Our expertise,

your peace of mind

DORA Training
Courses for
Organisations
and Specialist
Consultants
Our expertise, your professional development

www.itgovernance.co.uk

+44 (0)333 800 7000

Raising professional standards to meet new
challenges:

Andy Johnston
Global Head of Training, IT Governance

Welcome to the Digital Operational Resilience Act (DORA) Training Brochure!

The new freedoms of our digital lifestyles come at cost. DORA sets higher standards for safeguarding digital
products and services in the financial sector and its supply chain. It is raising expectations about how to defend
against cyber threats and what it means to respond appropriately. DORA aims to secure the information
highways that link financial hubs and digital supply chains for faster intelligence and risk containment.

Your role in this network is vital. Job roles are evolving to incorporate DORA, and our training courses enable you adapt skilfully so you
can play a valuable part and grow from new career opportunities. We value continual growth and peer interaction. We aim to help you
understand DORA’s impact on your organisation and learn the skills to excel in your role, helping to create a secure digital economy for all.

DORA is an EU regulation that touches organisations everywhere. It was developed to fortify financial services infrastructure, improve
business continuity and mitigate cyber security threats. It recognises that risk extends across the digital supply chain. Companies must
identify and ensure compliance with DORA’s requirements. Finance firms lead the change and will exert pressure on their suppliers
worldwide, who will also need to adapt alongside them. Training will help all those involved anticipate and prepare for new ways of working.

In an era of open banking and financial innovation, DORA safeguards our digital freedoms, and fosters accountability and collaboration.

DORA may be a new regulation but to our experts it is a logical development of existing standards and regulations. In all areas of IT
Governance and across our sister companies in the GRC International Group, you will find products and services that will help you
understand, implement and maintain DORA-compliant practices, slotting them in with your business-as-usual processes.

The Five Pillars of DORA

DORA
DIGITAL OPERATIONAL RESILIENCE ACT

RISK INCIDENT DIGITAL ICT THIRD INFORMATION

MANAGEMENT MANAGEMENT OPERATIONAL PARTY RISK AND
RESILIENCE MANAGEMENT INTELLIGENCE
TESTING SHARING

Architecture Threat-led testing Full lifecycle Mandatory &

Business Continuity
Cyber security Independent testers Register of info Voluntary sharing
Disaster Recovery
Incident reporting Annual / 3 yearly Standard Contracts Threats, risks and
Operational Risk
Incident handling Remediation Stressed termination vulnerabilities

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 2

Who is affected by DORA?

Financial services organisations operating in the EU need to attain and maintain compliance with DORA. To achieve this, they need to
demonstrate that the software, hardware and IT services companies that supply them are also meeting minimum standards, and follow
prescribed procedures and undergo regular testing themselves in order to maintain digital operational resilience.

No matter where ICT third-party companies operate from, if they supply products or services to in-scope financial entities in the EU, they
will be affected. The ripple effect of DORA will be felt worldwide, prompting an increased demand for qualified and experienced cyber
security professionals, auditors and consultants.

Which organisations are in scope?

BANKING SERVICES INSURANCE OVERSEERS & BENCHMARKS

Banking & central banking Insurance & reinsurance Public & statutory authorities
Lending (Re)insurance intermediaries EBA
Crypto-asset issuing (Re)insurance ancillaries EU Joint Committee
Asset referenced tokens ESMA
Account information services Admins benchmarks & indicies

PAYMENTS SHARES & FUNDS ICT PROVIDERS

Payment networks Investments & investment funds IT services, e.g. web services
eMoney Pensions Telecoms / network services
Crowdfunding Trade & securities repositories IT softwawre, hardware & SaaS
Credit rating Trade counterparties Statutory auditors and audit firms
Currency exchanges Securities depositories

Which roles are impacted?

