DORA Compliance: Latest Developments
Target group:
- Chief Technology Officer (CTO), Information Security Officer (CISO)
- Managers and compliance officers in the financial sector
-
Program:
-
Implementing ICT risk management: Learn how to implement the ICT risk management requirements of DORA in your organization. Learn how to develop a robust security strategy using the RTS on the ICT risk management framework (Art. 15) and the simplified framework (Art. 16 para. 3).
-
Managing ICT third-party risks: Learn how to manage the risk of ICT third-party providers. Use the RTS on the use of ICT services (Article 28 paragraph 10) to ensure a safe and reliable third-party relationship.
-
Regulatory and Implementation Technical Standards: Get an overview of the relevant RTS and ITS on ICT risk management and incidents. Learn how to integrate these technical standards into your compliance framework to ensure compliant and secure operations.
-
learn more
-
Proof of further training:
-
Time hours according to §15 FAO, §15 para. 2 HinSchG and Article 5 DORA (Regulation (EU) 2022/2554)
-
6.5 hours
S+P Tool Box:
Lectures as PDF
We offer compact PDF documents for the lectures so you can quickly look up and refresh the seminar content. These documents will help you to deepen what you have learned at any time and put it into practice straight away.
DORA Compliance Update Guide
This guide will help you implement the latest changes and tightened requirements of the Digital Operational Resilience Act (DORA).
DORA-Toolkit
In this toolkit you will find the most important tools, such as guidelines, risk assessment and IT strategy for implementing the DORA requirements. It includes best practices and innovative approaches that will help you optimize your compliance processes and make them future-proof.
Case Study „Delta Bank“
Examines how Delta Bank successfully implemented the ICT risk management requirements (Chapter II, Articles 5 to 16) and provides valuable insights for similar cases. This case study shows practical solutions and best practices.
Case Study „Epsilon Insurance“
Demonstrates the transition from traditional IT governance principles to DORA regulation at Epsilon Insurance and provides practical insights into the application of the new ICT third-party risk management requirements (Chapter V, Articles 28 to 30). Learn from the experiences and challenges that Epsilon Insurance has overcome.
Case Study „Zeta Finance“
Looks at the introduction of forward-looking compliance techniques at Zeta Finance and shows how the company uses resilience testing and threat-led penetration testing (Chapter IV, Articles 24 to 27) to work more efficiently and securely. This case study offers you insights into innovative approaches and their practical implementation.
Program
How can you strengthen the digital operational resilience of your financial institution while meeting the new legal requirements? In this seminar, you will receive a comprehensive overview of the latest developments and requirements of the Digital Operational Resilience Act (DORA). You will learn practical approaches to implementing compliance requirements and strengthening your IT security strategies.
We cover in detail the key aspects of ICT risk management , including classifying and reporting ICT-related incidents, and conducting resilience testing to ensure system security. You will also learn how to manage third-party risk and develop a robust monitoring framework for critical ICT third-party service providers.
Through practical examples and case studies, you will gain valuable insights into the practical implementation of DORA requirements, including integrating technical standards into your compliance framework and developing effective strategies for information sharing and crisis management.
ICT risk management and incident management
ICT risk management: Learn how to implement ICT risk management requirements (Chapter II, Articles 5 to 16), including the RTS (Articles 15 and 16(3)).
Incident management: Learn the criteria for classifying and reporting ICT incidents (Chapter III, Articles 17 to 23), including the RTS (Article 18 paragraph 3, 20.a).
Your benefit:
- Practical tools for ICT risk management.
- Effective classification and reporting of ICT incidents.
Digital Resilience and Third-Party Risk
Resilience testing: Conducting resilience testing and threat-led penetration testing (Chapter IV, Articles 24 to 27).
Third-party risks: Management of ICT third-party providers (Chapter V, Articles 28 to 30), including the RTS (Articles 28(10) and 30(5)).
Monitoring framework: Monitoring of critical ICT third-party service providers (Chapter V, Articles 31 to 44), including the Delegated Regulations (Articles 31(6), 43(2)).
Your benefit:
- Resilience of IT systems.
- Managing and monitoring third-party risks.
