Certified DORA Lead Manager

Attending the PECB Certified DORA Lead Manager training course offers a unique opportunity to engage with industry experts and peers, fostering valuable discussions and insights into best practices for digital operational resilience. Through interactive sessions and practical exercises, you will gain real-world perspectives on implementing effective strategies to mitigate ICT risks and enhance digital operational resilience in financial institutions.

Additionally, attending this course demonstrates your commitment to professional development and positions you as a competent leader in the evolving landscape of digital operational resilience. Upon successfully completing the training course and exam, you can apply for the “PECB Certified DORA Lead Manager” credential.

Course objectives

After completing this training course, you will be able to:

  • Understand the regulatory landscape and compliance requirements outlined in DORA, focusing on key pillars such as ICT risk management, ICT-related incident management and reporting, digital operational resilience testing, and ICT third-party risk management
  • Implement effective strategies and measures to enhance digital operational resilience and mitigate ICT risks within financial institutions, aligning with DORA requirements and industry best practices
  • Identify, analyze, evaluate, and treat ICT risks relevant to the financial entities
  • Develop and maintain robust ICT risk management frameworks, incident response plans, business continuity and disaster recovery plans
  • Foster collaboration and communication with key stakeholders to ensure successful implementation and ongoing compliance with DORA
  • Utilize industry-standard tools and methodologies for monitoring, assessing, and managing ICT risks and vulnerabilities, enhancing the overall security posture of financial institutions

Prerequisites

There are no formal prerequisites, but it is recommended that you have a basic understanding of risk management, information security, or regulatory frameworks.

Target audience

This course is designed for:

  • Financial institutions executives and decision-makers
  • Compliance officers and risk managers
  • IT professionals
  • Legal and regulatory affairs personnel
  • Consultants and advisors specializing in financial regulation and cybersecurity

Day 1 – Introduction to the concepts and requirements of DORA

Section 1: Training course objectives and structure
The course begins with an overview of objectives, structure and expectations for the four-day programme. Participants are introduced to the certification pathway and overall learning approach.

Section 2: Overview of the Digital Operational Resilience Act (DORA)
This section provides a structured overview of DORA, including its regulatory context, objectives and scope within the European financial sector.

Section 3: Fundamental concepts of ICT risk management and digital operational resilience
Participants explore core ICT risk management principles and the foundations of digital operational resilience under DORA.

Section 4: Preparing and planning for DORA project implementation
Focus is placed on how organisations can initiate and structure a DORA implementation project, including planning considerations and key milestones.

Section 5: Governance and organization
This extended session addresses governance structures, accountability, management body responsibilities and organisational alignment required under DORA. The day concludes with exercises and QCM to consolidate understanding.

Day 2 – ICT-related risk and incident management

Section 6: ICT risk management
Participants examine the ICT risk management framework required by DORA, including risk identification, assessment, mitigation and documentation requirements.

Section 7: ICT-related incident management and reporting
This section provides an in-depth review of incident management processes, reporting obligations, classification criteria and supervisory expectations. Practical exercises and QCM support applied learning.

Day 3 – ICT third-party risk management and information sharing

Section 8: Digital operational resilience testing
Participants explore testing requirements under DORA, including testing strategies and advanced testing frameworks.

Section 9: Managing ICT third-party risks
This section covers outsourcing risk, contractual requirements and oversight of ICT third-party providers.

Section 10: The Oversight Framework and the Lead Overseer
Participants gain insight into the European oversight framework, including the role of the Lead Overseer and supervisory coordination mechanisms.

Section 11: Information and intelligence sharing
Focus is placed on structured information sharing mechanisms and cooperation models under DORA. The day concludes with exercises and QCM.

Day 4 – Review and continual improvement

Section 12: Training and awareness
Participants examine awareness and training requirements necessary to embed digital operational resilience within the organisation.

Section 13: Competent authorities
This section explains the role of competent authorities and supervisory expectations under DORA.

Section 14: Monitoring, measurement, analysis and evaluation
Participants learn how to monitor and evaluate the effectiveness of digital operational resilience measures.

Section 15: Internal audit and management review
The course covers internal audit practices and management review mechanisms required for ongoing compliance.

Section 16: Continual improvement
Focus is placed on maintaining and improving digital operational resilience through structured improvement cycles.

Section 17: Closing of the training course 
The programme concludes with final QCM, review of key learning points and formal course closure.

Final closure and wrap-up

After successfully completing the exam, you can apply for one of the credentials shown in the table below. You will receive a certificate once you fulfill all the requirements of the selected credential.  

Certification requirements

Exam

The exam is will take place at the end of the course on onsite classroom courses

For Virtual courses we will send out a voucher that gives you access to an online exam. This can be booked and taken home monitored by a proctor via camera. More information about the exam rules will be send fromPECB.