ACCOUNTABLE DIRECTORS CYBER SECURITY SPECIALISTS BUSINESS CONTINUITY MANAGERS

Risk-based insight for leaders with For those designing and monitoring Those designing and managing systems
accountability for maintaining information security, data privacy and to ensure business continuity and
compliance cyber security disaster recovery

PROJECT TEAMS AUDITORS LEGAL ADVISORS

Strong working knowledge to Fact finding and performing gap Supporting where changes to contract
motivate cross-functional teams on analysis to guide project planning and terms are required or in relation to
implementation projects prioritisation risks, breaches and remediation

COMPLIANCE TEAMS OPERATIONAL RISK MANAGERS PROCUREMENT

Detailed understanding of the Analysing risk up and down the supply Involved in supplier sourcing, due
requirements relevant to the risk chain for commercial stability and diligence and contract management as
appetite and size of the organisation continuity well as contract termination

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 1

Why is DORA specific training important?

The transition period for DORA ends on 17 January 2025, and while financial sector organisations are directly affected by the impending
deadline, the changes they initiate will be felt all along the supply chain.

Contracts and service level agreements are coming under scrutiny, processes for sharing information about risk are being laid down and
new expectations are being set for proactive cyber security testing.

High quality ISO/IEC 17024:2012-certified qualifications help you see the bigger picture and identify the opportunities, not just the
challenge of achieving compliance.

DORA IMPLEMENTATION

WITH UNTRAINED TEAMS WITH QUALIFIED TEAMS

Protect your business: training mitigates business risks

Weaker defences against data breaches: Financial losses:
Employees without proper training are more susceptible to Penalties can ensue when just one employee fails to comply.
phishing attacks, social engineering and other cyber threats. When all employees are trained, non-compliance becomes wilful
negligence, not a simple mistake.

Economic and sectoral knock-on effects:
Fines and the remediation costs of breaches can impair the
organisation’s delivery of services to customers and payment to
suppliers, affecting the welfare of multiple organisations and their
employees.
Loss of trust and reputational damage:
Cyber security incidents and compliance failures cause widespread
bad press across mainstream and social media. Bad news travels
fast, but it can take a long time for a business to come back from a
loss of trust among its customers, investors and other stakeholders.

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 2

A quick guide to our certified DORA training courses

Our IBITGQ certified DORA training courses are structured to give a good grounding in the principles underpinning DORA so you appreciate
how to work with it in your role, allowing you to participate in the conversation.

The Foundation course creates a shared understanding of what DORA is, what it means and why it presents an opportunity, not just a
compliance challenge.

Specialist training courses enable you to progress your learning and become instrumental in establishing DORA-compliant ways of working.
There are courses to support a range of roles in the cross-functional teams that will implement DORA, and then manage and maintain it as it
transitions into business as usual.

COURSE HOW IT SUPPORTS YOUR DORA PRACTICE WHO IT IS FOR

?
The entry point for all further DORA certifications* • Project managers & teams
DORA • Cyber security specialists
FOUNDATION • Improve communication amongst project team members • Compliance teams
• Ensure stakeholder support for change projects • Operational risk managers
7 •
•
Provide credible qualifications to demonstrate your commitment quality
Induct new team members in DORA-related positions
• Contract managers
• ICT company senior managers
C-DORA F

Mastery of DORA principles for those in DORA related roles • Project managers & teams
DORA • Cyber security specialists
PRACTITIONER • Rapidly upskill implementation team members • Compliance teams
• Give technical specialists a shared language and context for new • Operational risk managers

28
responsibilities • Contract managers
• Demonstrate a commitment to professional development • ICT company directors
C-DORA P • Deepen your understanding of digital operational resilience • Consultants and legal advisers

For internal auditors and consultants

DORA LEAD • Internal compliance auditors
AUDITOR • Provide role-specific learning for internal auditors
• Operational risk managers
• Impart the skills needed for company-wide fact-finding
• Professional auditors
• Relate DORA to audit best practice
28 • Acquaint auditors with DORA oversight structures in the EU
• Management consultants

