EU DORA card game

Description

The Digital Operational Resilience Act (DORA) is an EU regulation designed to strengthen the digital resilience of financial entities. It focuses on ICT risk management, incident reporting, resilience testing, and third-party risk management, including critical ICT providers. DORA ensures that financial institutions can withstand and recover from digital disruptions, promoting cybersecurity and stability across the EU’s financial sector.

This is actually a card game, printed on recycled paper meant to be used as a cheat sheet or as a team building tool (maximum 20 players). With this tool financial entities can empower, educate and entertain their workforce or suppliers with EU's Digital Operational Resilience Act. This is a learning in 2 steps game. First you get a statement that you need to guess if it's true or false and secondly, on the back of the card you get a more in depth explanation. Neuroplasticity happens when you test your knowledge and we try to enable that for all our players. 

This game is ideal for:

1. Financial institutions that are within the scope of EU DORA: A fun and educational tool to reinforce awareness of digital operational resilience and promote engaging learning experiences.  
2. Companies providing pen testing services: A practical way to understand how to align testing processes with DORA requirements for their clients.  
3. ICT third party suppliers of financial institutions: Provides an accessible way to understand DORA requirements and ensure alignment with their clients' operational resilience standards.

The game is available in 2 different versions to fit every budget: 

• Light (L) version: 32 cards: 16 true statements and 16 false statements covering half of the articles
• eXtra Lavish (XL) version: 64 cards: 32 true statements and 32 false statements covering all articles that need explanations

​​​Number of players: L: 1-10, XL: 1-20.  

They must use their expertise and judgment to discern between real security measures and common misconceptions. 

​

The most relevant roles for this game are: ​

• Chief Information Security Officers (CISOs) and IT security teams: They need to understand the  requirements for ICT risk management and security testing.
• Chief Risk Officers (CROs) and risk management teams: These professionals must be aware of its impact on operational risk management and resilience.
• Compliance officers: They are responsible for ensuring the institution adheres to DORA's regulatory requirements.
• IT managers and teams: They need to understand its technical requirements and implement necessary changes to IT systems and processes.
• Procurement and vendor management teams: These roles must be aware of DORA's implications for managing relationships with ICT third-party providers.
• Legal teams: They need to understand its legal implications and help ensure compliance.
• Business continuity managers: They must align business continuity plans with the legal requirements for operational resilience.
• Senior executives and board members: They should understand DORA's strategic implications and ensure appropriate resources are allocated for compliance.
• Internal audit teams: They need to be familiar with DORA to effectively audit the institution's compliance efforts.
• Data protection officers: They should understand how DORA intersects with GDPR and other data protection regulations.

These roles should collaborate to ensure a comprehensive understanding and implementation of DORA across the financial organisation.