+DORA Ch. II Sec. II Art. 13 6.
|
1. Overview
DORA Ch. II Sec. II Art. 13 6.
6. Financial entities shall develop ICT security awareness programmes and digital operational resilience training as compulsory modules in their staff training schemes. Those programmes and training shall be applicable to all employees and to senior management staff, and shall have a level of complexity commensurate to the remit of their functions. Where appropriate, financial entities shall also include ICT third-party service providers in their relevant training schemes in accordance with Article 30(2), point (i).
1.1 References
1.2 Identified Requirements
1.3 Related Standards
2. Identified Requirements
Requirements
| Source |
Requirement |
3. Related Standards
Standards
| Source |
Requirement |
|
NOREA
|
Resilience Training Programs
Implement security awareness and digital operational resilience training as integral components of staff training schemes and ensure training extends to all staff members, including senior management. Customize training intensity based on employee roles and functions. For the training content, cover topics such as network security, insights from prior incidents, threat intelligence, defenses against intrusions, data protection measures (e.g., encryption, cryptography). Conduct the resilience training program on an annual basis. Staff shall be informed on the ICT security policies, procedures and protocols and be made aware of the reporting channels put in place for detecting anomalous activities. Upon termination of employment, all staff are required to return all ICT assets and information assets.
|
|
NOREA
|
Inclusion of Third-Party Providers
Incorporate ICT third-party service providers as participants in relevant training programs, where appropriate. Third-parties shall be informed on the ICT security policies, procedures and protocols and be made aware of the reporting channels put in place for detecting anomalous activities. Upon termination of employment or contract termination, the third-parties are required to return all ICT assets and information assets that belong to the financial entity.
|
|