C-DORA LA • Evidence professional competence in this important regulation

For all compliance managers & consultants

DORA • Compliance managers
COMPLIANCE • Expedite role-specific learning for compliance managers
• Compliance officers
OFFICER • Internal compliance auditors
• Create and manage effective compliance frameworks for DORA
• Operational risk managers
• Relate DORA to compliance frameworks for ISO standards
28 • Upskill compliance executives as part of succession planning
• Professional auditors
• Management consultants
C-DORA CO • Evidence professional competence in this important regulation

A short course for experienced and accountable directors

• Compliance managers
DORA RISK • Compliance officers
DIRECTOR • Furnish executive leaders with a good understanding of DORA
• Internal compliance auditors
• Spell out the penalties and hazards of non-compliance
• Operational risk managers
• Translate the regulations into meaningful commercial terms
28 • Equip senior leaders for this responsibility
• Professional auditors
• Management consultants
C-DORA LA • Enable operational risk managers to expand their remits

EARN CPD POINTS AS YOU LEARN PRE-QUALIFICATIONS

Use the CPD points to maintain professional qualifications

14
*The DORA Foundation course is a prequalification for all
!
and memberships other DORA courses excetp the Risk Director Course

DORA FOUNDATION & DORA FOUNDATION & DORA FOUNDATION &

SAVE 15% PRACTITIONER LEAD AUDITOR COMPLIANCE OFFICER
BY TAKING A
COMBINATION COURSE C-DORA F & P C-DORA F & LA C-DORA F & CO

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 3

Learn your way with our flexible delivery methods

More choice

We want you to learn, qualify and progress, and we are committed to providing learning options for all scenarios: deadline-driven, career-
oriented, company-wide or interest-led.

INSTRUCTOR-LED PUBLIC COURSES SELF-PACED ONLINE LEARNING

Our qualified instructors are seasoned practitioners who enrich Our outstanding course material and the extra practical
the learning experience by sharing their real-world insights. exercises, tools and support make your home learning enjoyable,
digestible and actionable in your work life.

In-venue or Live Online Learn in a way that works for you

Focused learning Study at your own pace
Delivered by expert practitioners Cost-effective
Peer support and networking Bite-sized learning
In-the-moment insights Fits around you

BLENDED LEARNING COURSES IN-HOUSE AND CORPORATE TRAINING

A blend of self-paced and instructor-led learning is proven to As an alternative to booking staff on public courses, we can run
deliver the best outcomes for professionals. training courses solely for your employees, adding material or
elements relevant to your organisation.

Work around lifestyle challenges Building a culture of awareness

A more manageable programme Customised to you
Tailored, mastery-based learning Peace of mind & confidentiality
Better learning outcomes Improve teamwork
One-to-one mentoring included Maximise your budget

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 4

DORA learning pathways for professional development

We are passionate about helping people develop careers using their knowledge of governance, risk and compliance. Our courses are
designed so you can pass exams first time, qualify for new roles and excel in fulfilling them.

Build high-calibre DORA implementation teams

Expedite your DORA implementation by training key project team members. Then you can start planning and building your frameworks
while training other key members of the implementation team as well as those who will be involved in the ongoing maintenance.

Develop people to manage and maintain your DORA framework

To succeed in senior management, a breadth of knowledge is needed, covering general management skills and best practice that is being
implemented within the organisational ecosystem. Our DORA pathways and other career pathways allow you to progress in cyber security,
audit or compliance.

