Course benefits:

Understand the basics of DORA

Improve your knowledge of auditing techniques

Add new skills to your resume

Earn your DORA internal audit certification
This free DORA Internal Auditor training course will teach you everything you need to know about the DORA regulation, related regulatory technical standards (RTSs), and how to perform an internal audit in an organization.
After passing the DORA Internal Auditor exam, you will receive a certificate which proves your expertise in the regulation, as most organizations seek out certified individuals.

This DORA Internal Auditor certification course is divided into two parts:

A library of DORA training videos: lessons and practical information about the basics of the regulation and how to perform internal audits.

Certification exam: upon successful completion of the exam, you will get a certificate and a badge for your LinkedIn profile to highlight your qualifications.

Who should attend:

Persons responsible for conducting DORA internal audits

Information and security managers

Compliance managers

Prerequisites:

There are no prerequisites to attend this free DORA training course.
Introduction

Introduction to the course

Module 1 - Introduction to DORA

Introduction to the Module 1 & suggested reading

What is DORA?

Who needs to comply with DORA

Which IT providers need to comply with DORA and how

What are DORA-related regulations RTS, CDR, and CIR

What are the main requirements specified in DORA

DORA implementation steps

Writing DORA documentation [CDR 2024/1774 Article 2]

Organizing training and awareness [DORA Articles 5, 13, 16, and 30]

Penalties and fines [DORA Articles 50, 51, and 54]

Related documentation

Certification FAQs

Recap quiz

Module 2 - Key concepts in governance and ICT risk management

Introduction to the Module 2

Governance responsibilities for senior management [DORA Article 5]

Key elements of ICT risk management framework [DORA Article 6; CDR 2024/1774 Article 3]

Developing top-level information security policy [DORA Article 9; CDR 2024/1774 Article 29]

How to write Digital operational resilience strategy [DORA Article 6]

Identifying ICT-supported business functions and assets [DORA Article 8; CDR 2024/1774 Article 4]

Performing risk assessment [DORA Article 8; CDR 2024/1774 Articles 3 and 5]

Learning and evolving [DORA Article 13]

Measurement, monitoring, and controlling the ICT systems [DORA Articles 9 and 13; CDR 2024/1774 Articles 2 and 31]

Internal audit of ICT risk management framework [DORA Article 6]

Follow-up and corrective actions [DORA Articles 6, 13, and 17]

Report on the review of ICT risk management framework [DORA Article 6; CDR 2024/1774 Article 27]

Main elements of simplified ICT risk management framework [DORA Article 16; CDR 2024/1774 Articles 28 to 41]

Related documentation

Recap quiz

Module 3 - Cybersecurity measures

Introduction to the Module 3

Policies and procedures for ICT operations security [DORA Article 9; CDR 2024/1774 Article 8]

Capacity and performance management [DORA Articles 7 and 9; CDR 2024/1774 Article 9]

Data and system security [DORA Article 9; CDR 2024/1774 Article 11]

Network security management [DORA Article 9; CDR 2024/1774 Article 13]

Securing information in transit [CDR 2024/1774 Article 14]

Encryption and cryptography [DORA Article 9; CDR 2024/1774 Articles 6 and 7]

Human resources policy [DORA Articles 5 and 13, CDR 2024/1774 Article 19]

Identity management and authentication [DORA Article 9; CDR 2024/1774 Article 20]

Access control [DORA Article 9; CDR 2024/1774 Article 21]

Physical and environmental security [CDR 2024/1774 Article 18]

ICT systems acquisition, development, and maintenance [CDR 2024/1774 Article 16]

ICT project management [CDR 2024/1774 Article 15]

ICT change management [DORA Article 9; CDR 2024/1774 Article 17]

Related documentation

Recap quiz

Module 4 - Anomalous activities, vulnerabilities, and incident management

Introduction to the Module 4

Logging [CDR 2024/1774 Article 12]

Detecting anomalous activities [DORA Article 10; CDR 2024/1774 Article 23]

Vulnerabilities, patch management, and updates [DORA Article 9; CDR 2024/1774 Article 10]

Incident management process [DORA Article 17; CDR 2024/1774 Article 22]

Classification of ICT incidents and threats [DORA Article 18; CDR 2024/1772 Articles 1 to 10]

Reporting major incidents and cyber threats [DORA Article 19]

Related documentation

Recap quiz

Module 5 - Business continuity and resilience testing

Introduction to the Module 5

ICT business continuity policy [DORA Article 11; CDR 2024/1774 Article 24]

