DORA Compliance Lead Manager Course prepares professionals to interpret and operationalise DORA compliance requirements, with a focus on digital operational resilience, governance and evidence. The training supports the structured implementation of controls and processes, including ICT risk management, incidents, testing and third parties.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training with interaction with the trainer and the group.
Live Online • next edition
Live Online • base price
Language: available in PT or ENG
Training: practical and compliance-oriented
Exam: 3h
EXCELLENCE AND LEADERSHIP LEVEL – Technical authority and leadership in governance.
Why this course exists
To transform DORA requirements into measurable, tested and governed digital operational resilience — with a focus on ICT risk, incidents and third parties.
Many organisations start DORA merely as a documentary compliance exercise, but fail to create the governance, processes, measures, testing and evidence that sustain digital operational resilience. This course prepares professionals to lead a DORA framework with method, consistency and the ability to drive it through to supervision and audits.
What this course enables you to do
Plan
Define the context, approach and governance model for DORA compliance, aligning responsibilities and ICT risk priorities.
Implement
Design and implement identification, protection and prevention, detection, response and recovery measures, as well as associated operational processes.
Operationalise
Establish ICT incident management and communication, awareness/training programmes, and an ICT third-party risk management framework.
Test & Improve
Prepare and implement digital operational resilience testing, crisis/contingency exercises and continuous improvement based on performance.
Frameworks, standards and best practices addressed throughout the course
Governance & context
ICT risk management
ICT incidents (classification & reporting)
Digital operational resilience testing
Crisis & contingency exercises
ICT third-party risk
Information-sharing arrangements & cooperation
ISO/IEC 27001
NIST CSF 2.0
NIST SP 800-53
CIS Controls
QNRCS (where applicable)
Value for the organisation
- A consistent and operational DORA framework, with governance, ICT risk, measures, incidents and continuous improvement.
- The ability to evidence digital operational resilience through processes, metrics, reporting and testing.
- Reduction of regulatory and operational risk through structured management of third-party ICT service providers.
- Accelerated execution with practical guidance and informed selection of recognised frameworks (ISO/IEC 27001, NIST CSF 2.0, NIST SP 800-53, CIS Controls, among others).
Introduction
The DORA Compliance Lead Manager course addresses the main concepts and requirements for compliance with the DORA Regulation, its relationship with other legal and regulatory requirements of the European Union and others at an international level, and presents recognised frameworks and good practices that may be used to support compliance.
Throughout the course, and based on best practices, participants learn to plan, implement, operationalise, monitor and improve a framework that supports DORA compliance, from defining the context and governance model through to operation, testing and continuous improvement.
The course covers requirements for ICT risk management (including third parties), incident management and response, and digital resilience measures, including plans and the mandatory execution of testing.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC – Portugal.
General Objectives
At the end of this course, participants will be able to:
- Introduce the fundamental concepts, structure, scope and objectives of the DORA Regulation.
- Frame DORA in relation to other regulations and legislation of the European Union and the international context.
- Support the selection of information security and cybersecurity frameworks and standards to support compliance.
- Define the methodological approach to plan, design and implement a DORA compliance framework, aligned with the organisational context, governance and ICT risk management.
- Understand and implement ICT risk management requirements, including prevention, detection, response and recovery measures.
- Establish risk management for third parties and ICT service providers.
- Define awareness programmes, training, incident management, digital operational resilience testing and crisis exercises.
- Assess performance, review and continuously improve the compliance framework with the DORA Regulation.
Target Audience
- ICT risk, cybersecurity and compliance professionals in financial institutions and other in-scope entities.
- Managers and decision-makers responsible for governance, internal control, incidents and operational resilience.
- Third-party/supplier managers and procurement/outsourcing teams responsible for ICT third-party risk.
- Consultants and auditors supporting DORA programmes and preparation for supervisory activities.
Prerequisites
There are no mandatory formal prerequisites. However, experience or exposure to contexts of governance, risk management, compliance, IT operations and/or cybersecurity is recommended, as well as familiarity with ICT risk concepts and third-party management.
Additionally, other specific requirements may apply, where relevant, depending on the quotation/proposal presented (please consult the proposal).