DORA RISK DORA RISK

Experienced directors can take
DIRECTOR • Company Directors DIRECTOR this two-day course without first
• Board Members
having taken the Certified DORA
• CEO, COO
Foundation course
C-DORA RD C-DORA RD

Higher professional
• CIO, CTO CYBER SECURITY FOR qualifications e.g. CISSP,
DORA • CISO, CSO
MANAGERS PATHWAY CEH, CISM and options
PRACTITIONER for aspiring CISOs
• Programme Manager Foundation level
• Legal Adviser
CPD OPTIONS ISO qualifications in compatible
C-DORA P • Cyber Security Manager ISO/IEC frameworks and
• Network Architect
FRAMEWORKS
Financial Regulations

DORA DORA LEAD

• Internal audit
FOUNDATION AUDITOR • Supply chain audits SEE OUR MODULAR TRAINING
• Contracts Managewr SOLUTIONS FOR LEAD AUDITORS
• Operational Risk Manager
C-DORA F C-DORA LA

Foundation level
DORA CPD OPTIONS ISO qualifications in compatible
• Compliance Manager
COMPLIANCE • Compliance Officer
FRAMEWORKS ISO/IEC frameworks and
OFFICER • ISMS Manager
Financial Regulations

• BCMS Manager Progressive learning in

C-DORA CO • PIMS Manager ISO 27001, ISO 22301 compatible ISO/IEC

OR DPO PATHWAY frameworks and Financial
Regulations

SAVE 15% DORA FOUNDATION &

PRACTITIONER
DORA FOUNDATION &
LEAD AUDITOR
DORA FOUNDATION &
COMPLIANCE OFFICER
BY TAKING A
COMBINATION COURSE C-DORA F & P C-DORA F & LA C-DORA F & CO

Create a culture of accountability with staff awareness training

Bring your whole company on board and minimise the risk of bad actors by raising
awareness across the organisation. Our simple and engaging elearning courses take
DORA STAFF AWARENESS ELEARNING
only a few hours but give a great deal to employees and to your organisation as a
whole in terms of embracing the changes DORA ushers in. Build a pro-compliance
A 1-HOUR ONLINE COURSE
culture with staff awareness courses that can be taken online at any time or by
deadlines set by you.

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 5

Expand your knowledge of frameworks
These certifications improve your knowledge of vital areas of information security that are likely to apply and complement DORA training.

CERTIFIED ISO CERTIFIED ISO CERTIFIED ISO

CERTIFIED ISO CERTIFIED ISO
27701 PIMS 27017 CLOUD 27018 CLOUD
27001 ISMS 27001 LEAD
LEAD CONTROLS PRIVACY
FOUNDATION IMPLEMENTER
IMPLEMENTER SPECIALIST SPECIALIST

7 7 14 14 14
CIS F CIS-LI PIMS LI CIS CCS CIS CPS

A comprehensive
introduction to the
critical elements
involved in achieving
compliance with ISO/IEC
27001:2022.
A three-day, accredited
practitioner-led course
that equips you to
support your
organisation in planning,
implementing, managing
and monitoring.
This practitioner-led
course equips you to
implement an
ISO 27701 PIMS and
extend an ISO 27001 ISMS
to deliver an
ISO 27701 PIMS, ensure
compliance with the UK
GDPR and Data
Protection Act (DPA)
2018.
Become equipped to
implement cloud security
controls, assess risks,
ensure compliance and
effectively secure
cloud-based
environments.
Build the knowledge and
skills required to
implement and audit ISO
27018:2019 controls to
ensure the security of
personally identifiable
information (PII) in cloud
services. Essential for
organisations acting as
PII controllers.

Broaden your knowledge, enhance your skills and earn CPD points
Use the CPD points to maintain professional Earn CPD points by
EARN CPD POINTS AS YOU LEARN EARN AS YOU WATCH
These certifications in adjacent fields and disciplines add important risk, incident response and business continuity skills to aidattending
compliance
7 qualifications and memberships or to validate our free
with DORA. All CPD points earned can be used to qualifications
your maintain professional memberships and validate qualifications with certifyingwebinars
bodies.

