Specialized training courses in Business Continuity, Operational Resilience and Risk Management
With experience in delivering international training and certification programs-through the DRI International and NFPA brands-Continitaly has developed a series of specialized courses designed for the Italian and European markets, with a focus on Business Continuity, Operational Resilience and Risk Management.
Continuitaly’s courses combine technical/regulatory expertise, consulting experience in the field, and an approach based on international best practices, offering up-to-date pathways to major standards such as ISO 22301, ISO 22317, ISO 22398, DORA (Digital Operational Resilience Act), NIS2, and the most advanced risk management and operational resilience models.
These training programs support public and private organizations in addressing increasingly stringent requirements for business continuity, crisis management, risk assessment, cyber resilience, compliance, and critical process management.
An updated list of Continuitaly courses is available below, each with a detailed syllabus, training objectives, technical content and practical examples based on real cases.
On-demand training for corporate groups
If one of the courses listed is not included in the
current schedule, it is still possible to request the organisation of a dedicated session for a group of participants from the same company, industrial group or professional network. current schedule, it is still possible to request the organisation of a dedicated session for a group of participants from the same company, industrial group or professional network.
This mode allows content, examples and practical cases to be tailored to the specific needs of the organization, ensuring a fully customized training experience.
Course on Critical Supplier Management according to ISO 28000, ISO 22301, DORA and NIS2
Duration
2 days (16 hours), with the option of on-site or online delivery
General description
The resilience of suppliers and supply chains is now a central element in business continuity, cyber security and regulatory compliance programs. Incidents in recent years have shown how the majority of the most serious cyber disruptions and attacks stem from third parties, subcontractors, and outsourced ICT services themselves.
The course provides a comprehensive and operational framework for assessing, monitoring and governing risks arising from critical suppliers, integrating the international standards ISO 28000, ISO 22301, the requirements of the European regulations DORA and NIS2, and the risk management principles of ISO 31000 into a single course.
This is an advanced course designed for professionals who already have a foundation in business continuity, risk management or cyber resilience, and who wish to acquire a distinctive and immediately applicable skill to manage external dependencies in a rigorous and documentable manner.
Purpose of the course
The course enables participants to:
-
Understand how to build an integrated system for managing critical supplier and supply chain risks.
-
Apply the requirements and guidelines of ISO 28000, ISO 22301, ISO 31000, DORA and NIS2 to third-party management.
-
Define objective criteria for criticality and assess the operational and cyber resilience of suppliers and subcontractors.
-
Integrate RTO, minimum capabilities, scenarios, and continuity strategies into supplier management.
-
Draw up and use a register of critical suppliers as required by DORA and NIS2.
-
Develop exit strategies, alternative plans, compliant contracts, and continuous monitoring mechanisms.
-
Conduct audits, assessment and testing of suppliers through operational exercises and simulations.
-
Prepare evidence, KPIs and reports needed by supervisors and internal control functions.
Course on Introduction to DORA Regulation – Digital Operational Resilience Act
Duration
1 day (8 hours), with the option of on-site or online delivery
General Description
The course provides a comprehensive overview of Regulation (EU) 2022/2554 (DORA – Digital Operational Resilience Act), the European regulatory framework standardizing digital operational resilience requirements for the financial sector.
It is designed to provide executives, area managers, control functions, ICT, Risk Management, Compliance and Business Continuity with a clear and structured understanding of the entire regulatory framework, applicable obligations and organizational impact areas.
Purpose of the course
The course enables participants to:
- Understand the strategic goals of DORA and the role of digital operational resilience in the European financial environment.
- Know the entire regulatory framework, including RTS and ITS published between 2023 and 2025.
- Identify the main responsibilities of the Board, senior management, and the three lines of defense.
- Analyze the five pillars of the Regulations:
- ICT Risk Management Framework
- ICT incident management and classification
- Digital Operational Resilience Testing
- Supplier management
- Information Sharing
- Clarify the operation of Essential or Important Functions (EIFs) and their impact on governance and enhanced obligations.
- Navigate the specific requirements introduced by RTS/ITS on:
– ICT risk management
– testing
– incident classification
– vendor registry
– contract policy
– ICT subcontracting - Understanding the relationship between DORA, Business Continuity, Cybersecurity, Outsourcing and Digital Strategy.
- Identify operational priorities for compliance and necessary organizational advancements.
Course on Designing and conducting tabletop, desktop exercise and crisis simulation – ISO22398
Duration
2 days (16 hours), with the option of on-site or online delivery
General description
This two-day course provides a comprehensive and operational overview of the ISO 22398 – Societal Security: Guidelines for Exercises, the international reference standard for planning, designing, conducting and evaluating Business Continuity and Emergency exercises.
The training course delves into the methodologies and techniques needed to develop and implement desktop walkthroughs, tabletop exercises and crisis simulations in complex business contexts, integrating the standard with international best practices (ISO 22301, ISO 22313, DRI Professional Practices).
