Our expertise,

your peace of mind

DORA Training
Courses for
Organisations
and Specialist
Consultants
Our expertise, your professional development

www.itgovernance.co.uk

+44 (0)333 800 7000

Raising professional standards to meet new
challenges:

Andy Johnston
Global Head of Training, IT Governance

Welcome to the Digital Operational Resilience Act (DORA) Training Brochure!

The new freedoms of our digital lifestyles come at cost. DORA sets higher standards for safeguarding digital
products and services in the financial sector and its supply chain. It is raising expectations about how to defend
against cyber threats and what it means to respond appropriately. DORA aims to secure the information
highways that link financial hubs and digital supply chains for faster intelligence and risk containment.

Your role in this network is vital. Job roles are evolving to incorporate DORA, and our training courses enable you adapt skilfully so you
can play a valuable part and grow from new career opportunities. We value continual growth and peer interaction. We aim to help you
understand DORA’s impact on your organisation and learn the skills to excel in your role, helping to create a secure digital economy for all.

DORA is an EU regulation that touches organisations everywhere. It was developed to fortify financial services infrastructure, improve
business continuity and mitigate cyber security threats. It recognises that risk extends across the digital supply chain. Companies must
identify and ensure compliance with DORA’s requirements. Finance firms lead the change and will exert pressure on their suppliers
worldwide, who will also need to adapt alongside them. Training will help all those involved anticipate and prepare for new ways of working.

In an era of open banking and financial innovation, DORA safeguards our digital freedoms, and fosters accountability and collaboration.

DORA may be a new regulation but to our experts it is a logical development of existing standards and regulations. In all areas of IT
Governance and across our sister companies in the GRC International Group, you will find products and services that will help you
understand, implement and maintain DORA-compliant practices, slotting them in with your business-as-usual processes.

The Five Pillars of DORA

DORA
DIGITAL OPERATIONAL RESILIENCE ACT

RISK INCIDENT DIGITAL ICT THIRD INFORMATION

MANAGEMENT MANAGEMENT OPERATIONAL PARTY RISK AND
RESILIENCE MANAGEMENT INTELLIGENCE
TESTING SHARING

Architecture Threat-led testing Full lifecycle Mandatory &

Business Continuity
Cyber security Independent testers Register of info Voluntary sharing
Disaster Recovery
Incident reporting Annual / 3 yearly Standard Contracts Threats, risks and
Operational Risk
Incident handling Remediation Stressed termination vulnerabilities

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 2

Who is affected by DORA?

Financial services organisations operating in the EU need to attain and maintain compliance with DORA. To achieve this, they need to
demonstrate that the software, hardware and IT services companies that supply them are also meeting minimum standards, and follow
prescribed procedures and undergo regular testing themselves in order to maintain digital operational resilience.

No matter where ICT third-party companies operate from, if they supply products or services to in-scope financial entities in the EU, they
will be affected. The ripple effect of DORA will be felt worldwide, prompting an increased demand for qualified and experienced cyber
security professionals, auditors and consultants.

Which organisations are in scope?

BANKING SERVICES INSURANCE OVERSEERS & BENCHMARKS

Banking & central banking Insurance & reinsurance Public & statutory authorities
Lending (Re)insurance intermediaries EBA
Crypto-asset issuing (Re)insurance ancillaries EU Joint Committee
Asset referenced tokens ESMA
Account information services Admins benchmarks & indicies

PAYMENTS SHARES & FUNDS ICT PROVIDERS

Payment networks Investments & investment funds IT services, e.g. web services
eMoney Pensions Telecoms / network services
Crowdfunding Trade & securities repositories IT softwawre, hardware & SaaS
Credit rating Trade counterparties Statutory auditors and audit firms
Currency exchanges Securities depositories

Which roles are impacted?

ACCOUNTABLE DIRECTORS CYBER SECURITY SPECIALISTS BUSINESS CONTINUITY MANAGERS

Risk-based insight for leaders with For those designing and monitoring Those designing and managing systems
accountability for maintaining information security, data privacy and to ensure business continuity and
compliance cyber security disaster recovery

PROJECT TEAMS AUDITORS LEGAL ADVISORS

Strong working knowledge to Fact finding and performing gap Supporting where changes to contract
motivate cross-functional teams on analysis to guide project planning and terms are required or in relation to
implementation projects prioritisation risks, breaches and remediation

COMPLIANCE TEAMS OPERATIONAL RISK MANAGERS PROCUREMENT

Detailed understanding of the Analysing risk up and down the supply Involved in supplier sourcing, due
requirements relevant to the risk chain for commercial stability and diligence and contract management as
appetite and size of the organisation continuity well as contract termination

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 1

Why is DORA specific training important?

