DORA Resilience Testing: Practical Compliance for Financial Entities (SP0405)

A practical introduction to DORA resilience testing requirements, helping learners understand how financial entities should plan, perform, document and improve ICT resilience testing activities.

✔ Understand why resilience testing is a key DORA obligation ✔ Learn how testing supports digital operational resilience ✔ Recognise different types of ICT resilience testing activities ✔ Understand the importance of remediation, evidence and follow-up ✔ Learn how resilience testing connects to ICT risk management, incident response and governance
Participation Fee
€ 35 (excl. VAT)
Self Paced
1CPD Credits
Language(s)
english

Resilience is not proven by having a plan — it is proven by testing that plan, learning from the results and strengthening your ability to keep critical services running.

Table of Contents

Course Overview
  • Why This Course Matters
  • Who Should Attend
  • Designed as a Self-Paced Learning Experience
  • Course Curriculum
Support & Next Steps
  • Meet the Trainer
Registration
  • Fees & Registration Details

Why This Course Matters

DORA Resilience Testing: Practical Compliance for Financial Entities is a practical, self-paced course designed to help financial services, compliance, risk, ICT, cybersecurity, audit and operational resilience professionals understand DORA requirements for digital operational resilience testing.

As the fifth course in the six-part DORA compliance training series, this module builds on the foundational pillars established in our introductory DORA framework modules:

This course matters because DORA requires financial entities to regularly test their digital operational resilience and maintain evidence that ICT risks are being identified, assessed and addressed. Resilience testing is not only a technical exercise; it is a compliance, governance and assurance activity that supports operational continuity, risk management and regulatory confidence.

Who Should Attend

This DORA resilience testing course is designed for professionals involved in planning, performing, reviewing, evidencing or overseeing ICT resilience testing within financial entities.

It is particularly relevant for:

✔ Compliance officers and regulatory professionals

✔ ICT, cybersecurity and technology risk teams

✔ Operational resilience and business continuity teams

✔ Risk management and internal control teams

✔ Internal auditors and assurance professionals

✔ Senior managers and governance teams overseeing resilience programmes

✔ Third-party risk and vendor management teams involved in supplier resilience

✔ Financial entities preparing testing plans, remediation evidence and supervisory documentation

Designed as a Self-Paced Learning Experience

This is not a recorded webinar or a static PDF.
The course is built as an interactive Moodle and Articulate Rise 360 learning experience. You move through short lessons, plain-English explanations, financial services examples, scenario checks and knowledge questions at your own pace.

What makes the format useful
  • Start anytime: complete the course when it suits your schedule
  • Pause and resume: return to the module when needed
  • Practical examples: connect AI-tools to real case scenarios
  • Knowledge checks: confirm understanding as you progress
  • Consistent learning: useful for team-wide AI-tool awareness
  • Completion evidence: Moodle records participation and certificate release
Three Practical Features
  • Resilience testing explained clearly: understand how DORA expects financial entities to test ICT systems, controls and operational resilience capabilities.
  • Testing obligations made practical: learn how testing plans, scenarios, results, remediation and evidence support DORA compliance.
  • Scenario-based examples: recognise how cyber events, outages, system failures and third-party disruptions can be used to test resilience and recovery readiness.
What You Will Be Able To Do

After completing this course, you will be able to:

  • Explain why digital operational resilience testing is central to DORA compliance
  • Understand the purpose of ICT resilience testing programmes
  • Identify common types of resilience testing activities under DORA
  • Recognise how testing supports risk identification, prevention, response and recovery
  • Understand the importance of documenting testing results and remediation actions
  • Explain how resilience testing connects to ICT risk management, incident reporting and third-party risk
  • Recognise why testing evidence is important for audit readiness and supervisory expectations
  • Describe why DORA resilience testing requires coordination across ICT, cybersecurity, compliance, risk, audit and senior management
What Is Included
  • Interactive Articulate Rise 360 course module
  • DORA resilience testing explanations
  • Financial services and ICT disruption examples
  • Scenario-based knowledge checks
  • Key resilience testing terminology explained in plain English
  • Practical guidance on testing plans, evidence, remediation and follow-up
  • Certificate of completion
  • Moodle completion tracking

To review full updates regarding overarching European supervisory testing guidelines, consult the European Insurance and Occupational Pensions Authority (EIOPA) DORA Hub. For mechanical instructions on filing results and local audit trails within your supervising entities, consult the guidelines found on the Commission de Surveillance du Secteur Financier (CSSF) ICT Cyber Risk Portal

Course Curriculum

Lesson 1.1 – Understanding DORA Resilience Testing Requirements

  • Testing as a regulatory obligation, not best practice
  • Role of resilience testing in the ICT strategy
  • Basic resilience testing requirements
  • Vulnerability assessments, gap analyses and security reviews
  • Threat-Led Penetration Testing requirements

 

Lesson 1.2 – Business Continuity and Disaster Recovery in Practice

  • Business continuity planning under DORA
  • Critical operations and supporting ICT systems
  • Recovery time and recovery point objectives
  • Alternative systems, fallback processes and manual workarounds
    Disaster recovery plans for ICT third-party providers

Lesson 2.1 – Scenario-Based Testing and Continuous Improvement

  • Severe but plausible scenario design
  • Testing scope and third-party involvement
  • Documentation and supervisory scrutiny
  • Remediation planning and follow-up
  • Feeding testing results back into the ICT strategy

Meet the Trainer

Xenia Neophytou Centre 8 Education Trainer
Xenia Neofytou

Founder, Managing Director

Fees & Registration Details

Enrollment Fee
€ 35 + VAT
Sign-up Duration
3 months