Use the CPD points to maintain professional Earn CPD points by

EARN CPD POINTS AS YOU LEARN EARN AS YOU WATCH
7 qualifications and memberships or to validate
your qualifications
attending our free
webinars

CERTIFIED
CYBER CERTIFIED ISO
CERTIFIED ISO CERTIFIED ISO CERTIFIED ISO
INCIDENT 22301 BCMS
27005 RISK 22301 BCMS 22301 BCMS
RESPONSE LEAD
MANAGEMENT FOUNDATION LEAD AUDITOR
MANAGEMENT IMPLEMENTER
FOUNDATION

21 7 7 35 21
CIS RM CIRM F CBC F CBC LA CBC LI

A hands-on course
imparting the skills to
perform risk
assessments in line with
the ISO 27005 standard
to complement your ISO
27001 practice.
A one-day course,
covering the principles of
incident response and
business continuity and
the three phases of the
CREST incident response
process.
This one-day
introductory course
covers the concepts and
terminology of business
continuity and the main
processes e.g. business
impact analysis, risk
assessment and incident
response.
Focused on the practical
skills needed to plan ana
execute audits of
business continuity
management systems
and report and follow up
in line with
ISO 22301:2019
A 3-day course geared
towards scoping,
planning and managing a
BCMS in line with ISO
22301, including
evaluating and improving
performance and
preparing for an audit.

Pathways for professionals

We have mapped out learning pathways for data protection officers, auditors, cyber security consultants and other specialist areas, showing
how you can build a career and extend the range of fields that you are qualified in.

Packages for corporate teams

Talk to an expert to identify the training courses that can help develop your compliance and cyber security teams, helping them learn skills
in adjacent ISO frameworks and standards, and accomplish globally recognised professional qualifications.

Talk to a training expert

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 6

Why choose IT Governance for your training needs?
RENOWNED EXPERTS
We are the recognised global leader in the fields that we train in. IT
Governance led the world’s first ISO 27001 certification project and
introduced the world’s first certified GDPR training. Since then, more
than 30,000 professionals have trained with us.
STRUCTURED CAREER PATHWAYS
We help you navigate a wide range of qualifications to build a career.
Through accessible and affordable training and events, you can earn
CPD points to empower your professional journey, maintain your
qualifications and improve your business impact.
MORE WAYS TO LEARN
We offer a wider range of learning formats per course than any other
training provider, including instructor-led courses, self-paced online
training and bespoke courses for organisations. We also offer a unique
blended learning method, designed for the digital age, which combines
Live Online, self-paced and expert tuition.
ISO 17024-ACCREDITED QUALIFICATIONS
IT Governance delivers a unique and unrivalled portfolio of training
courses and examinations leading to ISO 17024-accredited qualifications
awarded by IBITGQ, BCS, ISACA®, EC-Council, PeopleCert(TM) and
Microsoft(R).
PASS FIRST TIME OR TRAIN AGAIN FOR FREE*
More than 30,000 people have passed exams with our training. Pass first time or train again for free.*T&Cs apply
Our training testimonials
‘Recommended course, not only for those without
any great knowledge of the subject matter, but also
for those, like myself, who have auditing experience.
Course materials were excellent, the tutor was able to
demonstrate a high level of knowledge & the course was
delivered at a good pace.’
Chris
‘It’s the second course I have taken with IT Governance
and one of the things I love about the onsite training
facility is the excellent learning guides they provide.
This means you do not have to take notes and can fully
concentrate on the course following the materials.’
Maria
IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING
INSIDER INSIGHTS
We keep you up to date with breaking news and developments in ISO
standards, regulations, best practice and cyber threats, giving you the
‘first to know’ advantage and time to prepare your organisation.
ENGAGING EXPERIENCES
Our courses and learning materials are built and delivered by subject-
matter experts and innovative instructional design specialists with
years of practical, hands-on experience.
LEARN TO EARN
Pay by credit card online or by invoice and, if you are personally
investing in your career, you can spread the cost with our finance
options. Fantastic discounts on books and courses are available for
training graduates and corporate partners.
OUTSTANDING QUALITY
Learn better and faster with exceptional course content. Our course
material includes extra learning aids, and interactive and practical
exercises to help you before, during and after the training so you can
put theory into practice with ease.
‘A very thorough training course. The training offered
me in classroom or remote. I chose classroom. Which
was easy to find, plenty of parking and little traffic. The
trainer was very knowledgeable and experienced. Would
recommend.’
Stephen
‘Comprehensive, in-depth, plenty of context, great
learning materials and take-away information and links
for future reference. The trainer continually ensured
we all had a positive training course experience. Really
enjoyed – Highly recommended.’
Lisa
7
Optimise your budgets and improve outcomes with our
corporate offering