The transition period for DORA ends on 17 January 2025, and while financial sector organisations are directly affected by the impending
deadline, the changes they initiate will be felt all along the supply chain.

Contracts and service level agreements are coming under scrutiny, processes for sharing information about risk are being laid down and
new expectations are being set for proactive cyber security testing.

High quality ISO/IEC 17024:2012-certified qualifications help you see the bigger picture and identify the opportunities, not just the
challenge of achieving compliance.

DORA IMPLEMENTATION

WITH UNTRAINED TEAMS WITH QUALIFIED TEAMS

Protect your business: training mitigates business risks

Weaker defences against data breaches: Financial losses:
Employees without proper training are more susceptible to Penalties can ensue when just one employee fails to comply.
phishing attacks, social engineering and other cyber threats. When all employees are trained, non-compliance becomes wilful
negligence, not a simple mistake.

Economic and sectoral knock-on effects: Loss of trust and reputational damage:
Fines and the remediation costs of breaches can impair the Cyber security incidents and compliance failures cause widespread
organisation’s delivery of services to customers and payment to bad press across mainstream and social media. Bad news travels
suppliers, affecting the welfare of multiple organisations and their fast, but it can take a long time for a business to come back from a
employees. loss of trust among its customers, investors and other stakeholders.

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 2

A quick guide to our certified DORA training courses

Our IBITGQ certified DORA training courses are structured to give a good grounding in the principles underpinning DORA so you appreciate
how to work with it in your role, allowing you to participate in the conversation.

The Foundation course creates a shared understanding of what DORA is, what it means and why it presents an opportunity, not just a
compliance challenge.

Specialist training courses enable you to progress your learning and become instrumental in establishing DORA-compliant ways of working.
There are courses to support a range of roles in the cross-functional teams that will implement DORA, and then manage and maintain it as it
transitions into business as usual.

COURSE HOW IT SUPPORTS YOUR DORA PRACTICE WHO IT IS FOR

?
The entry point for all further DORA certifications* • Project managers & teams
DORA • Cyber security specialists
FOUNDATION • Improve communication amongst project team members • Compliance teams
• Ensure stakeholder support for change projects • Operational risk managers
7 •
•
Provide credible qualifications to demonstrate your commitment quality
Induct new team members in DORA-related positions
• Contract managers
• ICT company senior managers
C-DORA F

Mastery of DORA principles for those in DORA related roles • Project managers & teams
DORA • Cyber security specialists
PRACTITIONER • Rapidly upskill implementation team members • Compliance teams
• Give technical specialists a shared language and context for new • Operational risk managers

28
responsibilities • Contract managers
• Demonstrate a commitment to professional development • ICT company directors
C-DORA P • Deepen your understanding of digital operational resilience • Consultants and legal advisers

For internal auditors and consultants

DORA LEAD • Internal compliance auditors
AUDITOR • Provide role-specific learning for internal auditors
• Operational risk managers
• Impart the skills needed for company-wide fact-finding
• Professional auditors
• Relate DORA to audit best practice
28 • Acquaint auditors with DORA oversight structures in the EU
• Management consultants

C-DORA LA • Evidence professional competence in this important regulation

For all compliance managers & consultants

DORA • Compliance managers
COMPLIANCE • Expedite role-specific learning for compliance managers
• Compliance officers
OFFICER • Internal compliance auditors
• Create and manage effective compliance frameworks for DORA
• Operational risk managers
• Relate DORA to compliance frameworks for ISO standards
28 • Upskill compliance executives as part of succession planning
• Professional auditors
• Management consultants
C-DORA CO • Evidence professional competence in this important regulation

A short course for experienced and accountable directors

• Compliance managers
DORA RISK • Compliance officers
DIRECTOR • Furnish executive leaders with a good understanding of DORA
• Internal compliance auditors
• Spell out the penalties and hazards of non-compliance
• Operational risk managers
• Translate the regulations into meaningful commercial terms
28 • Equip senior leaders for this responsibility
• Professional auditors
• Management consultants
C-DORA LA • Enable operational risk managers to expand their remits

EARN CPD POINTS AS YOU LEARN PRE-QUALIFICATIONS

Use the CPD points to maintain professional qualifications

14
*The DORA Foundation course is a prequalification for all
!
and memberships other DORA courses excetp the Risk Director Course

DORA FOUNDATION & DORA FOUNDATION & DORA FOUNDATION &

SAVE 15% PRACTITIONER LEAD AUDITOR COMPLIANCE OFFICER
BY TAKING A
COMBINATION COURSE C-DORA F & P C-DORA F & LA C-DORA F & CO

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 3

Learn your way with our flexible delivery methods

More choice

We want you to learn, qualify and progress, and we are committed to providing learning options for all scenarios: deadline-driven, career-
oriented, company-wide or interest-led.

