Digital Operational Resilience Act (DORA)

As the digital landscape is rapidly evolving, staying ahead of regulatory requirements is crucial for financial entities. The Digital Operational Resilience Act (DORA) is set to transform how organisations approach risk management, making it essential to understand its implications immediately. In this seminar, which is specifically tailored for financial entities, you will gain a deep understanding of DORA’s key requirements and their impact on your operations.

Vital areas that will be covered:

• Information and Communication Technology (ICT) Risk Management
• Incident Management
• Third-Party Risk Management
• Digital Operational Resilience Testing

With DORA fully adopted from January 17, 2025, it is imperative to enhance your existing operations now. Equip yourself with the knowledge required to effectively align with these regulations effectively. Join us to ensure your organisation is prepared and resilient in the face of evolving digital challenges. Secure your place today and lead your institution towards compliance and operational excellence!

By the end of the training, participants will be able to:

• Obtain an understanding of DORA, its applicability and key requirements.
• Identify key provisions that will directly impact on the financial entities.
• Focus on areas likely to require significant effort for implementation.
• Explain possible measures relevant to their respective business as usual activities.
• Consider the areas that need enhancements in light of DORA requirements.
• Identify needs and possible actions to effectively implement changes introduced by DORA.
• Embrace the change and effectively apply the changes introduced by DORA to ensure regulatory alignment.  
• Collaborate effectively in addressing specific organisational challenges related to DORA. 

This seminar is primarily relevant to risk, compliance, information security, IT and any other relevant professionals in financial entities that are in scope of DORA.

All participants should be currently employed.

*The number of participants is restricted to 28.

1. Introduction (30 min)

• Objective
• Key learning outcome
• Introduction to Digital Operational Resilience Act (DORA)
• Entities impacted by the regulation
• Introduction to the four primary chapters in Digital Operational Resilience Act (DORA)

2. Information and Communication Technology (ICT) risk management (1 hr & 30 min)

• ICT Risk Governance
• Summary of requirements
• Roles and responsibilities

3. ICT incident management (1 hr)

• General requirements
• Classification of incidents
• Reporting of incidents
• Incident management cycle 

4. Digital resilience testing (30 min)

• General requirements
• Resilience testing requirements
• Threat-Led Penetrating Testing (TLPT) requirements

5. Managing ICT third-party risk (2 hrs)

• ICT third party risk management framework
• Register of Information
• Pre-contractual requirements
• Contractual requirements
• Sub-contractors

6. Conclusion (30 min)

• Key messages and Q&A

Our services include:

• Handouts, including the hard copy presentation, examples, case studies, exercises, and additional notes if applicable.
• Stationery, such as pads, pens, and files.
• Drinks (coffee, tea, etc.), snacks and a buffet lunch.
• A fully equipped training room.
• Certificate of completion.

If you wish to register for the seminar, please complete the registration form.

Once your registration is submitted, you will receive an email stating how to proceed with your HRDA registration through the Ermis platform. Upon completion of this step, you will receive a confirmation email which will include the participation fee, including any discounts, if applicable. Kindly note that the payment should be settled at least two days prior to the seminar’s date for your registration to be confirmed.

The programme has been approved by the HRDA. Enterprises participating with their employees who satisfy HRDA’s criteria, are entitled to subsidy. Please note that there are limited seats available, therefore enroll in this seminar as soon as possible.

If you do not receive our confirmation e-mail regarding your registration, your participation cannot be guaranteed.

Cost

€160 net investment after the HRDA subsidy (€120) for all eligible participants.

€280 + VAT (19%) for all participants who are non-eligible for the HRDA subsidy.

Last Date for 10% Early Bird Discount: 22/05/2025

Note

We do not provide a soft copy of the presentation for face-to-face seminars. However, if you would like to request one, please contact us. We may be able to provide it, subject to approval. In this case, the cost of the soft copy will be €50 for participants who have already attended the relevant training, or €100 for those who have not.

HRDA Note

All individuals who wish to attend our HRDA approved training courses should not only fill out our registration form, but also complete the registration process through the ERMIS platform. Regardless of whether they are claiming the HRDA subsidy or not, each participant will need to complete their registration through ERMIS as a physical person and then register to our training in order to be able to attend (either as an employee whose company is claiming the subsidy or as an individual who is not claiming the subsidy). Please reach out to the HRDA Ermis officers on 22 390 300 for more details regarding the registration as a physical person.

Discounts available

• For more than two (3+) participants from the same company a 10% discount is available on the total cost, before the VAT and HRDA subsidy. This discount only applies for participants who enroll in the same seminar, on the same day. This discount can only be combined with the early bird discount and the HRDA subsidy, when applicable.
• For individuals/legal entities who/which register in more than two (3+) seminars during the same semester (January-June & July-December), a 10% discount is available on the total cost, before the VAT and HRDA subsidy. This discount only applies for individuals/legal entities who/which enroll in more than two (3+) seminars during the same semester, on the same day. This discount can only be combined with the early bird discount and the HRDA subsidy, when applicable.
• There is a 10% discount for alumni members. This discount should be applied before the VAT and HRDA subsidy and can only be combined with the early bird discount and the HRDA subsidy, when applicable. For more information on our alumni scheme, click here.
• There is a 10% early bird discount on selected seminars for participants who enroll in a training course until a specific date which is stated above. This discount should be applied before the VAT and HRDA subsidy and can only be combined with the HRDA subsidy, when applicable.
• HRDA subsidy for all HRDA approved seminars.
• Please note that while participants may qualify for multiple discounts, a maximum of two discounts, up to a total of 20%, can be applied per registration.

Contact

For any queries, please contact Vasiliki Sioziou on +357 22 207 460 or at academy@kpmg.com.cy

CPD

This seminar may contribute to Continuing Professional Development requirements. At the end of the seminar participants will be given a certificate of attendance confirming the total number of training hours (6 CPD).

Andreas Potamaris
Senior Manager, Risk Consulting, KPMG in Cyprus

Andreas is a Senior Manager in the Risk Consulting department at KPMG in Cyprus. He possesses more than ten years of international experience in the financial services industry, gained from consulting, professional services and internal roles within banks in Cyprus, the United Arab Emirates, and the United Kingdom. His expertise predominantly revolves around operational risk management, credit risk management, internal controls and internal audit.

He leads advisory services in risk and control transformation, operational resilience, corporate governance, and regulatory compliance. He also delivers trainings on the Digital Operational Resilience Act (DORA).
 

Stelios Katsantonis
Manager, Technology Consulting, KPMG in Cyprus

Stelios is a Cybersecurity Analyst, with more than seven years of experience in the field of Information Security and Cybersecurity. His expertise lies in the development and implementation of ISMS in line with ISO 27001, Security risk assessment and mitigation, Azure cloud security and the performance of Information Security Audits. Furthermore, he holds a BSc in Computer Security with Forensics.

Over the years, he has helped clients develop solid Information Security Management Systems (ISMS) in line with ISO27001 and based on the results of a business impact analysis and risk assessment. He has also supported clients in the development of Business Continuity and Disaster Recovery Plans, as well as test scenarios, and the facilitation of BCP/DRP tests.

Moreover, he has led and conducted numerous Information Security Audits and Internal Controls Framework reviews for banking and financial institutions. He has performed a range of IT general control and application controls testing in external audit for a variety of sectors including Banking, Insurance, Financial Institutions, Forex Trading, Telecommunications, etc.

Stelios has participated in a number of International Standards for Assurance Engagements, ISAE3000 and Service Organisation Control (SOC2) reporting for clients in various sectors. Finally, he delivers trainings on the Digital Operational Resilience Act (DORA).