this directly.
Your ICT asset register is a CMDB export rather than a DORA-compliant resilience-classified register with documented interdependencies. Module 2 builds the translation.
An ACPR or ECB supervisory visit is scheduled and your evidence exists in separate documents rather than a structured binder. Modules 10 and 11 address assembly and gap prioritisation.
Your third-party vendor contracts are managed by procurement but DORA requires security-function documentation of ICT concentration risk and contractual clause validation. Module 6 covers this.

What you get with this course

  • Twelve written modules covering DORA's ICT risk management framework from four-pillar structure through supervisor-ready evidence pack
  • Downloadable templates for ICT asset register, risk appetite annex, change management evidence log, incident classification decision tree, and Register of Information
  • Hand-built implementation playbook tailored to an information security analyst role, covering the translation layer between existing certification-grade documentation and DORA evidence requirements
  • Access to the Art of Service learning environment from enrolment

What you will have in hand by Day 1, Week 1, Month 1

Course access provisioned within 24 hours of purchase

Hand-built implementation playbook delivered alongside course access

Before and after

Before

Your security control documentation is organised around ISO 27001 or NIST frameworks. When asked for DORA evidence, you produce the closest equivalent and annotate it with DORA article references. The DORA-specific artefacts, including the ICT asset register with resilience classification, the ICT-specific risk appetite documentation, and the structured evidence binder, do not yet exist as standalone documents.

After

You have a complete, supervisor-ready DORA ICT risk management evidence pack: ICT asset register with resilience classification, risk appetite documentation with ICT-specific thresholds, incident classification workflow aligned to the tiered reporting regime, third-party concentration risk documentation, and a structured evidence binder ready for the opening session of a supervisory review.

What happens if you do not address this

Each supervisory cycle where your bank's DORA evidence consists of adapted ISO documents rather than purpose-built DORA artefacts is a cycle where the examiner finds structural gaps, issues remediation commitments, and tracks follow-up. The analyst who owns the evidence pack owns the remediation list and the next review preparation.

Who it is for

Information Security Analyst at a financial institution subject to DORA. Responsible for translating regulatory requirements into operational security controls and evidence artefacts. Has built certification-grade documentation for ISO 27001, NIST CSF, or similar frameworks and now faces a DORA readiness programme where the existing evidence library does not map cleanly to supervisory expectations. Will be the person who builds, owns, and maintains the DORA ICT risk management evidence pack.

Who this is NOT for. Security architects whose work stays at the technical implementation layer without regulatory evidence responsibility. Compliance managers who review evidence rather than build it. Teams whose DORA implementation is fully outsourced with no internal evidence-building requirement.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Each module is designed for one focused session of 45 to 60 minutes. The full course runs across twelve modules.

Why $199 is the right number

Generic DORA training programs provide regulatory overview and article summaries. This course provides analyst-level implementation detail: how to build each required artefact, what field structure each document needs, what the examiner checks first, and how to translate your existing ISO 27001 or NIST evidence into DORA-compliant format.

FAQ

We already hold ISO 27001 certification. Does that mean our ICT risk management is DORA compliant?
Not automatically. ISO 27001 and DORA share concepts but require different evidence structures. DORA's ICT risk management framework requires specific artefacts, including an ICT asset register with resilience classification, risk appetite documentation with ICT-specific thresholds, and a tiered incident reporting workflow, that your ISO certification process did not ask you to produce. This course teaches the translation.
Our DORA readiness programme is led by an external advisory firm. Is this course still relevant?
Yes. External advisors produce the gap assessment and the remediation roadmap. Building, owning, and maintaining the actual evidence artefacts falls to your internal security team. This course gives you the analyst-level skill to produce those artefacts and sustain them through the annual review cycle independently.
How does this course address the regulatory technical standards, not just the main regulation text?
The module content is structured around obligations as implemented through the regulatory technical standards adopted by the ESAs, not just the high-level regulation text. The incident classification criteria, the ICT asset classification thresholds, and the Register of Information field requirements all reflect the technical standards in force.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!