INSTRUCTOR-LED PUBLIC COURSES SELF-PACED ONLINE LEARNING

Our qualified instructors are seasoned practitioners who enrich Our outstanding course material and the extra practical
the learning experience by sharing their real-world insights. exercises, tools and support make your home learning enjoyable,
digestible and actionable in your work life.

In-venue or Live Online Learn in a way that works for you

Focused learning Study at your own pace
Delivered by expert practitioners Cost-effective
Peer support and networking Bite-sized learning
In-the-moment insights Fits around you

BLENDED LEARNING COURSES IN-HOUSE AND CORPORATE TRAINING

A blend of self-paced and instructor-led learning is proven to As an alternative to booking staff on public courses, we can run
deliver the best outcomes for professionals. training courses solely for your employees, adding material or
elements relevant to your organisation.

Work around lifestyle challenges Building a culture of awareness

A more manageable programme Customised to you
Tailored, mastery-based learning Peace of mind & confidentiality
Better learning outcomes Improve teamwork
One-to-one mentoring included Maximise your budget

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 4

DORA learning pathways for professional development

We are passionate about helping people develop careers using their knowledge of governance, risk and compliance. Our courses are
designed so you can pass exams first time, qualify for new roles and excel in fulfilling them.

Build high-calibre DORA implementation teams

Expedite your DORA implementation by training key project team members. Then you can start planning and building your frameworks
while training other key members of the implementation team as well as those who will be involved in the ongoing maintenance.

Develop people to manage and maintain your DORA framework

To succeed in senior management, a breadth of knowledge is needed, covering general management skills and best practice that is being
implemented within the organisational ecosystem. Our DORA pathways and other career pathways allow you to progress in cyber security,
audit or compliance.

DORA RISK DORA RISK

Experienced directors can take
DIRECTOR • Company Directors DIRECTOR this two-day course without first
• Board Members
having taken the Certified DORA
• CEO, COO
Foundation course
C-DORA RD C-DORA RD

Higher professional
• CIO, CTO CYBER SECURITY FOR qualifications e.g. CISSP,
DORA • CISO, CSO
MANAGERS PATHWAY CEH, CISM and options
PRACTITIONER for aspiring CISOs
• Programme Manager Foundation level
• Legal Adviser
CPD OPTIONS ISO qualifications in compatible
C-DORA P • Cyber Security Manager ISO/IEC frameworks and
• Network Architect
FRAMEWORKS
Financial Regulations

DORA DORA LEAD

• Internal audit
FOUNDATION AUDITOR • Supply chain audits SEE OUR MODULAR TRAINING
• Contracts Managewr SOLUTIONS FOR LEAD AUDITORS
• Operational Risk Manager
C-DORA F C-DORA LA

Foundation level
DORA CPD OPTIONS ISO qualifications in compatible
• Compliance Manager
COMPLIANCE • Compliance Officer
FRAMEWORKS ISO/IEC frameworks and
OFFICER • ISMS Manager
Financial Regulations

• BCMS Manager Progressive learning in

C-DORA CO • PIMS Manager ISO 27001, ISO 22301 compatible ISO/IEC

OR DPO PATHWAY frameworks and Financial
Regulations

SAVE 15% DORA FOUNDATION &

PRACTITIONER
DORA FOUNDATION &
LEAD AUDITOR
DORA FOUNDATION &
COMPLIANCE OFFICER
BY TAKING A
COMBINATION COURSE C-DORA F & P C-DORA F & LA C-DORA F & CO

Create a culture of accountability with staff awareness training

Bring your whole company on board and minimise the risk of bad actors by raising
awareness across the organisation. Our simple and engaging elearning courses take
DORA STAFF AWARENESS ELEARNING
only a few hours but give a great deal to employees and to your organisation as a
whole in terms of embracing the changes DORA ushers in. Build a pro-compliance
A 1-HOUR ONLINE COURSE
culture with staff awareness courses that can be taken online at any time or by
deadlines set by you.

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 5

Expand your knowledge of frameworks
These certifications improve your knowledge of vital areas of information security that are likely to apply and complement DORA training.