We value our corporate partnerships and are dedicated to delivering exceptional training solutions that help you maintain and improve your
organisation’s cyber defence and compliance capabilities. Corporate partners can enjoy significant discounts and exclusive benefits, along
with the added reassurance of our expert consultants, on stand-by to help you meet audit deadlines or address specific challenges.

Bronze, Silver, Gold and Platinum tiers

Our corporate rates are set out in four tiers based on your annual training spend with IT Governance.
Each tier comes with escalating discounts and unique advantages, so you can enjoy the best possible value for your investment in training.

IT GOVERNANCE EXECUTIVE BRONZE SILVER GOLD PLATINUM

CLUB TIERS Up to 3000 points Up to 10,000 points more than 10,000 points more than 30,000 points

Minimum annual IT Governance spend £20k £30k £40k £50k

Discount 10% 15% 20% 25%

Twice-yearly review with an expert    

Unlimited course date or learner changes*   

One free exam resit per person*  

Free upgrade to super plus training* 

Terms and conditions

• The Corporate Rates programme is applicable only to direct partners and excludes resellers and channel partners.

• The annual IT Governance spend will be calculated from April to March for each financial year, and the benefits will be effective from the
new financial year.

• To qualify for a particular tier, the minimum annual IT Governance spend thresholds must be met.

• Exam resits are subject to specific terms and conditions outlined in our agreement.

Talk to a training expert

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 8

About IT Governance

IT Governance is a leading global provider of cyber risk and data privacy management solutions.

We deliver projects all over the world, across the spectrum of cyber security and resilience, data privacy, incident response and business
continuity. Our unique and unrivalled blend of products and services includes bespoke and fixed-price consultancy, training, toolkits,
software, staff awareness elearning and penetration testing.

We take pride in serving an international customer base, delivering high-quality solutions globally. Our deep industry expertise and focus
on real-world needs enable us to address the unique challenges faced by financial services organisations.

Our credentials
IT Governance is proud of its long-standing commitment to quality in the services we provide and in the processes we use to deliver those
services. We strive for excellence in all aspects of business and believe that both continuing education and professional certifications help
us to better meet our clients’ needs. IT Governance is a member of The GRC International Group of companies.

Achieve international qualifications accredited to ISO 17024

All our training qualifications are accredited to the ISO/IEC 17024:2012 standard. Certifications that meet this standard are recognised
and highly valued by employers globally, and enhanced career opportunities are often made available to those who hold certifications and
relevant experience.

IT Governance delivers a unique and unrivalled portfolio of training courses and examinations leading to ISO 17024-accredited
qualifications awarded by IBITGQ (International Board for IT Governance Qualifications), BCS Professional Certification, ISACA®, EC-Council,
PeopleCert and Microsoft(R).

IT Governance is proud to be partnered with the following exam bodies:

View our DORA training courses

training@itgovernance.co.uk

IT GOVERNANCE | DIGITAL OPERATIONAL RESILIENCE ACT (DORA) TRAINING 9

IT Governance

IT Governance Ltd, Unit 3, Clive Court

www.itgovernance.co.uk
Bartholomew’s Walk
+44 (0)333 800 7000 @ITGovernance
Cambridgeshire Business Park

Ely, CB7 4EA, United Kingdom. /it-governance /ITGovernanceLtd