Skip to main content
Image coming soon

CMP6436 Mastering DORA for Financial Services Compliance Managers

$199.00
Adding to cart… The item has been added

A tailored course, built for your situation

Mastering DORA for Financial Services Compliance Managers

A structured path to owning critical resilience deliverables with confidence and precision

$199 one-time
24-hour access provisioning 30-day money-back guarantee Hand-built implementation playbook
12 modules. 12 chapters per module. 144 chapters total.
12 modules, each with 12 chapters (144 chapters total), text-based, plus downloadable templates and a hand-built implementation playbook delivered alongside course access.
Regulator-facing reviews routed to your desk, do they leave complete, on time, every time?

Who this is for

Mid-level compliance or risk practitioner in EU financial services, accountable for delivering on DORA, NIS2, or operational resilience requirements, managing cross-functional coordination under tight review cycles.

Who this is not for

Executives looking for high-level overviews, consultants selling frameworks, or engineers focused solely on technical implementation without regulatory context.

What you walk away with

  • Own the full lifecycle of regulator-facing deliverables from scoping to submission
  • Reduce evidence collection and validation cycles by 50, 70%
  • Produce control mappings that survive supervisory scrutiny without rework
  • Build reusable evidence workflows that persist beyond team changes
  • Gain first-access visibility to upcoming audit scopes and evidence requirements

The 12 modules (with all 144 chapters)

