Certified Digital Operational Resilience Officer
Certified Digital Operational Resilience Officer (CDORO)
Credit Union Edition
A focused, two-day live programme for Irish credit union leaders and boards who are accountable for operational resilience, governance, and compliance. Delivered with the Irish League of Credit Unions (ILCU) and led by Paul C Dwyer—an internationally recognised expert in EU DORA and cybersecurity—the course turns regulatory obligations into proportionate, practical actions your organisation can evidence.
Across expert briefings and an immersive tabletop simulation, you’ll translate DORA and NIS2 into board-ready oversight, clear roles and responsibilities, and a measurable resilience programme. You’ll leave with a tested roadmap and the confidence to communicate resilience status to stakeholders, senior management, and the regulator.
What the students say...
"A really informative course that I would recommend to all those in cyber resilience. The suggested framework model and its controls brings cyber resilience and Dora into a clear understandable format which should act as the blue-print for any cyber resilience programme"
Adrian Finn
Head of Third Party Risk Management & DORA Programme Lead
Trading 212
About this Course

Credit Union Focus
Key Topics Covered
-
Board Leadership & Governance (Articles 5–6)
Roles, accountability, and the evidence the Central Bank of Ireland expects from boards and senior management. -
Proportional Compliance for Credit Unions
Applying DORA and NIS2 in a right-sized way: what’s in scope, where to start, and how to avoid over-engineering. -
Pillar 1 — ICT Risk Management
Building a living ICT risk register, linking risks to business impact, and mapping controls to frameworks (e.g., NIST CSF/ISO 27001). -
Pillar 2 — Incident Management & Reporting
Classification thresholds, response playbooks, internal/external communications, and timely reporting to the regulator. -
Pillar 3 — Digital Operational Resilience Testing
Proportionate testing (BCP/DR, scenario and technical tests), remediation tracking, and “prove it, don’t just say it.” -
Pillar 4 — ICT Third-Party Risk Management
Due diligence, resilience clauses and audit rights, concentration risk, ongoing monitoring, and exit strategies. -
Pillar 5 — Information Sharing & Sector Collaboration
Trusted intelligence sharing, ILCU/sector initiatives, and how collaboration strengthens early warning and response. -
Live Tabletop Exercise (2 hours)
Credit-union-specific scenario to test decision-making, escalation, communications, and DORA reporting under pressure. -
Tools, Templates & Technology (incl. CyberPrism)
Practical artefacts to evidence oversight and progress; using platforms to assess readiness, track actions, and create audit-ready trails. -
Measuring & Evidencing Resilience
Maturity baselines, KPIs/KRIs, dashboards and board reporting that stand up to scrutiny. -
Ongoing Education (Article 13)
Role-based training expectations and how to demonstrate continuous learning and competence.