Featured

Operational Resilience under DORA: From Regulation to Readiness

5 Curriculumn
( 0 Reviews )
Social Share
Add to Cart
45

Course outline:

  1. DORA Overview

    2. →What is DORA and why it matters

    →Structure of DORA legislation (Levels 1–3)

    →Entities covered and exemptions (Articles 2(1) & 2(3))

    →DORA’s alignment with other EU regulatory frameworks

    →Cyprus implementation (Notice No. 252/2025)

    →CySEC Directive OD 73-2009-07 (Fees & Contributions)

  2. Pillar I: ICT Risk Management

    3. →Governance and accountability of the management body (Articles 5–7)

    →Regulatory Technical Standards (Reg. 2024/1774) overview

    →Full vs. Simplified ICT Risk Management Frameworks

    →ICT governance, strategy, and policies

    →ICT change management, continuity, and third-party oversight

    →Simplified framework qualification process

    →Scenario-based exercise: “Data storage and governance responsibility”

  3. Pillar II: ICT-related Incident Management and Reporting

    4. →Defining ICT incidents and major incident thresholds

    →Reporting procedures and regulatory timelines (Reg. 2025/301)

    →Internal coordination and communication

    →Post-incident review and continuous improvement

    →Scenario-based exercise: “Phishing email response”

  4. Pillar III: Digital Operational Resilience Testing

    5. →Purpose and scope of resilience testing

    →Threat-Led Penetration Testing (TLPT) requirements

    →Role of employees during resilience tests

    →Scenario-based exercise: “Participating safely during a cyber test”

  5. Pillar IV: ICT Third-Party Risk Management

    6. →Defining “critical or important” ICT services

    →Contractual and subcontracting requirements (Reg. 2024/1773 & Reg. 2025/532)

    →Register of Information (Reg. 2024/2956) – structure and data principles

    →Oversight of Critical ICT Third-Party Providers (CTPPs)

    →Scenario-based exercise: “Using unapproved cloud tools”

  6. Pillar V: Information Sharing and Cooperation

    7. →Voluntary information-sharing arrangements

    →Benefits of collective cyber intelligence

    →Internal escalation and reporting channels

    →Scenario-based exercise: “Sharing cyber threat information responsibly”

Target audience:

This course is designed for professionals across the regulated financial services ecosystem who play a role in governance, risk, compliance, ICT, and operations. It is particularly suitable for:

  • Compliance Officers & AML Officers (CIFs, AIFMs, UCITS, CASPs, insurers, payment institutions)
  • ICT Security and Risk Officers
  • Board Members and Senior Managers responsible for oversight of ICT and outsourcing
  • Internal Auditors and Risk Managers assessing DORA readiness
  • Operations & Continuity Managers involved in incident response and testing
  • Legal, Data Protection & Governance Professionals dealing with outsourcing contracts and risk registers

Expected time to complete the course:

Recorded time: 2 hours 15 minutes
Reading and Testing: 45 minutes

Presented by:

Course is prepared by DELFI CORPORATE SERVICES LTD
Instructor: Mrs. Svetlana Tutunaru, MBA, holder of CySEC Advanced & AML Certificates – Personal Identification number CN2386, with on-hands experience and skills in the industry for over 15 years, including experience in practical application and advisory work in relation to the MIFID, MAR, AML/TF legislation in Cyprus and other jurisdictions, acts as appointed Internal Auditor and Compliance officer or Compliance Support in number of licensed brokers and funds in Cyprus.

Course Info
  • ,
  • 4
  • 1
  • 3 hours13 minutes