DORA Governance and ICT Risk Management: Building a Resilient Framework (SP0402)

A practical introduction to DORA governance and ICT risk management requirements, helping learners understand how financial entities can build a resilient, compliant and well-documented ICT risk framework.

✔ Understand DORA governance expectations ✔ Learn how ICT risk management supports digital operational resilience ✔ Recognise senior management and board-level responsibilities ✔ Identify key elements of a DORA-aligned ICT risk management framework ✔ Understand how policies, controls, monitoring and evidence support compliance
Participation Fee
€ 70 (excl. VAT)
Self Paced
2CPD Credits
Language(s)
english

“DORA turns ICT risk from a technical issue into a board-level responsibility — requiring clear accountability, structured governance and resilience that can be evidenced in practice.”

Table of Contents

Course Overview
  • About the DORA Governance and ICT Risk Management Self-Paced Course
  • Who Should Attend
  • Designed as a Self-Paced Learning Experience
  • Course Curriculum
Support & Next Steps
  • Meet the Trainer
Registration
  • Fees & Registration Details

About the DORA Governance and ICT Risk Management Self-Paced Course

DORA Governance and ICT Risk Management: Building a Resilient Framework is a practical, self-paced course designed to help financial services, compliance, risk, ICT, audit and governance professionals understand how DORA strengthens expectations around ICT risk management, accountability and digital operational resilience.

As the second course in the six-part DORA compliance training series, this module builds on the foundations of DORA scope and obligations by focusing on governance structures, ICT risk management frameworks, senior management responsibilities, internal controls, documentation and evidence. Learners will understand how financial entities can organise, monitor and demonstrate effective ICT risk management under DORA.

The DORA Compliance Pathway

This course is the structural architecture of the SP04 series. We recommend completing the full cluster for an audit-ready compliance profile:

This course matters because DORA places clear responsibility on financial entities to manage ICT risk in a structured, documented and accountable way. Technology risk is no longer only an IT concern; it is a regulatory, governance and operational resilience issue requiring board-level attention, cross-functional coordination and ongoing oversight.

Who Should Attend

This DORA governance and ICT risk management course is designed for professionals involved in managing, overseeing, assessing or evidencing ICT risk within financial entities.

It is particularly relevant for:

✔ Compliance officers and regulatory professionals

✔ Risk management and operational resilience teams

✔ ICT risk, cybersecurity and technology governance teams

✔ Internal auditors and assurance professionals

✔ Senior managers, board support teams and governance professionals

✔ Finance, operations and control functions involved in resilience planning

✔ Legal, procurement and third-party risk teams supporting ICT governance

✔ Financial entities building or reviewing their DORA ICT risk management framework

Designed as a Self-Paced Learning Experience

This is not a recorded webinar or a static PDF. The course is built as an interactive Moodle and Articulate Rise 360 learning experience. You move through short lessons, plain-English explanations, financial services examples, scenario checks and knowledge questions at your own pace.

What makes the format useful
  • Start anytime: complete the course when it suits your schedule
  • Pause and resume: return to the module when needed
  • Practical examples: connect AI-tools to real case scenarios
  • Knowledge checks: confirm understanding as you progress
  • Consistent learning: useful for team-wide AI-tool awareness
  • Completion evidence: Moodle records participation and certificate release
Three Practical Features
  • Governance responsibilities explained clearly: understand how DORA assigns accountability for ICT risk and digital operational resilience.
  • ICT risk management made practical: see how policies, controls, monitoring, classification and reporting support a resilient framework.
  • Framework-focused examples: recognise how financial entities can organise responsibilities, evidence controls and prepare for supervisory expectations.
What You Will Be Able To Do

After completing this course, you will be able to:

  • Explain why ICT risk management is central to DORA compliance
  • Understand senior management and board responsibilities under DORA
  • Identify the key components of a DORA-aligned ICT risk management framework
  • Recognise how ICT policies, procedures and controls support digital operational resilience
  • Explain the importance of risk identification, protection, prevention, detection, response and recovery
  • Understand how documentation and evidence support regulatory readiness
  • Recognise how ICT risk connects to incident reporting, third-party risk and resilience testing
  • Describe why DORA governance requires coordination across compliance, risk, ICT, audit and senior management
What Is Included
  • Interactive Articulate Rise 360 course module
  • DORA governance and ICT risk management explanations
  • Financial services examples
  • Scenario-based knowledge checks
  • Key ICT risk and governance terminology explained in plain English
  • Practical guidance on building a resilient ICT risk framework
  • Certificate of completion
  • Moodle completion tracking
Strategic Internal Portfolio Bridges

To navigate seamlessly across the Centre8 portfolio and scale up your regulatory mastery, deploy the targeted bridge channels below:

The Pre-Requisite Journey Link (Module 1)

If you have not yet completed the structural definitions, perimeter settings, and entities list for this regulation, we highly advise stepping back to module one: DORA Compliance Training Course Self Paced: Foundations & Scope 

The Live Mastery Upgrade Bridge

Asynchronous modules establish core framework clarity, but building audit-ready reporting registries and testing systems demands interactive operational deep dives. For practitioners tasked with overseeing structural audits or executing threat-led penetration testing (TLPT) channels under CySEC or Central Bank scrutiny, upgrade your learning via our live-online seminar: DORA Compliance Training Financial Sector Cyprus 

The Boardroom Governance Bridge

DORA elevates tech risk to an un-delegable fiduciary duty for corporate boards. For executive directors, company secretaries, and senior legal advisors needing to embed digital risk alongside broader ESG reporting structures, view our premium boardroom seminar: Corporate Governance, ESG & Digital Risk Course for Boards

The Cross-Sector Infrastructure Bridge

DORA targets financial entities explicitly. If your corporate framework involves non-financial services, critical utilities, public data networks, or cross-border logistics audited under the Cyprus Digital Security Authority (DSA) mandate, switch to our: NIS2 Directive Compliance Training Cyprus

External Regulatory Authority References

To review current technical standards and statutory requirements on corporate risk compliance pipelines, consult the official guidelines issued by the European Insurance and Occupational Pensions Authority (EIOPA) alongside localized supervision frameworks on the Cyprus Securities and Exchange Commission (CySEC) platform.

Course Curriculum

Lesson 1.1 – Board-Level Governance and Accountability under DORA

  • Ultimate responsibility of the management body
  • Board accountability for digital operational resilience
  • Appointment of a Chief ICT Officer or equivalent role
  • Long-term governance obligations under DORA
  • Regular reporting and oversight of ICT risk

 

Lesson 1.2 – Designing a Robust ICT Risk Management Framework

  • Required components of the ICT risk management framework
  • Policies, procedures, protocols and guidelines
  • Risk tolerance and impact tolerance requirements
  • Detection, protection and prevention mechanisms
  • Incident reporting and escalation procedures

Lesson 2.1 – Developing and Aligning the ICT Strategy

  • Requirement to prepare a formal ICT strategy
  • Alignment with business objectives and resilience goals
    ICT architecture, data flows and dependencies
  • Multi-vendor strategy and ICT third-party reliance
  • Resilience testing and incident communication strategy

 

Lesson 2.2 – Internal Controls and Group Governance Responsibilities

  • Governance arrangements at group level
  • Consistent application of DORA requirements across group entities
  • Assignment of responsibilities for ICT contractual arrangements
    Skills, experience and knowledge requirements
  • Assessment of ICT third-party provider resources

Lesson 3.1 – Applying DORA Governance and Risk Management in Practice

  • Practical application of governance requirements
  • Identifying gaps in ICT risk frameworks
  • Reviewing accountability and escalation structures
  • Testing whether policies are operationally effective
  • Preparing for supervisory review

Meet the Trainer

Xenia Neophytou Centre 8 Education Trainer
Xenia Neofytou

Founder, Managing Director

Fees & Registration Details

Enrollment Fee
€ 70 + VAT
Sing-up Duration
3 months