CERTIFIED ISO CERTIFIED ISO CERTIFIED ISO

CERTIFIED ISO CERTIFIED ISO
27701 PIMS 27017 CLOUD 27018 CLOUD
27001 ISMS 27001 LEAD
LEAD CONTROLS PRIVACY
FOUNDATION IMPLEMENTER
IMPLEMENTER SPECIALIST SPECIALIST

7 7 14 14 14
CIS F CIS-LI PIMS LI CIS CCS CIS CPS

A comprehensive A three-day, accredited This practitioner-led Become equipped to Build the knowledge and
introduction to the practitioner-led course course equips you to implement cloud security skills required to
critical elements that equips you to implement an controls, assess risks, implement and audit ISO
involved in achieving support your ISO 27701 PIMS and ensure compliance and 27018:2019 controls to
compliance with ISO/IEC organisation in planning, extend an ISO 27001 ISMS effectively secure ensure the security of
27001:2022. implementing, managing to deliver an cloud-based personally identifiable
and monitoring. ISO 27701 PIMS, ensure environments. information (PII) in cloud
compliance with the UK services. Essential for
GDPR and Data organisations acting as
Protection Act (DPA) PII controllers.
2018.

Broaden your knowledge, enhance your skills and earn CPD points
Use the CPD points to maintain professional Earn CPD points by
EARN CPD POINTS AS YOU LEARN EARN AS YOU WATCH
These certifications in adjacent fields and disciplines add important risk, incident response and business continuity skills to aidattending
compliance
7 qualifications and memberships or to validate our free
with DORA. All CPD points earned can be used to qualifications
your maintain professional memberships and validate qualifications with certifyingwebinars
bodies.

Use the CPD points to maintain professional Earn CPD points by

EARN CPD POINTS AS YOU LEARN EARN AS YOU WATCH
7 qualifications and memberships or to validate
your qualifications
attending our free
webinars

CERTIFIED
CYBER CERTIFIED ISO
CERTIFIED ISO CERTIFIED ISO CERTIFIED ISO
INCIDENT 22301 BCMS
27005 RISK 22301 BCMS 22301 BCMS
RESPONSE LEAD
MANAGEMENT FOUNDATION LEAD AUDITOR
MANAGEMENT IMPLEMENTER
FOUNDATION

21 7 7 35 21
CIS RM CIRM F CBC F CBC LA CBC LI

A hands-on course A one-day course, This one-day Focused on the practical A 3-day course geared
imparting the skills to covering the principles of introductory course skills needed to plan ana towards scoping,
perform risk incident response and covers the concepts and execute audits of planning and managing a
assessments in line with business continuity and terminology of business business continuity BCMS in line with ISO
the ISO 27005 standard the three phases of the continuity and the main management systems 22301, including
to complement your ISO CREST incident response processes e.g. business and report and follow up evaluating and improving
27001 practice. process. impact analysis, risk in line with performance and
assessment and incident ISO 22301:2019 preparing for an audit.
response.

Pathways for professionals

We have mapped out learning pathways for data protection officers, auditors, cyber security consultants and other specialist areas, showing
how you can build a career and extend the range of fields that you are qualified in.

Packages for corporate teams

Talk to an expert to identify the training courses that can help develop your compliance and cyber security teams, helping them learn skills
in adjacent ISO frameworks and standards, and accomplish globally recognised professional qualifications.

Talk to a training expert

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 6

Why choose IT Governance for your training needs?

RENOWNED EXPERTS INSIDER INSIGHTS

We are the recognised global leader in the fields that we train in. IT We keep you up to date with breaking news and developments in ISO
Governance led the world’s first ISO 27001 certification project and standards, regulations, best practice and cyber threats, giving you the
introduced the world’s first certified GDPR training. Since then, more ‘first to know’ advantage and time to prepare your organisation.
than 30,000 professionals have trained with us.

STRUCTURED CAREER PATHWAYS ENGAGING EXPERIENCES

We help you navigate a wide range of qualifications to build a career. Our courses and learning materials are built and delivered by subject-
Through accessible and affordable training and events, you can earn matter experts and innovative instructional design specialists with
CPD points to empower your professional journey, maintain your years of practical, hands-on experience.
qualifications and improve your business impact.

MORE WAYS TO LEARN LEARN TO EARN

We offer a wider range of learning formats per course than any other Pay by credit card online or by invoice and, if you are personally
training provider, including instructor-led courses, self-paced online investing in your career, you can spread the cost with our finance
training and bespoke courses for organisations. We also offer a unique options. Fantastic discounts on books and courses are available for
blended learning method, designed for the digital age, which combines training graduates and corporate partners.
Live Online, self-paced and expert tuition.

