A tailored course, built for your situation
Mastering DORA for Financial Services Compliance Practitioners
A structured path to full operational resilience under DORA requirements
The situation this course is for
DORA introduces sweeping requirements on incident reporting, third-party risk, and resilience testing, often without clear internal playbooks. Teams default to reactive, siloed responses, increasing review cycles and audit exposure.
Who this is for
Mid-level compliance and risk practitioner in financial services managing operational resilience frameworks with exposure to ICT risk, vendor governance, and regulatory reporting.
Who this is not for
Entry-level analysts without direct responsibility for compliance execution, consultants selling generalized governance frameworks, or non-financial sector professionals.
What you walk away with
- Map all DORA requirements directly to internal control frameworks without oversight gaps
- Design and run qualified resilience testing cycles independently
- Structure incident reporting timelines and escalation paths aligned to EBA standards
- Lead vendor due diligence using auditable, repeatable checklists
- Produce a regulator-ready operational resilience file within 30 days
The 12 modules (with all 144 chapters)
- What DORA regulates
- Mapping DORA to MiFID and PSD2
- ICT definition under EBA guidelines
- Thresholds for major incident reporting
- Operational vs financial resilience
- Geographic scope of enforcement
- Key timelines for compliance
- Role of national competent authorities
- EBA’s role in supervision
- Institutional classification under DORA
- Critical vs important functions
- Third-party dependency rules
- Identifying critical functions
- System dependency mapping
- Vendor risk tiering methodology
- Internal system classification
- Impact scoring framework
- Likelihood assessment model
- Risk register structure
- Ownership assignment rules
- Thresholds for escalation
- Cross-border risk factors
- Cloud infrastructure exposure
- Legacy system vulnerability tagging
- Defining a major incident
- Detection logic for breaches
- Internal triage protocol
- 24-hour reporting obligation
- Form reporting structure
- EBA Form D specifications
- Incident timeline documentation
- Escalation to senior management
- Cross-border notification rules
- Evidence preservation checklist
- Root cause analysis method
- Post-incident review cadence
- Vendor classification criteria
- Due diligence depth by tier
- Contractual clauses for compliance
- Audit rights enforcement
- Sub-contractor oversight
- Cloud provider assessment
- Penetration testing access
- Security control validation
- SLA compliance tracking
- Exit strategy requirements
- Geographic data hosting rules
- Vendor concentration risk
- Annual testing mandate
- Threat-led penetration testing
- Internal vs external testing teams
- Third-party test coordination
- Test scenario development
- Red teaming scope
- Reporting test outcomes
- Deficiency tracking system
- Corrective action timelines
- Independent validation steps
- Executive summary writing
- Regulator-facing documentation
- Maximum tolerable downtime
- Recovery time objectives
- Recovery point objectives
- Critical process mapping
- Resource availability planning
- Workaround capability design
- Data replication standards
- Failover testing frequency
- Cross-entity coordination
- External dependency mapping
- Internal communication plans
- Stakeholder notification timelines
- Document retention policy
- Version control for policies
- Centralized evidence storage
- Access control for files
- Audit readiness checklist
- Internal review cycles
- Evidence tagging system
- Cross-referencing controls
- External auditor access
- Document update frequency
- Sign-off procedures
- Change impact assessment
- Board accountability framework
- Senior management duties
- Compliance team responsibilities
- ICT function roles
- Risk committee structure
- Escalation protocols
- External reporting lines
- Internal audit function
- External auditor coordination
- Legal department alignment
- Training and awareness programs
- Performance metric tracking
- National competent authorities
- EBA oversight authority
- Cross-border incident reporting
- Consistency in testing standards
- Third-country provider rules
- Data localization requirements
- Supervisory cooperation
- Dispute resolution process
- Regulatory divergence tracking
- Group-wide policy alignment
- Local adaptation protocols
- Legal entity coordination
- Overlap with GDPR
- Mapping to ISO 27001
- NIST CSF alignment
- SOC 2 integration
- PSD2 security requirements
- MiFID II operational rules
- SOX control intersections
- Crisis management planning
- Business continuity linkage
- Risk appetite statement
- Compliance program unification
- Single source of truth design
- Supervisory review cycle
- Evidence submission process
- On-site inspection prep
- Regulator Q&A protocol
- Deficiency response drafting
- Corrective action planning
- Follow-up timeline management
- Voluntary disclosure process
- Cooperation recognition
- Peer benchmarking data
- Regulatory expectation tracking
- Internal self-assessment tools
- Annual compliance review
- Staff training requirements
- Knowledge transfer process
- System change controls
- Policy update cycles
- Lessons learned integration
- Benchmarking against peers
- Continuous improvement loop
- Technology watch process
- Regulatory horizon scanning
- Stakeholder feedback mechanism
- Compliance maturity model
How this maps to your situation
- Preparing for EBA supervisory review
- Implementing DORA across global entities
- Aligning vendor risk with resilience testing
- Building regulator-ready documentation
Before vs. after
What's included with your purchase
- 12 modules with 12 chapters each (144 chapters total)
- Downloadable templates and worked examples for every module
- Hand-built implementation playbook delivered alongside course access
- 30-day money-back guarantee
Delivery and format
- Course and learning environment access provisioned within 24 hours of purchase
- Hand-built implementation playbook delivered alongside course access
Format: Text-based modules and chapters in the Art of Service learning environment, plus downloadable templates and worked examples for every chapter, plus the hand-built implementation playbook delivered alongside course access.
Time investment: Approximately 12 weeks of part-time study, with one module per week recommended for steady progress.
How this compares to the alternatives
Unlike generic compliance training, this course delivers a DORA-specific implementation blueprint with financial sector context, regulator-tested artefacts, and step-by-step workflows used by leading institutions.
Frequently asked
Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.