Comic panels
Use dialogue and scenario conflict to explain abstract obligations through IT context.
DORA Academy
Help IT teams learn DORA inside real work scenarios.
Each lesson starts from a real IT work scenario: vendor onboarding, BCP/DR evidence, incident reporting, cloud architecture evidence, and the Register of Information. Learners move through panels, answer quizzes, and understand the related DORA expectations, evidence, and actions.
Guided quiz
Each scenario includes a judgment exercise so the team builds shared risk language.
Reusable learning path
Extend from third-party risk into BCP, incidents, cloud architecture, and ROI for later GRC workflows.
Lesson 1
ICT third-party risk, explained for IT
Follow a realistic supplier onboarding story and learn what DORA expects: evidence, obligations, risk reasoning, and remediation.
Progress17%
Learning path
Animated risk loop
Vendor
Evidence
AI Review
Risk Engine
Remediation
Panel 1/6Article 28
Current
Comic panel #1
A production change is about to create a regulated ICT dependency.
Article 28
IT Lead
Can we onboard this cloud vendor this sprint?
Risk
Only if the dependency is visible and governed.
?
IT Lead
Risk
!
A team wants to onboard a critical cloud vendor
The platform team needs a new provider for production workloads. The vendor looks mature, but DORA asks whether this ICT dependency is visible and governed.
IT takeaway
Start by naming the service, business owner, system access, data types, and criticality.
Quick check
A critical cloud vendor provides a generic BCP summary. What is the most useful next evidence request?
Restart this course when finished
Each lesson follows one IT work scenario: read the story, understand the DORA expectation, then judge evidence and remediation.