JDA Advisory

NIS-2 and DORA Training Schedule

NIS-2 and DORA Training Schedule – The Key to Compliance and Security

NIS-2 and DORA Training Schedule – Date: Every first Friday of the month 09:00 am CET

Location: MS Teams

We invite you to attend a specialized training session on NIS-2 and DORA regulations, organized by JDA Advisory. Learn about the practical aspects of implementing these regulatory requirements to ensure your organization’s full compliance. Once we receive your electronic registration request for the training, we will send you a pro forma invoice for payment. After the payment is processed electronically, we will send you a confirmation of your participation in the training and a link to the MS Teams platform for this session. The training will be conducted in English

Sign up now

NIS-2 Training Plan – Comprehensive Program (1 day / 2 days / modular)

Below is a comprehensive, professional NIS-2 training plan, developed in the JDA Advisory style: practical, operational, with an emphasis on real-world implementations, organizational maturity, and regulatory compliance.

Training objectives:

  • Laying the groundwork for auditing, reporting, and oversight.
  • Understanding the requirements of the NIS-2 Directive and related implementing acts.
  • The ability to translate requirements into processes, roles, and controls within the organization.
  • Preparing for the practical implementation of NIS-2 (ICT, cybersecurity, governance, risk, compliance).

NIS-2 and DORA Training Schedule – Module 1. Introduction to NIS-2

  • Scope of the directive and covered entities (essential/important entities).
  • Differences between NIS-2 and NIS (NIS 2016).
  • Links to DORA, GDPR, KSC, ISO 27001, ENISA.
  • Key definitions: critical service, incident, risk, supply chain.

Module 4. Incident Management

  • Definitions of incidents according to NIS-2.
  • Reporting thresholds and deadlines.
  • Incident response process (SOC/CSIRT/management).
  • Requirements for communication with supervisory authorities.
  • Examples of incident scenarios and exercises.

Module 7. Risk Analysis in Accordance with NIS-2

  • Methodology for ICT and cyber risk assessment.
  • Integration with ISO 27005, ENISA, and DORA.
  • Risk registers, KRIs, and mapping risks to controls.
  • Workshop: Risk assessment for a selected process.

NIS-2 and DORA Training Schedule – Module 2. Organizational obligations under NIS-2

  • Governance and management responsibility.
  • Requirements for policies, procedures, and documentation.
  • Requirements for ICT security and cybersecurity.
  • Requirements for incident management.
  • Requirements for business continuity and operational resilience.
  • Requirements for the ICT supply chain and suppliers.

Module 5. Business Continuity Management and Operational Resilience

  • NIS-2 requirements regarding BCM and DRP.
  • Links to ISO 22301 and DORA Operational Resilience.
  • Business Impact Analysis (BIA), scenarios, tests, and exercises.
  • Minimum resilience requirements for critical entities.

Module 8. Documentation and Evidence of Compliance

  • How to prepare documentation compliant with NIS-2.
  • Required policies, procedures, logs, and reports.
  • How to build audit trails.
  • Sample templates and checklists.

Module 3. Technical and Organizational Measures (MTO)

  • Security controls required by NIS-2.
  • Minimum security measures according to ENISA.
  • Integration with ISO 27001 Annexes A and DORA ICT Risk Management.
  • Examples of practical implementations in organizations of various sizes.

Module 6. Supplier and Supply Chain Management

  • NIS-2 requirements regarding third-party risk management.
  • Criteria for evaluating ICT and critical service providers.
  • Contracts, SLAs, OLAs, and security clauses.
  • Examples of controls and checklists.

Module 9. NIS-2 Audit and Preparation for an Inspection

  • Scope of the audit and regulatory requirements.
  • A step-by-step guide to the NIS-2 audit.
  • How to prepare your organization for the audit.
  • Common non-compliances and errors.
Please feel free to contact us—we’ll be happy to provide you with a quote for this training.