Programme
1. DORA Regulation Context and Fundamentals
- Introduction to the course and objectives
- Concepts and principles in the context of the DORA Regulation
- Structure, scope and objectives of the DORA Regulation
- The relationship between DORA and other European Union compliance requirements and international references
- Overview and selection criteria for recognised information security and cybersecurity frameworks to support DORA compliance
2. Design of the DORA Compliance Framework
- Methodological approach to design and implement the compliance framework
- Planning and designing the framework for DORA compliance
- Governance model, responsibilities and organisation of the framework
- Design of the ICT risk management framework
- Internal risk management
- Management of risk associated with third parties and ICT service providers
- DORA requirements for identification, protection and prevention, detection, response and recovery measures
- Simplified ICT risk management framework
3. Implementation and Operation of the DORA Framework
- Approach to designing and implementing compliance measures
- Implementation and operation of the DORA compliance framework
- Management of ICT third-party risk
- Selection and monitoring of critical third parties
- Role of oversight structures
- Awareness and training programmes in digital operational resilience
- Management, classification and reporting of ICT-related incidents
- Digital operational resilience testing programme
- Communication, crisis management, contingency and exercises
4. Supervision, Cooperation and Continuous Improvement
- Information-sharing arrangements, competent authorities and cooperation mechanisms
- Performance evaluation of the compliance framework
- Monitoring, measurement, learning and evolution
- Review and continuous improvement of the effectiveness of the measures and of the DORA compliance framework
Exam(s) and Certification
Exam “Certified DORA Compliance Lead Manager”
The exam covers the following competence domains:
- Domain 1: DORA fundamentals, structure and scope
- Domain 2: Framework design (governance, ICT risk, measures)
- Domain 3: Implementation and operation (incidents, third parties, training)
- Domain 4: Testing, exercises, performance and improvement
Language(s): Portuguese and English (please consult BEHAVIOUR for availability in other languages).
Duration: 3 hours.
Format: 1 case study with 12 open questions.
Results: “Pass or Fail”.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the date the exam result is made available.
Certification (levels and requirements)
After successfully completing the exam and accepting/signing the applicable agreement and Code of Ethics, the candidate may apply for one of the three levels, according to experience:
- Certified DORA Compliance Associate Manager
- Certified DORA Compliance Manager
- Certified DORA Compliance Lead Manager
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all the requirements of the certification for which they apply. Certification is issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
The personal certification programme “Certified DORA Compliance Lead Manager” is designed and maintained in accordance with ISO/IEC 17024.
Certification programmes are valid only for individuals (not companies), and the granting and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement/Code of Ethics.
If the professional does not comply with the agreement/Code of Ethics, certification is not granted or is revoked.
Other Information
General Information
- Training in Portuguese or English
- Online training materials in English, with online access, in accordance with the awarded conditions
- Practical step-by-step implementation methodology
- Behaviour digital Training Attendance Certificate with 40 CPD/CPE credits
- Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date
- If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result
- Digital Certification Diploma and Digital Certification Badge, after successfully passing the exam and completing the application process. This registration has no associated cost
Trainer(s)
Benefits
View benefits
- Capability to drive DORA from requirement to operation: governance, ICT risk, measures, incidents, testing and evidence.
- Improved digital operational resilience through testing programmes and crisis/contingency exercises.
- Structured management of ICT third-party risk, reducing concentration risk and weaknesses across the supply chain.
- Objective preparation for the Certified DORA Compliance Lead Manager exam (case study with open questions).
- Exam supervised by an official BEHAVIOUR administrator and 1 free retake within the period defined in the applicable scheme.
Logistics
Useful information
- Live Online (synchronous time): 09h30–17h30 (Lisbon, GMT 0), with lunch break and short breaks
- Classroom (synchronous time): 09h30–17h30 (Lisbon, GMT 0), with lunch break and short breaks
- 28 hours of synchronous training, distributed across 4 consecutive week days
- Estimated 12 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly and outside the synchronous sessions
- Requirements: computer with stable internet, browser, PDF reader and audio/video
Hotels in Lisbon
Frequently Asked Questions
Objective answers to the most common questions about the DORA Compliance Lead Manager course (coming soon)
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Request Information
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
Request Proposal