FRANKFURT SCHOOL

BLOG

The future is DORA – Four top training programmes
Executive Education / 3 February 2025
  • Share

  • 1782

  • Print
Dr. Lobbes works as IT Compliance Officer at Eurex Clearing AG within Deutsche Börse Group. In addition, he has been teaching at Frankfurt School for many years in the areas of IT governance and risk management.

To Author's Page

More Blog Posts
Growth-Capital: Frühphasenfinanzierung als Schlüssel zur Zukunft
Agentic Artificial Intelligence: From Co-Pilots to Auto-Pilots in Auditing
5 Practical Use Cases of AI in Financial Services

DORA was already adopted on 14 December 2022 as Regulation (EU) 2022/2554 and came into effect on 17 January 2023. Following a two-year transition period, DORA has now been in force since 17 January 2025. DORA contains provisions for financial institutions and third-party ICT service providers, as well as for supervisory authorities.

DORA comprises a total of 45 articles, which are divided into the following chapters:

  • ICT risk management
  • The handling, classification and reporting of ICT-related incidents
  • Digital operational resilience testing
  • ICT third-party risk management
  • Information sharing agreements

In addition, Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) provide further specific guidance to affected companies and the supervisory authorities on how to implement DORA.

Four suitable training programmes from the Frankfurt School

The Frankfurt School has included DORA in its training programme. Besides a one-day DORA seminar, which offers an overall introduction to all DORA topics, a more in-depth course is also available. In addition, information on ICT third-party risk has been added to the existing “Outsourcing in Banks” seminar. The certificate programme “IT Regulatory Assurance Manager” has been specifically adapted to the requirements of Audit and Assurance Managers in line with the content of DORA.

  1. DORA Overview – Seminar

You will learn all about the new requirements for financial institutions, insurance companies and IT service providers in the DORA Digital Operational Resilience Act. The seminar will familiarise participants with the requirements of “DORA” and enable them to interpret the wording and assess the need for adaptation in their own organisation. The wording of the “DORA” is explained in a practical way based on the current status and presented within the context of existing regulations.

  1. Advanced training on ICT Risk Management – Seminar

The advanced training on ICT Risk Management presents the requirements of DORA and the specific options for implementation are discussed with the participants. ICT Risk Management not only reflects the risk management framework and the classic risk elements such as the identification, analysis and assessment of risks and the measures derived from these risks. It also specifies many measures and stipulates minimum standards, for example for identity and rights management, encryption, change management, patch and update management and the isolation of affected information assets in the event of a cyber-attack.

  1. Outsourcing in Banks – Current Outsourcing – Seminar

Aspects of outsourcing (in the case of insurance companies: spin-offs) in accordance with DORA and the procurement of services from third-party ICT providers are presented in the existing outsourcing training. In addition to a comparison with the previous regulations for outsourcing and other external IT procurement, the specific DORA requirements for ICT third-party risk management and the requirements for the information register and contracts – not only with the direct service provider, but also with sub-service providers – are dealt with here.

  1. DORA from the perspective of Audit and Assurance Managers – advanced training with a certificate

DORA is presented from the perspective of Audit and Assurance Managers in a new 6-day IT Regulatory Assurance Manager seminar. This certificate course was developed in collaboration with the ISACA Germany Chapter e. V. and is offered in addition to the existing certificate courses “IT Governance Manager” and “IT Compliance Manager”.

Not everything is new

Over the past two years, the individual institutions have made great efforts to align their processes and functions with the new DORA requirements. Many topics build on the familiar logic of BAIT, VAIT, KAIT and ZAIT. However, the institutions must also take new content and approaches into account. Since 17 January 2025, the new requirements apply to both the provision of services by the institutions and to internal and external audits. To avoid double regulation, the BAFIN duly withdrew the BAIT, VAIT, KAIT and ZAIT on 16 January 2025. An amended version of the BAIT will continue to apply to a small number of institutions that are not yet regulated by DORA until the end of the transitional period on 1 January 2027.

Conclusion

DORA aims to ensure that the European financial sector becomes more resilient to digital disruption and can continue to provide its critical services even under difficult conditions. The EU-wide approach is an extension of the previous German requirements. To support institutions in meeting these requirements, the Frankfurt School has developed a series of training courses that provide practical insights into DORA.

 

 

0 COMMENTS

Send