This training course is designed to meet the requirements mentioned in article 5.4 of the DORA regulation. It aims to provide management bodies with the knowledge and skills they need about governance, contracts with ICT service providers, ICT risk management and the impact on operations.
It includes:
- Cyber news as it is induced by DORA
- The fundamentals of DORA
- A reminder of the “Risks – Measures – Controls” trio and the essentials of Cyber risk management
- What it takes to move your organization towards compliance
Course overview
- Understand the main objectives of the DORA regulation
- Make management accountable for meeting regulatory obligations
- Identify matrix concepts and notions
- Master the impact of the DORA regulation on contracts (pre-contractual phase and dedicated clauses)
Course Curriculum
ICT risk management
- Limit disruption caused by incidents with appropriate risk management and monitoring systems
- Document the ICT risk management framework
- Identify the most critical service providers
- Mapping risks to establish mitigation measures
ICT incident reports
- Enhance the ICT incident management system to ensure an effective response to current threats
- Update and improve existing systems using monitoring and testing data
Digital operational resilience test
- Test the effectiveness of the ICT risk management framework by testing systems and responding to threats with minimum impact
- Document the methods implemented to counter risks and achieve resilience objectives
- Document business continuity and recovery plans
- Conduct penetration tests
Risk management for third-party ICT service providers
- Propose a holistic vision of the management of ICT service providers, particularly providers of critical and important functions
- Document a risk strategy for third-party ICT service providers
- Comply with the pre-contractual requirements : identification and assessment
- Set minimum contractual requirements
- Update a register of contracts related to ICT service providers
Sharing information and intelligence
- Define a communication strategy to promote the sharing of information on cyber threats between financial entities
- Gather informations on cyber threats
- Contribute to information sharing between financial entities
- Train managers and employees on digital operational resilience
Method of Assessment
Training benefits
- Industry-specific training provided by a regulatory compliance expert and by a lawyer with expertise in IT, compliance and security
- Recommandations and keys for what’s next
Who should attend?
- Top management
- Any collaborator involved in the DORA regulation, on an occasional or permanent basis
Entry Requirements
No prerequisites
How and when to access
The participant is considered registered when:
- The prerequisites and needs are identified and validated
- The training agreement is signed
Registration requests can be sent up to 10 working days before the start of the training.
Accessibility
Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.
If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.
Duration
2 hours
Price
Contact us
Financing
OPCO support