DORA: Fundamentals, Risk Management, and Organizational Readiness
Training based on the practical aspects and responsibilities arising from the DORA (Digital Operational Resilience Act) Regulation.
About the training
Training on the Requirements of the DORA Regulation
We invite you to a one-day training dedicated to the DORA Regulation, which focuses on the key aspects of this regulation. Participants will gain in-depth knowledge about the requirements of the Regulation, including risk management related to external suppliers and Information and Communication Technologies (ICT). The combination of theoretical sessions and practical workshops will allow participants to master the most important elements of DORA, such as its objectives, principles, and requirements, which are crucial in the context of collaboration with various suppliers and service providers.
The detailed scope of the training is presented below.
Training objective
- Understanding the DORA Regulation: Explanation of key concepts and principles outlined in the regulation, enabling participants to fully comprehend its objectives and scope of application.
- ICT Risk Assessment and Management: Acquiring the necessary skills to identify, assess, and manage risks related to Information and Communication Technologies within the organization.
- ICT Incident Management: Mastering the processes related to identifying, classifying, and responding to ICT incidents, thereby enhancing the organization’s ability to minimize their impact.
- Supplier Risk Management: Developing competencies in evaluating and monitoring external suppliers, which is essential for ensuring operational security and continuity.
Target audience for the training
This specialized cybersecurity training is tailored for employees at various management levels within the company, who are involved in protecting data and IT systems. It is specifically aimed at individuals responsible for meeting the requirements of the DORA Regulation. The course is also open to members of legal, IT, and security departments, as well as anyone wishing to deepen their knowledge and skills in the field of cybersecurity.
Language of the training
The training is conducted in Polish. There is a possibility of organizing the training in English upon request.
Training methodology
Achieving effective training outcomes is possible through selecting the appropriate topics and training methods tailored to the participants’ specific needs and the subjects being addressed. Below, we present the methods and techniques we employ:
LECTURE
We deliver knowledge to participants using dedicated teaching aids, such as multimedia presentations. This is the foundation of the training, introducing the topic, discussing key concepts, and outlining roles, processes, and procedures.
PRACTICAL EXAMPLES
As practitioners, we base our training programs on real-life incidents tailored to specific problems. We assist participants in independently arriving at conclusions and solutions. Our training is highly focused on practical applications and skill development.
DISCUSSION
Participants express their opinions and share experiences. A well-structured discussion topic often generates significant emotional engagement through the confrontation of differing viewpoints. This enables the development of common solutions or the preparation of arguments on a given subject.
BRAINSTORMING
We generate a multitude of ideas and solutions in a short time for specific problems or scenarios. This method engages participants, stimulating creative thinking and innovation.
EXERCISES
Practical tasks related to the training subject, such as process creation or case study analysis, effectively complement lectures and practical examples.
TESTS
We assess the participant’s knowledge and skills to identify competency gaps and appropriately plan the educational process to enhance their abilities. Depending on the training’s nature, this can be done using various tools, such as knowledge tests or performance evaluations.
SIMULATIONS
Simulations provide a realistic experience where participants actively engage and witness the consequences of their actions.
SUMMARY
At the end of each topic, we summarize the covered material. This activity, led by the trainer, highlights the key points of the subject matter while allowing participants to assess their understanding.
Trainer
TOMASZ PTAK
A graduate of Law from the University of Silesia in Katowice. Certified Lead Auditor ISO 27001. For over a decade, he has been conducting training in personal data protection. Currently, he focuses primarily on training and consulting with an emphasis on security and cybersecurity.
He provides advisory and training services for implementing, improving, and optimizing information security systems based on the most popular international standards. Tomasz has conducted dozens of audits in the fields of information security and cybersecurity and around 200 training sessions on personal data protection.
An expert in the areas of information security, cybersecurity, and personal data protection.
Training program
Day 1
9.00-16.00
- Training Program
- Welcome Participants
- Introduction to the DORA Act – Key Concepts and Topics
- Discussion of DORA regulation to enhance and organize participants’ understanding of the directive and related obligations.
- ICT Risk Management
- Topics covered:
- ICT Risk Identification
- ICT Risk Assessment
- ICT Risk Management
- Monitoring and Controlling the IT Environment
- Emergency Actions and Recovery
- Break
- ICT Incident Management
- Topics covered:
- ICT Incident Management Planning
- ICT Incident Identification
- ICT Incident Classification
- ICT Incident Response Methods
- Internal Communication and Coordination
- Incident Analysis: Corrective Actions and Adjustments
- Break
- Third-Party Risk Management
- Topics covered:
- Identifying Risks Related to Vendors
- Vendor Risk Assessment
- Vendor Selection Based on Risk Analysis Results
- Vendor Monitoring and Evaluation
- Summary
- Time allocated for additional participant questions on topics not covered during the training.
Training price
Price per participant: 2,900 PLN (net)
Terms and conditions for participation
The training fee covers the right to attend a one-day training session for one participant.
The fee includes training materials, a certificate, coffee breaks, and lunch during the training. Accommodation is not included.
Payment must be made based on a correctly issued VAT invoice within 14 days from the invoice date, to the bank account indicated on the invoice.
Confirmation of the registration will be sent to the email address provided in the registration form.
The organizer reserves the right to cancel the course. In the event of a course cancellation by the organizer, participants will receive a full refund of the training fee. A written withdrawal of registration made at least 10 business days before the training start date will incur a fee of 30% of the training cost. A written resignation made less than 10 business days before the training start date will result in a charge of 100% of the training fee.
The training fee listed in the training schedule is net, and should be increased by the current VAT rate.
