Skip to main content
Image coming soon

The DORA ICT Risk Manager Playbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The DORA ICT Risk Manager Playbook

Twelve modules on building the ICT risk register, TLPT scope, and third-party oversight your supervisor will actually accept.

The TLPT pre-engagement scope document should take two weeks to finalise. Six months in, the White Team is still debating which critical functions belong inside the boundary and which are out. The root problem is not coordination failure. The ICT risk register does not have the asset-to-critical-function resolution the TIBER-EU scope template requires, so every scope meeting reopens the register debate.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

For IT and Security Risk Managers at European banks, DORA arrived with six interconnected pillars and no clear implementation sequence. Most institutions started with governance and policy updates because that is where legal has the most to say. The ICT risk register stayed in its pre-DORA form: a spreadsheet maintained by IT operations that satisfies internal audit but would not survive a supervisory examination.

The problem compounds downstream. The third-party risk register cannot be built properly until the ICT asset taxonomy is settled. The incident classification criteria depend on knowing which services are critical. The TLPT scope relies on the same critical function definition. Everything traces back to the register, and the register keeps getting deferred.

This course cuts through from the opposite direction: starting from the supervisory examination evidence pack and building backward to the register design that produces it. Twelve modules, each one producing a document you can table at the next risk committee meeting.

What you walk away with

  • Build an ICT risk register at the asset-to-critical-function resolution level an NBB or ECB examiner expects, not just an internal audit review.
  • Implement the incident classification decision tree so your SOC can classify major incidents within the four-hour reporting window without escalating every borderline case.
  • Prepare and submit a TLPT Scope Document as White Team coordinator that the competent authority accepts without sending back for revision.
  • Build the Register of Information for ICT third-party providers with the mandatory contractual clause documentation and criticality-tier assessments DORA requires.
  • Produce the quarterly ICT Risk Dashboard and annual ICT Resilience Review in the formats your Board Risk Committee and supervisor expect.

The 12 modules

Module 1. The DORA ICT Risk Framework
DORA specifies six ICT risk management pillars: governance and organisation, risk identification and classification, protection and prevention, detection, response and recovery, and communication. This module maps each pillar to the artefacts your supervisor will examine, builds the gap register that shows your current coverage against each requirement, and defines the ownership matrix so each pillar has an accountable owner before the next examination cycle opens.
Module 2. Building the ICT Risk Register
The ICT risk register that satisfies internal audit and the one that earns a favourable supervisory score are different documents. This module builds the taxonomy: asset categories that map to business services, business services that map to critical functions, dependency chain documentation, and the quarterly update discipline that keeps the register supervisor-ready between examination cycles rather than being rebuilt from scratch before each review.
Module 3. Third-Party ICT Risk: The Register of Information
DORA requires a Register of Information covering every ICT third-party provider, with enhanced documentation for critical providers. This module builds the RoI schema, works through the twenty mandatory contractual provisions you must verify against existing contracts, and defines the criticality tier assessment process for determining which providers require full due diligence versus a lighter-touch monitoring programme. Includes the RoI template for submission on supervisory request.
Module 4. Major Incident Classification and Reporting
The four-hour initial report window for a major ICT incident is tight. The classification decision that starts the clock is where most risk managers lose time. This module builds the incident classification decision tree covering the five DORA materiality criteria: affected clients, duration, data impacted, reputational exposure, and criticality of services affected. Your SOC runs this tree in the first two hours without escalating every borderline case.
Module 5. The Annual Operational Resilience Testing Programme
DORA requires annual digital operational resilience testing covering vulnerability assessments, scenario-based tests, and for significant institutions, threat-led penetration testing. This module builds the annual testing programme: which test types satisfy which regulatory requirements, how to scope each category, how to document the programme in a format the board risk committee can approve as a single agenda item, and how to allocate budget across test types.
Module 6. TLPT Scoping and the Pre-Engagement Scope Document
The TIBER-EU Scope Document must be approved by the competent authority before threat intelligence work begins. Common reasons it comes back for revision: critical function boundaries are too narrow, threat actor profiling is generic rather than institution-specific, or engagement boundaries exclude systems the supervisor considers critical. This module builds the Scope Document element by element from the White Team perspective, covering each section supervisors most frequently push back on.
Module 7. Targeted Threat Intelligence for TLPT
The Targeted Threat Intelligence report documents the specific threat actors relevant to your institution, their tactics and techniques, and the attack scenarios the red team will execute. This module covers the TTI structure, how to evaluate a TIBER-approved threat intelligence provider's draft before approving it for operational use, and how to maintain separation between the TTI content and the blue team's awareness during the active exercise period.
Module 8. Red Team Coordination: Your White Team Role
During the active red team phase, the White Team coordinates without alerting the blue team. Your responsibilities include approving scenario pivots as the red team encounters unexpected access points, receiving interim reports, managing personnel exclusion lists, and liaising with the competent authority. This module walks through each White Team responsibility in sequence, with focus on the escalation decisions the White Team lead must make under time pressure during the exercise window.
Module 9. ICT Business Continuity and DORA Resilience Plans
A business continuity plan and a DORA digital operational resilience plan address different questions. The BCP covers how business operations continue during disruption. The resilience plan specifies how ICT systems recover within the recovery time and recovery point objectives your board has approved. This module reconciles your existing BCM framework with DORA resilience plan requirements, identifies where current BCPs satisfy DORA and where new resilience plan content must be added.
Module 10. Board-Level ICT Risk Governance and Reporting
DORA places direct accountability on the management body for ICT risk strategy approval and oversight. Your board needs a quarterly ICT Risk Dashboard and an annual ICT Resilience Review in formats they can act on. This module builds both: the one-page quarterly dashboard with three RAG indicators and one narrative paragraph, and the five-page annual review covering testing results, third-party risk status, and the next year's testing programme.
Module 11. Supervisory Examination Preparation
The SREP ICT risk assessment scores your institution across each DORA pillar on a one-to-four scale. Moving from a three to a two requires specific documentation improvements, not just policy updates. This module covers the evidence package that earns favourable scores across each pillar, the most common ICT risk findings the EBA has documented across European institutions, and a pre-examination self-assessment worksheet you complete before the examination cycle opens.
Module 12. Continuous Monitoring: Keeping the Framework Current
The ICT risk register and third-party risk register decay between supervisory cycles unless maintenance is built into existing operating rhythms. This module designs the monitoring programme: monthly architecture change notifications, quarterly third-party risk refresh cycles, annual ICT risk reassessment, and event-triggered updates for material changes such as onboarding a new critical provider or closing a major incident. Defines who owns each update and the maximum acceptable update lag.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