Test details:

  • The exam duration is three (3) hours. Non-native speakers receive an additional half an hour

As the exam is an Multiple Choice, candidates are authorized to use:

This is an open-book exam. The candidate is allowed to use the following reference materials: 

  • A hard copy of DORA 
  • Training course materials (accessed through the PECB Exams app and/or printed)
  • Any personal notes taken during the training course (accessed through the PECB Exams app and/or printed)
  • A hard copy dictionary

Examination rules and policies

RECEIVE YOUR EXAM RESULTS

Results will be communicated by email in a period of 6 to 8 weeks, after taking the exam. The results will not include the exact grade of the candidate, only a mention of pass or fail.

Candidates who successfully complete the examination will be able to apply for a certified scheme which is explained in the course description.

In the case of a failure, the results will be accompanied with the list of domains in which the candidate had failed to provide guidance for exams’ retake preparation.

Candidates, who disagree with the exam results, may file a complaint by writing to examination@pecb.com or through PECB ticketing system.

EXAM RETAKE POLICY

There is no limit on the number of times a candidate may retake an exam. However, there are some limitations in terms of allowed time-frame in between exam retakes, such as:

  • Students, who have completed the full training but failed the written exam, are eligible to retake the exam once for free within a 12 month period from the initial date of the exam.
  • If a candidate does not pass the exam on the second attempt, he/she must wait 3 months (from the initial date of the exam) for the next attempt (2nd retake). Retake fee applies.
  • If a candidate does not pass the exam on the third attempt, he/she must wait 6 months (from the initial date of the exam) for the next attempt (3rd retake). Retake fee applies.

After the fourth attempt, a waiting period of 12 months from the last session date is required, in order for candidate to sit again for the same exam. Regular fee applies.

For the candidates that fail the exam in the 2nd retake, PECB recommends to attend an official training in order to be better prepared for the exam.

To arrange exam retakes (date, time, place, costs), the candidate needs to contact Glasspaper.

Practical information

Duration: 5 Days
Price: 27 900
Language: English
Format: Open course and corporate training

FAQ

Hva lærer jeg på dette kurset?
Du lærer hvordan du tolker og implementerer kravene i DORA (Digital Operational Resilience Act), inkludert ICT-risikostyring, hendelseshåndtering, tredjepartsrisiko, testing av digital motstandsdyktighet og styringskrav. Kurset gir deg praktiske verktøy for å etablere og dokumentere DORA-etterlevelse i organisasjonen.

Hvem passer kurset for?
Kurset passer for risikostyringsansvarlige, compliance-roller, IT- og sikkerhetsledere, internrevisorer, konsulenter og andre som jobber med digital operasjonell motstandsdyktighet eller regulatorisk etterlevelse i finanssektoren eller tilknyttede virksomheter.

Hva kreves for å delta?
Det er ingen formelle krav, men det anbefales at du har grunnleggende forståelse av risikostyring, informasjonssikkerhet eller regulatoriske rammeverk.

Hvordan gjennomføres eksamen?
Eksamen gjennomføres enten fysisk på kursstedet eller online med voucher og online eksamensvakt, avhengig av kursformat.

Hva skjer hvis jeg ikke består første eksamen?
Du får som regel ett nytt eksamensforsøk som gjennomføres online, i henhold til sertifiseringsorganets regler.

Får jeg ekstra tid på eksamen?
Ja, du får ekstra tid dersom engelsk ikke er ditt morsmål, i tråd med sertifiseringsreglene.

Hva er forskjellen på DORA Foundation og Lead Manager?
Foundation gir en overordnet forståelse av DORA-kravene og rammeverket. Lead Manager går i dybden på implementering, styring og operasjonalisering av DORA i organisasjonen.

Er dette kurset relevant for ledere?
Ja, kurset er særlig relevant for ledere og beslutningstakere med ansvar for styring, risiko og etterlevelse knyttet til digital operasjonell motstandsdyktighet.

Kan jeg ta dette kurset som e-læring eller selvstudium?
Nei, det er ikke mulig å ta dette kurset som e-læring, men mulig med selvstudie. Send en mail til prosjekt@glassper.no for mer informasjon og bestilling.

Hvilken sertifisering får jeg?
Etter godkjent eksamen oppnår du PECB Certified DORA Provisional Manager sertifiseringen. For å få full sertifisering kan det også stilles krav til dokumentert arbeidserfaring innen ICT risk management. Sjekk tabellen under sertifisering for mer informasjon.

See other relevant courses:

Other subject areas:

Andre relevante kurs

ISO/IEC 27001 Lead Implementer
2. mars
5 dager
Classroom Virtual Startgaranti
ISO/IEC 27001 Foundation
23. mars
2 dager
Classroom Virtual
ISO/IEC 27001 Lead Auditor
13. april
5 dager
Classroom Virtual
ISO/IEC 27001 Lead Implementer all english
15. juni
5 dager
Classroom Virtual Startgaranti