The person/organization registering for the training grants permission to PBSG SA, based in Poznań at Szyperska 14, to process the provided personal data for the purpose of fulfilling the order.
Certificates of participation will be sent to participants after meeting the conditions of at least 70% correct answers on the knowledge test and payment completion.
To participate in the training, the registration form must be completed.
Submitting the registration form means acceptance of the participation terms and consent to the processing of the participants’ personal data by PBSG SA for the purpose of fulfilling the order as well as for promotion and marketing purposes of PBSG SA.
Organizational information
- Training quality
The training was conducted in accordance with the Service Training Quality Standards Book.
Registration for in-person training
Please fill out this form if you would like to participate in the on-site training. If you are interested in online participation, please sign up here: Registration Form for Online Training.
Submitting the registration form means acceptance of the participation terms.
Training program
Day 1
9.00-16.00
- Welcome participants
- Introduction to the DORA Act – basic concepts and issues
- Discuss with the participants the issues related to the DORA regulation to increase and systematize their awareness of the directive and the related obligations they must fulfill.
- ICT risk management
- Discuss topics such as:
- ICT risk identification
- ICT risk assessment
- ICT risk management
- Monitoring and controlling the IT environment
- Emergency actions and recovery
- Break
- Managing ICT-related incidents
- Planning ICT incident management
- ICT incident identification ICT incident classification
- Ways of responding to ICT incidents
- Internal communication and coordination within the organization
- Incident analysis: corrective actions and improvements
- Break
- Managing risks from external suppliers
- Identifying risks related to suppliers
- Supplier risk assessment Selecting suppliers based on risk analysis results
- Monitoring and evaluating suppliers
- Summary
- The training time is allocated for additional questions from participants on topics not covered during the training.
Training price
Price per participant: 1,550 PLN (net)
Terms of participation
The training price covers the right to attend a one-day training session for one participant.
The price includes training materials and a certificate.
Payment will be made based on a correctly issued VAT invoice within 14 days from the invoice date to the organizer’s bank account indicated on the invoice.
The registration confirmation will be sent to the email address provided in the registration form.
The organizer reserves the right to cancel the course. In the event of a cancellation by the organizer, participants will receive a full refund of the course fee. Written withdrawal of the participant’s registration at least 10 business days before the course start date will incur a fee of 30% of the training price. A written resignation submitted less than 10 business days before the course start date will incur a 100% fee of the training price.
The price listed in the training schedule is the net price and should be increased by the applicable VAT rate.
The person/organization registering for the training authorizes PBSG SA, based in Poznań at Szyperska 14, to process the provided personal data for the purpose of fulfilling the order.
Certificates of participation will be sent to participants who meet the conditions of at least 70% correct answers in the knowledge test and have settled the payment.
To participate in the training, the registration form must be completed.
Submitting a registration implies acceptance of the terms of participation and consent to the processing of personal data of registered participants for the purpose of fulfilling the order as well as for the promotion and marketing activities of PBSG SA.
Organizational information
Participants of the online training will receive access to the training platform. On the day of the training, they must log in to the platform. The training will begin at the scheduled time. During the training, the screen will be divided into three sections: presentation, trainer, and chat. Communication during the training will take place through the chat.
- Technical requirements:
Hardware requirements: A computer with internet access, a processor of at least 1.6GHz, and a minimum of 4GB RAM.
Browser: The latest version of Chrome, Mozilla Firefox, or Safari.
- Quality of training
-
- The training is conducted in accordance with the Book of Quality Standards for Training Services.
Registration for online training
Fill out this form if you wish to participate in the online training. If you are interested in attending the in-person training, please sign up here: Registration Form for Offline Training.
Submitting the registration form means you accept the terms and conditions of participation.
Dedicated exclusively to your organization – this approach ensures comfort and flexibility, allowing for a detailed discussion of specific issues and situations in your organization. We understand that every business is different, and to effectively apply the acquired knowledge to your organization, we tailor the examples presented to your specific needs and business situation.
Training program
Day 1
9.00-16.00
Training Program:
- Welcome and Introduction
- Brief introduction to the training and objectives.
- Introduction to DORA (Digital Operational Resilience Act) – Key Terms and Concepts
- Overview of DORA regulation.
- Discussion on the importance of DORA in strengthening operational resilience.
- Clarifying the obligations stemming from DORA.
- Managing ICT-related Risks
- Identifying ICT risks.
- Assessing ICT risks.
- Managing ICT risks effectively.
- Monitoring and controlling the IT environment.
- Emergency actions and recovery procedures.
- Break
- ICT Incident Management
- Planning for ICT incident management.
- Identifying ICT incidents.
- Classifying ICT incidents.
- Response strategies for ICT incidents.
- Communication and coordination within the organization.
- Post-incident analysis: corrective actions and improvements.
- Break
- Managing Risks from External Suppliers
- Identifying risks from external suppliers.
- Assessing supplier risks.
- Selecting suppliers based on risk analysis.
- Ongoing monitoring and evaluation of suppliers.
- Conclusion and Q&A
- Summary of key points discussed.
- Open floor for additional participant questions or clarifications on any topic.
How does it work?
Step 1
REGISTRATION
In the first step, fill out the registration form to let us know your interest in organizing a dedicated training session for your company.
Step 2
DATE
We will set the date and location of the training – we will adapt to your availability and individual expectations.
Step 3
PRICE
We will present the commercial terms for organizing the training based on the agreed parameters and the number of participants.
Step 4
TRAINING
We will carry out the tailored training according to the agreed conditions.
Request a quote for an internal training
Organizers