DORA Training Plan – Comprehensive Program (1-day / 2-day / modular)

Below is a comprehensive, professional DORA training plan, developed in the JDA Advisory style: practical, operational, with an emphasis on real-world implementation, organizational maturity, operational resilience, and regulatory compliance.

Training objectives:

  • Understanding the requirements of the DORA Regulation and delegated/implementing acts (RTS/ITS).
  • Ability to translate these requirements into ICT, cybersecurity, BCM, risk, and governance processes.
  • Preparing the organization for DORA implementation and supervisory audits.
  • Developing a practical plan for implementing operational resilience.

Module 1. Introduction to DORA

  • Scope of the Regulation and covered entities (FI, ICT providers, critical suppliers).
  • Relationship between DORA and NIS-2, GDPR, PSD2, EBA/ESMA/EIOPA Guidelines, ISO 27001, ISO 22301.
  • Key definitions: ICT risk, operational resilience, critical functions, ICT services.
  • Structure of RTS/ITS and their impact on implementation.

Module 4. ICT Incident Management

  • Definitions of incidents according to DORA and classification thresholds.
  • Incident handling process (SOC, CSIRT, management).
  • Reporting requirements to supervisory authorities (24-hour, 72-hour, final report).
  • Integration with NIS-2 and national requirements.
  • Workshop: Incident classification and report preparation.

Module 7. Business Continuity Management (BCM) and DRP

  • DORA Requirements for BCM and Disaster Recovery.
  • Integration with ISO 22301 and BIA/RA.
  • Scenarios, tests, exercises, minimum resilience levels.
  • Documentation and evidence of compliance.

Module 2. Governance and Board Accountability

  • The role of the board in overseeing ICT risk management.
  • Requirements regarding policies, strategies, and reporting.
  • Responsibility for operational resilience and ICT outsourcing.
  • Oversight mechanisms and accountability.

Module 5. Operational Resilience Testing

  • Testing requirements: basic, advanced, TLPT (Threat-Led Penetration Testing).
  • Scope, frequency, documentation, and evidence.
  • How to prepare an organization for TLPT.
  • Examples of test scenarios.

Module 8. Advanced Stress Testing (TLPT)

  • Requirements for significant entities.
  • The roles of the Red Team, Blue Team, and Purple Team.
  • Scope, methodology, and reporting.
  • How to prepare an organization for TLPT, step by step.

Moduł 3. ICT Risk Management Framework

  • DORA requirements for ICT risk management.
  • Integration with ISO 27005, ENISA, and NIST CSF.
  • Identification, assessment, monitoring, and reporting of ICT risks.
  • KRI, KPI, risk registers, and mapping risks to controls.
  • Examples of practical implementations.

Module 6. ICT Supplier and Supply Chain Management

  • DORA requirements for ICT outsourcing and third-party risk management.
  • Critical ICT suppliers – responsibilities, oversight, registries, risk assessments.
  • Contracts, SLAs, OLAs, DORA-ready clauses.
  • Supplier monitoring and audits.
  • Workshop: Assessing ICT suppliers according to DORA.

Module 9. Documentation, Evidence, and the DORA Audit

  • Required policies, procedures, records, and reports.
  • How to build evidence of compliance.
  • Preparing for a surveillance audit.
  • The most common nonconformities and errors.
Please feel free to contact us—we’ll be happy to provide you with a quote for this training.
Net price of the DORA training course in euros NoteNet price of the NIS-2 training course in eurosNote
500,00500,00Price per person
Price per person

Testimonials and Participant Feedback

Discover the success stories of our participants and their positive feedback on the NIS-2 and DORA training programs conducted by JDA Advisory.

The training provided me with practical knowledge and confidence regarding compliance with NIS-2 and DORA.

Anna Kowalska

IT Security Specialist

Thanks to the training provided by JDA Advisory, our procedures are now in compliance with the latest regulatory standards.

Michał Nowak

Risk Management Manager

NIS-2 Act