Module 1. DORA Fundamentals and Scope Boundaries
Establish a clear understanding of DORA’s mandate, applicability thresholds, and role-specific obligations for financial entities operating in the EU.
12 chapters in this module
  1. Understanding DORA’s Legal Basis and EBA Oversight Role
  2. Identifying Significant Institutions Under Article 2
  3. Determining In-Scope ICT Third-Party Providers
  4. Mapping DORA to Organizational Structure
  5. Differentiating Between Critical and Important Functions
  6. Aligning DORA with Existing Internal Governance Models
  7. Key Deadlines and Reporting Timelines Across Member States
  8. Initial Steps After Designation as a Covered Entity
  9. Roles of Competent Authorities and EBA Coordination
  10. Common Misconceptions About DORA Scope
  11. How DORA Intersects with MiFID II and PSD2
  12. Practical Examples of Function Classification
Module 2. ICT Risk Assessment Under Article 5
Learn how to conduct rigorous, regulator-aligned ICT risk assessments that meet DORA’s explicit requirements.
12 chapters in this module
  1. Components of a DORA-Compliant ICT Risk Assessment
  2. Classifying Threats by Likelihood and Impact
  3. Incorporating Threat-Led Penetration Testing Inputs
  4. Documenting Risk Owners and Accountability
  5. Integrating Legacy Risk Registers with DORA Requirements
  6. Using RASP and OCTAVE as Complementary Models
  7. Risk Scenario Development for Resilience Testing
  8. Timeframes for Risk Assessment Updates
  9. Evidence Requirements for Supervisory Submission
  10. Linking Risk Findings to Control Prioritization
  11. Cross-Referencing with NIS2 Risk Management Obligations
  12. Common Gaps Identified in Peer Reviews
Module 3. Incident Classification and Reporting
Master the classification, escalation, and notification processes for ICT incidents under DORA’s Article 6.
12 chapters in this module
  1. Three-Tier Incident Classification Framework
  2. Determining Severity Levels According to EBA Template
  3. Internal Escalation Paths for Critical Incidents
  4. Notification Timelines: 24-Hour vs. 72-Hour Rules
  5. Preparing the EBA Incident Reporting Template
  6. Coordination Between IT, Legal, and Compliance Units
  7. Examples of Reportable vs. Non-Reportable Events
  8. Maintaining Audit Trail for Regulatory Follow-Up
  9. Understanding NCSC and ENISA Coordination Roles
  10. Common Errors in Initial Classification
  11. Reclassification Procedures Post-Incident
  12. Lessons from Early EBA Pilot Filings
Module 4. Digital Operational Resilience Testing
Implement threat-led penetration testing and advanced resilience drills in line with DORA Article 7.
12 chapters in this module
  1. Defining Scope for Resilience Testing Exercises
  2. Selecting External Expert Providers per Article 7(5)
  3. Integrating TLPT with Internal Red Team Activities
  4. Developing Realistic Attack Scenarios
  5. Measuring Systemic Impact Across Business Lines
  6. Test Frequency Requirements for Critical Functions
  7. Reporting Findings to Senior Management and Board
  8. Linking Test Outcomes to Control Enhancements
  9. Documentation Standards for Supervisory Review
  10. Coordinating with National Competent Authorities
  11. Balancing Realism with Operational Disruption
  12. Case Study: Cloud Provider Outage Simulation
Module 5. Third-Party Risk Under Article 8
Strengthen oversight of ICT third-party providers through structured due diligence, monitoring, and exit planning.
12 chapters in this module
  1. Identifying Critical Third-Party Dependencies
  2. Implementing Minimum Security Requirements
  3. Assessing Subcontracting Chains and Visibility
  4. Onboarding New Vendors Against DORA Criteria
  5. Conducting Regular Performance and Risk Reviews
  6. Right-to-Audit Clauses and Practical Enforcement
  7. Developing Exit and Contingency Plans
  8. Managing Concentration Risk Across Providers
  9. Using ISAE 3000 Reports for Assurance
  10. Aligning with CNAPP and CSPM Tools
  11. Vendor Risk Scoring Models in Practice
  12. Coordination with Procurement and Legal Teams
Module 6. Information Sharing Frameworks
Navigate safe, anonymized information sharing between financial entities as permitted under DORA Article 9.
12 chapters in this module
  1. Types of Shareable Cyber Threat Intelligence
  2. Anonymization Techniques for Regulatory Compliance
  3. Approved Channels and Trusted Communities
  4. Internal Approval Workflows for Sharing
  5. Recordkeeping Requirements for Shared Data
  6. Legal Protections Under Article 9(4)
  7. Integrating with FS-ISAC and National Platforms
  8. Examples of Actionable Shared Intelligence
  9. Avoiding Antitrust and Data Privacy Pitfalls
  10. Use Cases from Cross-Border Incidents
  11. Measuring Value of Participation
  12. Internal Governance for Sharing Activities
Module 7. Internal Governance and Control Mapping
Design clear ownership models and control frameworks that satisfy DORA’s governance mandates.
12 chapters in this module
  1. Assigning Roles: Board, Senior Management, CISO
  2. Establishing DORA-Specific Committees or Forums
  3. Integrating DORA into Existing Risk Committees
  4. Control Inventory Development and Maintenance
  5. Mapping Controls to DORA Articles and EBA Guidance
  6. Documenting Rationale for Control Selection
  7. Creating Living Control Registers
  8. Automating Control Status Tracking
  9. Linking Controls to Risk Assessments
  10. Audit Trail for Control Changes
  11. Ownership Handoffs During Staff Transitions
  12. Preparing for Internal Audit Challenge
Module 8. Evidence Collection and Documentation
Streamline the creation and maintenance of regulator-ready documentation packages.
12 chapters in this module
  1. Standardizing Evidence Naming and Storage
  2. Version Control for Regulator-Submitted Files
  3. Metadata Requirements for Audit Trails
  4. Automated Workflows for Evidence Assembly
  5. Template Libraries for Common Deliverables
  6. Validation Checks Before Submission
  7. Secure Access Controls for Sensitive Files
  8. Integrating with GRC Platforms
  9. Checklists for Completeness
  10. Lessons from Failed Submissions
  11. Preparing Backup Evidence Sets
  12. Time-Saving Strategies for Recurring Requests
Module 9. Supervisory Reporting and Coordination
Navigate expectations and formats for reporting to EBA, ECB, and national authorities.
12 chapters in this module
  1. Identifying Relevant Competent Authorities
  2. Understanding EBA Reporting Templates
  3. Coordinating Multijurisdictional Filings
  4. Internal Review Cycles Before Submission
  5. Escalation Paths for Disputed Classifications
  6. Responding to Supervisory Inquiries
  7. Preparing for On-Site Examinations
  8. Using Past Findings to Preempt Issues
  9. Building Relationships with Supervisors
  10. Documenting Interactions and Follow-Ups
  11. Leveraging Peer Benchmarking Data
  12. Post-Submission Feedback Loops
Module 10. Cross-Functional Alignment
Lead alignment across IT, legal, procurement, and business units to ensure enterprise-wide DORA readiness.
12 chapters in this module
  1. Establishing Cross-Functional Working Groups
  2. Defining Clear Handoff Points
  3. Aligning KPIs Across Departments
  4. Facilitating Joint Risk Assessments
  5. Managing Conflicting Priorities
  6. Running Effective Interdepartmental Meetings
  7. Creating Shared Glossaries and Definitions
  8. Escalation Mechanisms for Deadlock Resolution
  9. Communicating DORA Impact to Non-Compliance Teams
  10. Training Modules for Functional Leads
  11. Measuring Collaboration Effectiveness
  12. Success Stories from Multi-Team Initiatives
Module 11. Sustainable Compliance Automation
Embed DORA practices into daily operations using automation and monitoring tools.
12 chapters in this module
  1. Identifying Repetitive Manual Processes
  2. Selecting Appropriate RPA and Workflow Tools
  3. Integrating with SIEM and SOAR Platforms
  4. Automating Evidence Collection Triggers
  5. Monitoring Control Effectiveness in Real Time
  6. Alerting for Deadline Proximity
  7. Validating Automated Outputs
  8. Change Management for Automated Workflows
  9. Scalability Considerations
  10. Cost-Benefit Analysis of Automation
  11. Vendor Options and Integration Tips
  12. Building Internal Expertise
Module 12. Continuous Improvement and Evolution
Implement feedback loops and adaptive processes to maintain long-term compliance maturity.
12 chapters in this module
  1. Gathering Input from Internal Audits
  2. Incorporating Supervisory Feedback
  3. Tracking Regulatory Updates
  4. Updating Policies and Procedures
  5. Reassessing Risk Profiles Annually
  6. Refreshing Training Programs
  7. Measuring Program Maturity Over Time
  8. Benchmarking Against Industry Peers
  9. Planning for DORA Revisions
  10. Knowledge Transfer Between Generations
  11. Recognizing and Rewarding Contributor Efforts
  12. Institutionalizing Lessons Learned