You are preparing the ICT risk register for the next supervisory cycle and the resolution level is being challenged by your examiner.
The TLPT pre-engagement is stalled because the Scope Document keeps coming back from the competent authority for revision.
Your third-party provider Register of Information is missing mandatory contractual clause documentation and an RFI from the supervisor has arrived.
The Board Risk Committee has asked for a quarterly ICT risk dashboard and you are not certain what format and depth they need to satisfy their DORA governance obligations.

What you get with this course

  • 12 written modules covering the full DORA ICT risk implementation lifecycle
  • ICT risk register template with asset taxonomy, dependency mapping schema, and supervisory evidence pack
  • Register of Information template for DORA third-party risk with mandatory contractual clause checklist
  • Major incident classification decision tree covering the four-hour, 72-hour, and one-month reporting chain
  • TLPT Scope Document template aligned with the TIBER-EU methodology
  • Quarterly ICT Risk Dashboard and Annual ICT Resilience Review templates
  • Hand-built implementation playbook tailored to your institution's risk profile and supervisory context

What you will have in hand by Day 1, Week 1, Month 1

Enrol and access all 12 written modules immediately.

Download the ICT risk register template, third-party RoI schema, incident classification decision tree, and TLPT Scope Document template on day one.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Before and after

Before

Your ICT risk register satisfies internal audit. Your TLPT pre-engagement keeps stalling. Your third-party Register of Information has gaps your CRO does not know about yet.

After

Your ICT risk register satisfies supervisory examination. Your TLPT has a signed scope. Your board sees a one-page quarterly dashboard that accurately reflects your ICT risk posture.

What happens if you do not address this

Each supervisory cycle that passes with the TLPT deferred and the ICT risk register at pre-DORA resolution is a finding waiting to be written. NBB and ECB examiners compare practices across supervised institutions. A materially lower SREP ICT risk score triggers more frequent supervisory engagement, which consumes management time that is not in the current budget.

Who it is for

You are an IT or Security Risk Manager at a European bank or financial institution supervised under DORA. You own the ICT risk framework: the register, the testing programme, third-party risk oversight, and the incident reporting chain. You report to the CRO and present quarterly to the Board Risk Committee. You have worked through the DORA framework requirements and have a gap register with amber items that legal and IT architecture have not resolved.

Who this is NOT for. This course is not for consultants who need a DORA framework overview to present to clients. It is not for compliance officers who need a high-level regulatory briefing for their committee pack. It is for practitioners who own the ICT risk framework and need to produce the specific documents a supervisory examination will scrutinise.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Six to eight hours across the twelve modules. Each module is designed to produce a working document, not to summarise the regulation.

Why $199 is the right number

A DORA gap assessment from a consultancy costs from EUR 30,000. Full implementation support runs to EUR 200,000 or more. The EBA guidelines and RTS documents are public but unstructured and give no implementation sequence. This course provides the sequence, the templates, and the playbook, leaving your budget for the TLPT engagement itself.

FAQ

Does this cover the RTS requirements specifically, not just the high-level regulation?
Yes. The course works from the RTS on ICT risk management and the RTS on threat-led penetration testing. The templates and decision trees are built to satisfy the specific evidence requirements in those standards, not just the DORA top-level text.
My institution already has an ICT risk framework from before DORA. Is this still relevant?
Most institutions have frameworks that satisfied pre-DORA expectations. The course is explicitly designed for upgrading an existing framework to meet the supervisory evidence bar DORA raises. Module one builds the gap register you need before any upgrade work begins.
Does the TLPT content follow the TIBER-EU framework specifically?
Yes. The TLPT modules follow the TIBER-EU published methodology as implemented in the Belgian context. The Scope Document template and White Team coordination guidance are aligned with the TIBER-EU structure the NBB expects to receive.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!