Business impact analysis, RTO, and RPO [DORA Articles 11 and 12; CDR 2024/1774 Article 24]

Backup and restoration of data [DORA Article 12]

Secondary processing site [DORA Article 12; CDR 2024/1774 Article 24]

ICT response and recovery plans [DORA Article 11; CDR 2024/1774 Article 26]

Testing business continuity and recovery plans [DORA Article 11; CDR 2024/1774 Article 25]

Crisis management and communication [DORA Articles 11 and 14]

Main elements of digital operational resilience testing [DORA Article 24]

Resilience testing of ICT tools and systems [DORA Article 25]

Threat-led Penetration Testing TLPT [DORA Articles 26 and 27]

Related documentation

Recap quiz

Module 6 - Managing ICT third-party risk

Introduction to the Module 6

Key elements ICT third-party risk management [DORA Article 28; CDR 2024/1773 articles 1 to 4]

Selecting critical ICT service providers [DORA Article 31; CDR 2024/1502 Articles 1 to 6]

Risk assessment of ICT service providers [DORA Article 29; CDR 2024/1773 articles 5, 6, and 7]

Contracts with ICT service providers [DORA Article 30; CDR 2024/1773 Article 8]

Register of information [DORA Article 28; CIR 2024/2956]

Monitoring, inspection, and audit of ICT service providers [DORA Articles 28 and 30; CDR 2024/1773 Article 9]

Exit strategies for ICT services [DORA Article 28; CDR 2024/1773 Article 10]

Government oversight of critical ICT service providers [DORA Articles 33 to 43]

Related documentation

Recap quiz

Module 7 - Introduction to the internal audit

Introduction to the Module 7

Internal vs. external audit

The main purpose of the internal audit

ISO Requirements for internal audits

Criteria for selecting the internal auditor

The audit findings

Nonconformities

Observations

Major and minor nonconformities

Related documentation

Recap quiz

Module 8 - Organizing the internal audit

Introduction to the Module 8

Organizing the internal audit

Internal audit procedure

Annual audit program

Audit plan for an individual audit

Related documentation

Recap quiz

Module 9 - Internal audit elements

Introduction to the Module 9

Internal audit elements

Document review

Creation of the checklist

Internal audit report

Corrective action requests and corrective action follow-up

Related documentation

Recap quiz

Module 10 - The main audit

Introduction to the Module 10

Auditor assumptions

Techniques for finding evidence

Sampling the records

Recording the evidence

Interviewing techniques

Remote audits

Auditing integrated management systems

Related documentation

Recap quiz

Instructions for taking the exam and obtaining the certificate
Advisera holds International Accreditation from ASIC

Advisera Expert Solutions holds International Accreditation from ASIC (Accreditation Service for International Schools, Colleges, and Universities) with Premier Status for its commendable Areas of Operation.

ASIC Accreditation

ASIC Accreditation is a leading, globally recognised quality standard in international education. Institutions undergo an impartial and independent external assessment process to confirm their provision meets rigorous internationally accepted standards, covering the whole spectrum of its administration, governance, and educational offering. Achieving ASIC Accreditation demonstrates to students and stakeholders that an institution is a high-quality education provider that delivers safe and rewarding educational experiences and is committed to continuous improvement throughout its operation.

About ASIC

One of the largest international accreditation agencies operating in 70+ countries, ASIC is recognised in the UK by UKVI - UK Visas and Immigration (part of the Home Office of the UK Government), is ISO 9001:2015 (Quality Management Systems) Accredited and is a Full Member of The International Network for Quality Assurance Agencies in Higher Education (INQAAHE), a member of the BQF (British Quality Foundation), a member of the International Schools Association (ISA), and an institutional member of EDEN (European Distance and E-Learning Network).
About the DORA Internal Auditor course

How do I purchase exams for several people?

We have prepared a discount if you purchase certificates for more than one student at once. Do not hesitate to contact us at sales@advisera.com to find out the prices.

What does ASIC accreditation cover?

Being an ASIC-accredited training provider means that Advisera maintains highest quality of courses, exams, and overall training process.

Which regulatory technical standards are covered in the course?

Besides DORA, the course covers the following RTSs:

CDR 2024/1502 Criteria for the designation of ICT third-party service providers as critical for financial entities

CDR 2024/1772 Criteria for the classification of ICT-related incidents and cyber threats

CDR 2024/1773 Regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements

CDR 2024/1774 Regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

CIR 2024/2956 Templates for the register of information for contractual arrangements

What is the deadline for attending the video lectures?

