Internal training

DORA: Fundamentals, Risk Management, and Organizational Readiness

Training based on the practical aspects and responsibilities arising from the DORA (Digital Operational Resilience Act) Regulation.

About the training

Training on the Requirements of the DORA Regulation

We invite you to a one-day training dedicated to the DORA Regulation, which focuses on the key aspects of this regulation. Participants will gain in-depth knowledge about the requirements of the Regulation, including risk management related to external suppliers and Information and Communication Technologies (ICT). The combination of theoretical sessions and practical workshops will allow participants to master the most important elements of DORA, such as its objectives, principles, and requirements, which are crucial in the context of collaboration with various suppliers and service providers.

The detailed scope of the training is presented below.

Training objective

  • Understanding the DORA Regulation: Explanation of key concepts and principles outlined in the regulation, enabling participants to fully comprehend its objectives and scope of application.
  • ICT Risk Assessment and Management: Acquiring the necessary skills to identify, assess, and manage risks related to Information and Communication Technologies within the organization.
  • ICT Incident Management: Mastering the processes related to identifying, classifying, and responding to ICT incidents, thereby enhancing the organization’s ability to minimize their impact.
  • Supplier Risk Management: Developing competencies in evaluating and monitoring external suppliers, which is essential for ensuring operational security and continuity.

Target audience for the training

This specialized cybersecurity training is tailored for employees at various management levels within the company, who are involved in protecting data and IT systems. It is specifically aimed at individuals responsible for meeting the requirements of the DORA Regulation. The course is also open to members of legal, IT, and security departments, as well as anyone wishing to deepen their knowledge and skills in the field of cybersecurity.

Language of the training

The training is conducted in Polish. There is a possibility of organizing the training in English upon request.

Training methodology

Achieving effective training outcomes is possible through selecting the appropriate topics and training methods tailored to the participants’ specific needs and the subjects being addressed. Below, we present the methods and techniques we employ:

LECTURE
We deliver knowledge to participants using dedicated teaching aids, such as multimedia presentations. This is the foundation of the training, introducing the topic, discussing key concepts, and outlining roles, processes, and procedures.

PRACTICAL EXAMPLES
As practitioners, we base our training programs on real-life incidents tailored to specific problems. We assist participants in independently arriving at conclusions and solutions. Our training is highly focused on practical applications and skill development.

DISCUSSION
Participants express their opinions and share experiences. A well-structured discussion topic often generates significant emotional engagement through the confrontation of differing viewpoints. This enables the development of common solutions or the preparation of arguments on a given subject.

BRAINSTORMING
We generate a multitude of ideas and solutions in a short time for specific problems or scenarios. This method engages participants, stimulating creative thinking and innovation.

EXERCISES
Practical tasks related to the training subject, such as process creation or case study analysis, effectively complement lectures and practical examples.

TESTS
We assess the participant’s knowledge and skills to identify competency gaps and appropriately plan the educational process to enhance their abilities. Depending on the training’s nature, this can be done using various tools, such as knowledge tests or performance evaluations.

SIMULATIONS
Simulations provide a realistic experience where participants actively engage and witness the consequences of their actions.

SUMMARY
At the end of each topic, we summarize the covered material. This activity, led by the trainer, highlights the key points of the subject matter while allowing participants to assess their understanding.

Trainer

TOMASZ PTAK

A graduate of Law from the University of Silesia in Katowice. Certified Lead Auditor ISO 27001. For over a decade, he has been conducting training in personal data protection. Currently, he focuses primarily on training and consulting with an emphasis on security and cybersecurity.

He provides advisory and training services for implementing, improving, and optimizing information security systems based on the most popular international standards. Tomasz has conducted dozens of audits in the fields of information security and cybersecurity and around 200 training sessions on personal data protection.

An expert in the areas of information security, cybersecurity, and personal data protection.

Internal training

Dedicated exclusively to your organization – this approach guarantees comfort and freedom to thoroughly discuss sample issues and the situation in your organization. We know that every company is different; to effectively translate the acquired knowledge into your organization’s context, we tailor the presented examples to your specific needs and business situation.

Training program

Day 1

9.00-16.00

  • Training Program
  • Welcome Participants
  • Introduction to the DORA Act – Key Concepts and Topics
  • Discussion of DORA regulation to enhance and organize participants’ understanding of the directive and related obligations.
  • ICT Risk Management
  • Topics covered:
  • ICT Risk Identification
  • ICT Risk Assessment
  • ICT Risk Management
  • Monitoring and Controlling the IT Environment
  • Emergency Actions and Recovery
  • Break
  • ICT Incident Management
  • Topics covered:
  • ICT Incident Management Planning
  • ICT Incident Identification
  • ICT Incident Classification
  • ICT Incident Response Methods
  • Internal Communication and Coordination
  • Incident Analysis: Corrective Actions and Adjustments
  • Break
  • Third-Party Risk Management
  • Topics covered:
  • Identifying Risks Related to Vendors
  • Vendor Risk Assessment
  • Vendor Selection Based on Risk Analysis Results
  • Vendor Monitoring and Evaluation
  • Summary
  • Time allocated for additional participant questions on topics not covered during the training.

How does it work?

Step 1

REGISTRATION

In the first step, fill out the registration form to inform us of your interest in organizing a dedicated training at your company.

Step 2

DATE

We will set the date and location of the training – adapting to your availability and individual expectations.

Step 3

PRICE

We will present you with the commercial terms for organizing the training based on the agreed parameters and number of participants.

Step 4

TRAINING

We will conduct the dedicated training in accordance with the agreed terms.

Request a quote for an internal training

Organizers

Check the program of other training sessions

Uncategorized

Training in the field of cybersecurity as part of the Digital Municipality program

Learn more
Uncategorized

NIS2 Training for Management Boards

Learn more
Training

Training on the requirements of the NIS2 Directive

Learn more
Training

Training for an internal auditor according to the ISO/IEC 27001 standard

Learn more
Training

RISK MANAGER ISO 31000

Learn more
Training

BCLE-2000 – in collaboration with DRI Poland

Learn more
Training

Practical approach to risk management in BCM

Learn more
Training

Management Control and Risk Management

Learn more
Training

Assessment of the data processor’s compliance with the GDPR regulations

Learn more
Training

Practical approach to implementing an ISMS according to ISO 27001

Learn more
Training

Practical Approach to the KSC Act

Learn more
Training

Information Security Risk Management according to ISO 27005

Learn more
Training

BUSINESS CONTINUITY MANAGER – IMPLEMENTATION OF BUSINESS CONTINUITY MANAGEMENT SYSTEM ACCORDING TO ISO 22301

Learn more
Training

Introduction to the Artificial Intelligence Act (AI Act)

Learn more