What the Regulation Actually Asks of IT & Security
Most DORA explainers are written for lawyers and risk officers. This course is written for the people who actually have to build the thing — the engineers, security teams and infrastructure owners who turn a 64-article Regulation into logging, backups, controls and evidence.
The one fact that reframes everything
DORA — Regulation (EU) 2022/2554 — has been fully applicable since 17 January 2025. It is directly applicable law across the EU: no national transposition, no grace period. For a technologist that means the resilience of your systems is now a regulated property, examined by supervisors against evidence you produce.
Who this course is for
CISOs & security leads
Own the control framework and the evidence that proves it works.
ICT risk & SecOps
Detection, logging, incident classification and the reporting cascade.
Infrastructure & platform
Asset inventories, dependency mapping, resilience-by-design.
Testing & BC/DR
The resilience testing programme, TLPT, and recovery objectives.
Why a compliance regulation lands on the engineering backlog
Because almost every DORA obligation resolves, eventually, to something in a system. The asset inventory is a CMDB problem. Incident classification is a telemetry and SIEM problem. Recovery objectives are a backup-and-failover problem. TLPT is a red-team problem. When a supervisor inspects a financial entity, the artefacts they demand — logs, test reports, recovery evidence, the Register of Information — are overwhelmingly things the IT and security functions own and generate.
That was your free preview
Enrol to unlock all 32 lessons, every knowledge check, the dedicated certification exam, the downloadable toolkit and your verifiable certificate — lifetime access.
Secure payment via Stripe · 30-day money-back guarantee.