Certified DORA Lead Auditor Training Course

Our five-day Certified DORA Lead Auditor Training Course is designed for risk management and compliance professionals responsible for auditing organisations for compliance with DORA (Digital Operational Resilience Act).

You will get a detailed understanding of how to organise and deliver an audit of a financial services organisation, an ICT third-party service provider or sub-contractor to establish their DORA compliance status.

DORA Foundation is a prerequisite for this course

Training course outline

This course explores DORA and its financial-sector relevance. It clarifies oversight roles and responsibilities, including reporting, and situates DORA within the broader regulatory framework.

You will assess security, risk and organisational readiness, linking them to competence, awareness and training. The course covers auditing ICT risk and incident management, business continuity and digital resilience. It also examines testing methods, tools and supply chain processes, including ICT third parties, from operational and legal angles.

You will gain practical skills, DORA-specific knowledge and strategies for exam success.

Enrol in our Certified DORA Lead Auditor Training Course today to become a trusted information security auditor. Enhance your organisation’s digital operational resilience, obtain DORA compliance early and gain a competitive advantage.

Expand your knowledge

Our certified DORA training broadens your understanding so you can navigate complex financial regulations with confidence. Build on your existing knowledge and learn to apply your professional skills to integrate DORA into your organisation’s ways of working.

Propel your career

Gain a valuable C-DORA credential that sets you apart in today’s competitive job market. Be an early adopter of professional certification in this new area of cyber security practice and compliance knowledge to establish yourself as a trusted leader in information security.

Professional development

Advance your career by gaining certification in this new and highly sought-after area. Continue to grow, earning CPD points along the way, by attending our webinars and taking training in related areas.

Increase your influence and impact

Our certified DORA training will give you essential knowledge and insights to make informed decisions in your organisation with confidence and due care. Equip yourself to steer activities that will ensure operational resilience and regulatory compliance.

Achieve regulatory compliance

DORA training enables key employees to understand and apply DORA efficiently within your organisation. Ongoing compliance relies on having a strong group of DORA-trained staff who can maintain and improve systems and practices.

Avoid costly penalties

Minimise the risk of regulatory fines and severe reputational damage by ensuring your organisation’s compliance with DORA before the deadline, thereby safeguarding your organisation’s financial stability.

Strengthen data governance

DORA-certified staff will be able to enhance your organisation’s data governance practices, ensuring regulatory compliance and improving measures to ensure data integrity.

Gain a competitive advantage

Gain a competitive edge by demonstrating compliance early. Compliance signals that you have robust operational resilience and business agility. Improve your market positioning and maintain the respect of shareholders and analysts.

Mitigate risks

Eliminate blind spots and fortify against cyber threats to reduce your liabilities and operational risks, and safeguard against disruptions.

Who should attend this course?

• Managers and professionals in risk management, compliance, audit, ICT and related functions who are responsible for evaluating an organisation’s DORA compliance status.
• Managers and professionals responsible for preparing an organisation for regular audits and for improving or remediating systems and processes to ensure compliance.
• People working for ICT third-party service providers that supply technology services to financial institutions operating in the EU.
• People committed to their continuing professional development with an interest in cyber security best practice.

Why instructor-led?

• Focused learning: Concentrated instruction will get you from student to practitioner quickly.
• Real-world relatable: Our qualified instructors are also expert practitioners who share their experiences to bring learning to life.
• Peer support: Take the journey with peers and build a network of DORA practitioners.
• In-the-moment insights: During live training, you can get questions answered on the spot, in context, helping you progress with confidence.
• Perform at your best: Many people learn best in live environments, guided by professionals.

What does this training course cover?

Core audit skills

• Overview of standards for auditing management systems.
• Principles of auding: Managing an audit programme.
• Conducting an audit.
• Competence and evaluation of auditors.
• Accredited certification and ISO 17021 principles.
• ISO 17021 process and management system requirements.
• Annex SL introduction and Clauses 1, 2, 3.
• ‘PLAN, DO, CHECK, ACT’

The governance, risk and compliance framework

• Roles and responsibilities of key actors within the oversight structure.
• Security standards.
• Gauging an organisation’s risk appetite.
• Evaluating staff competence, awareness and training plans.
• Managing third-party ICT risk

Evaluating the effectiveness of ICT risk management frameworks

• The overlap between enterprise, operational and ICT risk management frameworks.
• How risk management frameworks and business objectives are linked.
• Assessment processes.
• How to select and deploy control mechanisms.
• Monitoring, evaluating and improving control mechanisms

Evaluating the effectiveness of ICT incident management frameworks

• Detection and response processes.
• Resilience strategies and business continuity plan

Principles and practice of digital operational resilience

• Ways to perform resilience testing.
• Key competencies required for testing methodologies.

Managing third-party risk

• Identifying and measuring risk.
• Contractual processes.

Information-sharing processes

• Mandatory and voluntary information sharing about cyber threats.
• Processes and procedures.

Exam preparation

• Overview of the C-DORA LA exam.
• Sample questions and exam practice.
• Exam tips and strategies.

What’s included in this course?

• Full course materials (digital copy provided as a PDF file).
• A certificate of attendance.
• The C-DORA LA exam.

What equipment do I need?

You will need a laptop for the duration of your course and exam.

Full details on how to access the exam will be provided by email 1–2 days before sitting the exam

Are there any prerequisites for this course?

Yes. You need to have taken the one-day Certified DORA Foundation Training Course and passed the C-DORA F exam.

Course duration and times

London

• Day 1: 9:30 am – 5:00 pm
• Day 2: 9:30 am – 5:00 pm
• Day 3: 9:30 am – 5:00 pm
• Day 4: 9:30 am – 5:00 pm
• Day 5: 9:30 am – 2:00 pm

Live Online GMT/BST

• Day 1: 8:30 am – 4:00 pm
• Day 2: 8:30 am – 4:00 pm
• Day 3: 8:30 am – 4:00 pm
• Day 4: 8:30 am – 4:00 pm
• Day 5: 8:30 am – 1:00 pm

Certified Digital Operational Resilience Act Lead Auditor (C-DORA LA) exam

Candidates take the Certified Digital Operational Resilience Act Lead Auditor (C-DORA LA) exam set by IBITGQ (International Board for IT Governance Qualifications) at the end of the course. There is no extra charge for this exam.

• Delivery method: Online
• Duration: 90 minutes
• Questions: 40
• Format: Multiple choice
• Pass mark: 75%

What qualifications will I receive?

Certified Digital Operational Resilience Act Lead Auditor (C-DORA LA).

Accreditation

This course is accredited by IBITGQ (International Board for IT Governance Qualifications).

IBITGQ (International Board for IT Governance Qualifications) is a personnel certification body that certifies individuals in the field of IT governance.

IBITGQ is accredited to the ISO/IEC 17024:2012 standard (Conformity assessment – General requirements for bodies operating certification of persons) by IAS (International Accreditation Service). ISO 17024 is a global, industry-recognised benchmark, and qualifications accredited to this standard are recognised and highly valued by employers throughout the world.

You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/GASQ successful candidate register.

How will I receive my exam results and certificates?

• Provisional exam results will be available immediately after completing the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
• Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
• Results notifications and certificates are emailed directly to candidates by the relevant exam board; please note that hard-copy exam certificates are not issued.

Subject to change after publishing