Business Continuity Management
Information exchange and crisis management: requirements and conduct of cyber crisis and emergency exercises (Chapter VI, Article 44 and Chapter VII, Article 49).
Technical standards: Integration of RTS and ITS into the compliance framework.
Your benefit:
- Integration of the BCM with the technical standards of DORA
- Compliance with technical standards and monitoring of third parties.
DORA Compliance: Key Areas and Implementation
Implementing ICT risk management
Find out how to implement the ICT risk management requirements according to DORA in your organization. Learn how to develop a robust security strategy using the Regulatory Technical Standards (RTS) on the ICT risk management framework (Art. 15) and the simplified framework (Art. 16 para. 3). These strategies help you to identify and assess potential risks at an early stage in order to take appropriate measures to minimize risks.
Managing ICT third-party risks
Learn how to manage the risk of ICT third-party providers. Use the RTS for the use of ICT services (Art. 28 para. 10) to ensure a safe and reliable third-party relationship. Learn how to control relationships with third parties through effective risk management and ensure that all IT security and compliance requirements are met.
Technical Regulatory and Implementation Standards
Get an overview of the relevant RTS and Implementing Technical Standards (ITS) on ICT risk management and incidents. Learn how to integrate these technical standards into your compliance framework to ensure compliant and secure operations. These standards will help you establish and maintain solid and compliant IT security management.
Your benefit:
- Practical tools for ICT risk management: Implement robust security strategies and identify potential risks early.
- Effective management of third-party risks: Secure and reliable relationships with ICT third-party providers through the use of RTS.
- Integration of technical standards: Establishment of a legal compliance framework for safe operational management.
Show what you’re made of
Get your digital S+P badge & certificate
The Digital Career Certificate, also known as Digital Badge, is a modern form of certification that is awarded to you digitally.
With this badge, you can easily and effectively demonstrate in digital networks, on your LinkedIn profile or on your resume that you are proactively working on your professional development.
Latest news on DORA compliance
Ensuring legal business management
DORA requires financial institutions to comply with specific Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) that define the requirements for ICT risk management and ICT incident reporting.
DORA aims to strengthen the digital operational resilience of the entire European financial sector in these six key areas:
- ICT risk management (Chapter II, Articles 5 to 16)
- Handling, classification and reporting of ICT-related incidents (Chapter III, Articles 17 to 23)
- Testing of digital operational resilience including threat-led penetration testing (TLPT) (Chapter IV, Articles 24 to 27)
- Management of ICT third-party risk (Chapter V, Section I, Articles 28 to 30)
- Monitoring framework for critical ICT third-party service providers (Chapter V, Section II, Articles 31 to 44)
- Agreements on the exchange of information and cyber crisis and emergency exercises (Chapter VI, Article 44 and Article Chapter VII, Article 49)
EU Commission – first delegated acts on DORA
The regulatory and implementing technical standards include:
- RTS on the ICT risk management framework ( Article 15) and the simplified ICT risk management framework ( Article 16 paragraph 3)
- RTS on criteria for the classification of ICT-related incidents ( Article 18 paragraph 3)
- RTS on the guideline regarding the use of ICT services of critical or important functions ( Art. 28 para. 10) and
-
ITS to establish a standard template for the information register ( Article 28 paragraph 9) .
The Commission has also already adopted the delegated regulations on the fees of the European monitoring framework for critical ICT third-party service providers (Article 43(2)) and on the criteria for the selection of ICT third-party service providers that will be covered by the European monitoring framework (Article 31(6)) .
Second tranche of RTS and ITS drafts
From 8 December 2023 to 4 March 2024, the European Supervisory Authorities EBA , ESMA and EIOPA held a public consultation on the following drafts:
- RTS consultation on Threat Led Penetration Testing (Article 26(11))
- Consultation of the RTS on the specification of elements in the subcontracting of critical or important functions (Article 30 paragraph 5)
- Consultation of the RTS on the determination of the reporting of serious ICT incidents (Art. 20.a)
- Consultation of the ITS to determine the details of reporting on major ICT-related incidents (Article 20.b)
- Consultation of the GL for cooperation between the ESAs and the CAs regarding the structure of monitoring (Art. 32 para. 7)
- Consultation of the RTS on the harmonisation of the conditions for carrying out monitoring activities (Article 41)