How this maps to your situation

  • ICT Risk Assessment
  • Incident Response
  • Third-Party Oversight
  • Regulatory Reporting

Before vs. after

Before
Review packages are assembled reactively, requiring last-minute coordination and incomplete traceability.
After
Evidence flows are predefined, version-controlled, and supervisor-ready on demand.

What's included with your purchase

  • 12 modules with 12 chapters each (144 chapters)
  • Downloadable templates and worked examples for every module
  • Hand-built implementation playbook delivered alongside course access
  • 30-day money-back guarantee

Delivery and format

  • Course and learning environment access provisioned within 24 hours of purchase
  • Hand-built implementation playbook delivered alongside course access

Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.

Time investment: Approximately 90 minutes per week over eight weeks to complete core modules and apply templates.

If nothing changes
Delays or gaps in DORA compliance may lead to direct supervisory intervention, fines, or delayed approval cycles that impact broader operational plans.

How this compares to the alternatives

Unlike generic compliance overviews or vendor-led training, this course delivers role-specific, regulator-aligned workflows grounded in actual EBA reporting expectations and evidence standards.

Frequently asked

Is this course specific to DORA Article 5 risk assessments?
Yes, Module 2 provides a step-by-step guide to building compliant ICT risk assessments with templates and real-world examples.
How is the course structured?
12 modules, each containing 12 chapters (144 chapters total).
Does the course cover EBA reporting templates?
Yes, Module 8 includes annotated walkthroughs of evidence packages and supervisory submission formats.
$199 one-time. Approximately 90 minutes per week over eight weeks to complete core modules and apply templates..

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

30-day money-back guarantee· 144 chapters· Hand-built playbook included· Account access within 24 hours