ISO 17024-ACCREDITED QUALIFICATIONS OUTSTANDING QUALITY

IT Governance delivers a unique and unrivalled portfolio of training Learn better and faster with exceptional course content. Our course
courses and examinations leading to ISO 17024-accredited qualifications material includes extra learning aids, and interactive and practical
awarded by IBITGQ, BCS, ISACA®, EC-Council, PeopleCert(TM) and exercises to help you before, during and after the training so you can
Microsoft(R). put theory into practice with ease.

PASS FIRST TIME OR TRAIN AGAIN FOR FREE*

More than 30,000 people have passed exams with our training. Pass first time or train again for free.*T&Cs apply

Our training testimonials

‘Recommended course, not only for those without

any great knowledge of the subject matter, but also ‘A very thorough training course. The training offered
for those, like myself, who have auditing experience. me in classroom or remote. I chose classroom. Which
Course materials were excellent, the tutor was able to was easy to find, plenty of parking and little traffic. The
demonstrate a high level of knowledge & the course was trainer was very knowledgeable and experienced. Would
delivered at a good pace.’ recommend.’

Chris Stephen

‘It’s the second course I have taken with IT Governance ‘Comprehensive, in-depth, plenty of context, great
and one of the things I love about the onsite training learning materials and take-away information and links
facility is the excellent learning guides they provide. for future reference. The trainer continually ensured
This means you do not have to take notes and can fully we all had a positive training course experience. Really
concentrate on the course following the materials.’ enjoyed – Highly recommended.’

Maria Lisa

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 7

Optimise your budgets and improve outcomes with our
corporate offering

We value our corporate partnerships and are dedicated to delivering exceptional training solutions that help you maintain and improve your
organisation’s cyber defence and compliance capabilities. Corporate partners can enjoy significant discounts and exclusive benefits, along
with the added reassurance of our expert consultants, on stand-by to help you meet audit deadlines or address specific challenges.

Bronze, Silver, Gold and Platinum tiers

Our corporate rates are set out in four tiers based on your annual training spend with IT Governance.
Each tier comes with escalating discounts and unique advantages, so you can enjoy the best possible value for your investment in training.

IT GOVERNANCE EXECUTIVE BRONZE SILVER GOLD PLATINUM

CLUB TIERS Up to 3000 points Up to 10,000 points more than 10,000 points more than 30,000 points

Minimum annual IT Governance spend £20k £30k £40k £50k

Discount 10% 15% 20% 25%

Twice-yearly review with an expert    

Unlimited course date or learner changes*   

One free exam resit per person*  

Free upgrade to super plus training* 

Terms and conditions

• The Corporate Rates programme is applicable only to direct partners and excludes resellers and channel partners.

• The annual IT Governance spend will be calculated from April to March for each financial year, and the benefits will be effective from the
new financial year.

• To qualify for a particular tier, the minimum annual IT Governance spend thresholds must be met.

• Exam resits are subject to specific terms and conditions outlined in our agreement.

Talk to a training expert

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 8

About IT Governance

IT Governance is a leading global provider of cyber risk and data privacy management solutions.

We deliver projects all over the world, across the spectrum of cyber security and resilience, data privacy, incident response and business
continuity. Our unique and unrivalled blend of products and services includes bespoke and fixed-price consultancy, training, toolkits,
software, staff awareness elearning and penetration testing.

We take pride in serving an international customer base, delivering high-quality solutions globally. Our deep industry expertise and focus
on real-world needs enable us to address the unique challenges faced by financial services organisations.

Our credentials
IT Governance is proud of its long-standing commitment to quality in the services we provide and in the processes we use to deliver those
services. We strive for excellence in all aspects of business and believe that both continuing education and professional certifications help
us to better meet our clients’ needs. IT Governance is a member of The GRC International Group of companies.

Achieve international qualifications accredited to ISO 17024

All our training qualifications are accredited to the ISO/IEC 17024:2012 standard. Certifications that meet this standard are recognised
and highly valued by employers globally, and enhanced career opportunities are often made available to those who hold certifications and
relevant experience.

IT Governance delivers a unique and unrivalled portfolio of training courses and examinations leading to ISO 17024-accredited
qualifications awarded by IBITGQ (International Board for IT Governance Qualifications), BCS Professional Certification, ISACA®, EC-Council,
PeopleCert and Microsoft(R).

IT Governance is proud to be partnered with the following exam bodies:

View our DORA training courses

[email protected]

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 9

IT Governance

IT Governance Ltd, Unit 3, Clive Court

www.itgovernance.co.uk
Bartholomew’s Walk
+44 (0)333 800 7000 @ITGovernance
Cambridgeshire Business Park

Ely, CB7 4EA, United Kingdom. /it-governance /ITGovernanceLtd