DORA Resilience Testing: Practical Compliance for Financial Entities (SP0405)
A practical introduction to DORA resilience testing requirements, helping learners understand how financial entities should plan, perform, document and improve ICT resilience testing activities.
✔ Understand why resilience testing is a key DORA obligation ✔ Learn how testing supports digital operational resilience ✔ Recognise different types of ICT resilience testing activities ✔ Understand the importance of remediation, evidence and follow-up ✔ Learn how resilience testing connects to ICT risk management, incident response and governanceResilience is not proven by having a plan — it is proven by testing that plan, learning from the results and strengthening your ability to keep critical services running.
Table of Contents
- Why This Course Matters
- Who Should Attend
- Designed as a Self-Paced Learning Experience
- Course Curriculum
- Meet the Trainer
- Fees & Registration Details
Why This Course Matters
DORA Resilience Testing: Practical Compliance for Financial Entities is a practical, self-paced course designed to help financial services, compliance, risk, ICT, cybersecurity, audit and operational resilience professionals understand DORA requirements for digital operational resilience testing.
As the fifth course in the six-part DORA compliance training series, this module builds on the foundational pillars established in our introductory DORA framework modules:
- SP0401. DORA Compliance Essentials: Scope, Obligations and Practical Implementation — The baseline entry point.
- SP0402. DORA Governance and ICT Risk Management: Building a Resilient Framework — The management structure.
- SP0403. DORA Managing ICT Third-Party Risk Under DORA: Practical Compliance for Financial Entities — The vendor shield.
- SP0404. DORA ICT Incident Classification and Reporting: Practical Guidance for Financial Entities — The responder.
- SP0405. DORA Resilience Testing: Practical Compliance for Financial Entities — (You are here).
- SP0406. DORA Implementation Readiness: Registers, Evidence, Board Oversight and Supervisory Expectations — The final audit audit-trail.
This course matters because DORA requires financial entities to regularly test their digital operational resilience and maintain evidence that ICT risks are being identified, assessed and addressed. Resilience testing is not only a technical exercise; it is a compliance, governance and assurance activity that supports operational continuity, risk management and regulatory confidence.
Who Should Attend
This DORA resilience testing course is designed for professionals involved in planning, performing, reviewing, evidencing or overseeing ICT resilience testing within financial entities.
It is particularly relevant for:
✔ Compliance officers and regulatory professionals
✔ ICT, cybersecurity and technology risk teams
✔ Operational resilience and business continuity teams
✔ Risk management and internal control teams
✔ Internal auditors and assurance professionals
✔ Senior managers and governance teams overseeing resilience programmes
✔ Third-party risk and vendor management teams involved in supplier resilience
✔ Financial entities preparing testing plans, remediation evidence and supervisory documentation
Designed as a Self-Paced Learning Experience
This is not a recorded webinar or a static PDF.
The course is built as an interactive Moodle and Articulate Rise 360 learning experience. You move through short lessons, plain-English explanations, financial services examples, scenario checks and knowledge questions at your own pace.
- Start anytime: complete the course when it suits your schedule
- Pause and resume: return to the module when needed
- Practical examples: connect AI-tools to real case scenarios
- Knowledge checks: confirm understanding as you progress
- Consistent learning: useful for team-wide AI-tool awareness
- Completion evidence: Moodle records participation and certificate release
- Resilience testing explained clearly: understand how DORA expects financial entities to test ICT systems, controls and operational resilience capabilities.
- Testing obligations made practical: learn how testing plans, scenarios, results, remediation and evidence support DORA compliance.
- Scenario-based examples: recognise how cyber events, outages, system failures and third-party disruptions can be used to test resilience and recovery readiness.
After completing this course, you will be able to:
- Explain why digital operational resilience testing is central to DORA compliance
- Understand the purpose of ICT resilience testing programmes
- Identify common types of resilience testing activities under DORA
- Recognise how testing supports risk identification, prevention, response and recovery
- Understand the importance of documenting testing results and remediation actions
- Explain how resilience testing connects to ICT risk management, incident reporting and third-party risk
- Recognise why testing evidence is important for audit readiness and supervisory expectations
- Describe why DORA resilience testing requires coordination across ICT, cybersecurity, compliance, risk, audit and senior management
- Interactive Articulate Rise 360 course module
- DORA resilience testing explanations
- Financial services and ICT disruption examples
- Scenario-based knowledge checks
- Key resilience testing terminology explained in plain English
- Practical guidance on testing plans, evidence, remediation and follow-up
- Certificate of completion
- Moodle completion tracking
To review full updates regarding overarching European supervisory testing guidelines, consult the European Insurance and Occupational Pensions Authority (EIOPA) DORA Hub. For mechanical instructions on filing results and local audit trails within your supervising entities, consult the guidelines found on the Commission de Surveillance du Secteur Financier (CSSF) ICT Cyber Risk Portal
Course Curriculum
Lesson 1.1 – Understanding DORA Resilience Testing Requirements
- Testing as a regulatory obligation, not best practice
- Role of resilience testing in the ICT strategy
- Basic resilience testing requirements
- Vulnerability assessments, gap analyses and security reviews
- Threat-Led Penetration Testing requirements
Lesson 1.2 – Business Continuity and Disaster Recovery in Practice
- Business continuity planning under DORA
- Critical operations and supporting ICT systems
- Recovery time and recovery point objectives
- Alternative systems, fallback processes and manual workarounds
Disaster recovery plans for ICT third-party providers
Lesson 2.1 – Scenario-Based Testing and Continuous Improvement
- Severe but plausible scenario design
- Testing scope and third-party involvement
- Documentation and supervisory scrutiny
- Remediation planning and follow-up
- Feeding testing results back into the ICT strategy
Meet the Trainer