There is no time limit, so you can take as long as you need to watch the video lectures. We do, however, recommend that you watch them all within one to two weeks so that you get the most benefit from them.

What is needed to access the DORA Internal Auditor training online?

All you need to access the course is your PC, Mac, or mobile device; any major browser (Chrome, Firefox, Edge, Safari, etc.); and a broadband Internet connection. And, of course, enough available time to devote to the course.

What do I need to know before attending the course?

You don’t need any prior knowledge or experience in the implementation – this course was designed so that a beginner to these topics will understand it.

How do I get certified as an DORA Internal Auditor?

It's simple:

Watch complete videos of all of the lessons, and answer all of the practice questions.

Pass the online exam.

When will I receive the certificate for the course?

After watching all of the video lessons you may take the certification exam. If you earn a passing score, you will be issued the certificate. Please note that, during the exam, an online proctoring service will verify your identity and ensure that you take the exam without assistance. Click here to learn more about our online proctoring service.

About the DORA Internal Auditor exam

What does it take to pass the exam and earn the certificate?

The course materials (video lectures, quizzes, reading materials, practice exams, and other resources) are all you need to successfully pass the certification exam and receive your DORA Internal Auditor certificate.

How many questions are on the exam?

There are a total of 74 questions on the exam. Some of them are True/False questions, while the others are multiple-choice questions, and all correctly answered questions are worth 1 mark.

How much time is allowed for the exam?

The time allowed to answer all the questions on the exam is 120 minutes. However, please reserve an additional 15 minutes of your time for a system check-up before you start the exam session.

In which language is the exam?

The exam is in English.

Where will I take the examination?

The DORA Internal Auditor certification exam can be taken online, from anywhere. To make this possible, we employ an online proctoring service. Click here to learn more.

Unlimited access, no charges
Full access to videos, quizzes, and exercises

Course Instructors

DORA Internal Auditor Training Course - Advisera

Dejan Kosutic

CEO & Lead Expert for ISO 27001, ISO 22301, NIS2 and DORA

Leading expert on cybersecurity & information security and the author of several books, articles, webinars, and courses. As a premier expert, Dejan founded Advisera to help small and medium businesses obtain the resources they need to become compliant with EU regulations and ISO standards. He believes that making complex frameworks easy to understand and simple to use creates a competitive advantage for Advisera's clients, and that AI technology is crucial for achieving this.

As an ISO 27001, NIS 2, and DORA expert, Dejan helps companies find the best path to compliance by eliminating overhead and adapting the implementation to their size and industry specifics.

Carlos Pereira Da Cruz

ISO Consultant, Trainer, and Auditor

Carlos Pereira da Cruz has more than 30 years of experience working as a consultant, trainer, and auditor with ISO 9001 and ISO 14001. He is a university teacher and author of several books on strategic management, ISO 9001, and ISO 14001.

Products by framework:

By Type

Where to Start

Other

Solutions for industries:

Leading Experts

DORA Internal Auditor Training Course

Introduction

Module 1 - Introduction to DORA

Module 2 - Key concepts in governance and ICT risk management

Module 3 - Cybersecurity measures

Module 4 - Anomalous activities, vulnerabilities, and incident management

Module 5 - Business continuity and resilience testing

Module 6 - Managing ICT third-party risk

Module 7 - Introduction to the internal audit

Module 8 - Organizing the internal audit

Module 9 - Internal audit elements

Module 10 - The main audit

Advisera holds International Accreditation from ASIC

ASIC Accreditation

About ASIC

How do I purchase exams for several people?

What does ASIC accreditation cover?

Which regulatory technical standards are covered in the course?

What is the deadline for attending the video lectures?

What is needed to access the DORA Internal Auditor training online?

What do I need to know before attending the course?

How do I get certified as an DORA Internal Auditor?

When will I receive the certificate for the course?

What does it take to pass the exam and earn the certificate?

How many questions are on the exam?

How much time is allowed for the exam?

In which language is the exam?

Where will I take the examination?

Online course

Exam and certificate

Course Instructors

Dejan Kosutic

Carlos Pereira Da Cruz

Why Advisera DORA Internal Auditor Course?

Free unlimited access to the entire course

Globally recognized accreditation by ASIC

Expert support from Advisera's top experts

1000s of students have attended Advisera's Internal Auditor courses already

Related Trainings

ISO 27001 Internal Auditor

EU GDPR Data Protection Officer

DORA Lead Implementer

Get in Touch

Products

Resources

Standards & Regulations

Advisera

Help