Through a strong hands-on component, participants will have the opportunity to design a full exercise, conduct it in the classroom, and experience real-world dynamics of emergency management, communication, decision-making, and Crisis Management Team coordination.
The course is designed for professionals who wish to acquire concrete and immediately applicable skills in designing an annual exercise program and managing crisis scenarios, including cyber, operational, logistics, reputational, and HSE.
Purpose of the course
The course aims to:
-
Provide a thorough understanding of ISO 22398 and its role within the Business Continuity system (ISO 22301).
-
Guide participants in designing a comprehensive tabletop or desktop exercise, defining objectives, perimeter, scenarios and sequence of injects.
-
Develop skills in facilitating and conducting exercises, with emphasis on managing team dynamics, escalation, communication and decision-making under stressful conditions.
-
Experience a business crisis simulation in a practical way, understanding how to manage compressed time, interactions between functions and stakeholders, impacts and response priorities.
-
Provide tools, templates and methodologies to document and evaluate an exercise, prepare an After Action Report (AAR) and define corrective and continuous improvement actions.
-
Support organizations in creating an annual exercise program consistent with international standards and best practices that can increase operational and organizational resilience.
Practical Workshop on Business Continuity Management – ISO22301 – DRI
Duration
2 days (16 hours), with the option of on-site or online delivery
General description
The hands-on Business Continuity Management (BCM) course is designed to guide participants through all the operational phases of a complete business continuity project, from risk assessment to the drafting of continuity plans.
The approach is workshop-based and application-oriented: each phase of the BCM course is illustrated, discussed and then practiced through workshops, distribution of operational templates and application cases.
The pathway reflects the requirements of the ISO 22301 standard and the most authoritative international guidelines, including ISO 22317, ISO 22318, ISO/TS 22330, as well as DRI Professional Practices.
At the end of the course, each participant will have a complete set of tools and templates to independently develop a Business Continuity project in their organization.
Purpose of the course
The course aims to:
- Understand and apply all phases of the Business Continuity Management System (BCMS) according to ISO 22301.
- Know how to conduct a Risk Assessment aimed at business continuity.
- Know how to develop a comprehensive Business Impact Analysis (BIA), using evolved templates.
- Define Continuity Strategies consistent with the impacts, risks, and operational capabilities of the organization.
- Draw up effective, structured and easily activated Business Continuity Plans (BCPs).
- Manage exercises, reviews, continuous improvement and document requirements of BCMS.
- Take home a complete package of BCM deliverables, reusable in your own business reality.
Practical workshop on Business Impact Analysis (BIA) according to ISO 22301 and ISO 22317
Duration
2 days (16 hours), with the option of on-site or online delivery
General description
The intensive two-day course is entirely devoted to Business Impact Analysis (BIA) as required by the ISO 22301:2019 standard and described in detail by the specific ISO 22317:2021 standard.
The goal is to provide participants with a practical, structured and repeatable approach, guiding them step by step in the design and implementation of an effective BIA, adhering to international standards and applicable to different types of organizations.
Three BIA models, representative of major business contexts, will be analyzed and compared during the workshop:
- Service company (e.g., banking, insurance, maintenance, logistics)
- Engineering manufacturing company (production, supply chain, plant, operations)
- IT / ICT division (mapping information services → business processes)
Participants will work on real case studies, individually or in small groups, developing their BIA through a comprehensive set of operational templates provided by Continuitaly, based on the main standards and direct experience of Business Continuity projects in Italy and abroad.
Purpose of the course
The course aims to:
Understand in depth the BIA required by ISO 22301
– Role of BIA in the BCM life cycle
– Standard requirements and relationship to risk assessment, strategy, and plans
Apply ISO 22317 guidelines correctly
– Purpose, principles, steps, expected outputs
– Methodologies for collecting, analyzing and consolidating data
Conducting a complete BIA independently
– How to define critical processes, RTO, MTPD, RPO
– Assessment of impacts (economic, legal, reputational, operational)
– Analysis of dependencies (suppliers, people, technologies, sites)
Use the international templates provided in the course
– Interview templates
– Spreadsheets for impacts and metrics
– Management summary dashboards
Understand the differences between BIA in different organizational settings
– Services vs. manufacturing vs. ICT
– How criticality, value chain and dependencies are changing
Designing a BIA program that is sustainable over time
– Governance, frequency, accountability
– Update and integration with crisis, DR/ITDR, vendor management
Course on the ISO 22301 standard: Implementing and Maintaining a Business Continuity Management System.
Duration
2 days (16 hours), with the option of on-site or online delivery
General Description
The course provides a comprehensive and operational coverage of the ISO 22301:2019 standard – Security and resilience – Business continuity management systems – Requirements, guiding participants through all the requirements needed to design, implement, certify, and maintain an effective and fully compliant Business Continuity Management System (BCMS).
The training combines theoretical content, practical examples, process diagrams, document templates, and real-world cases, with a specific focus on what organizations actually need to demonstrate to be compliant with the standard, avoiding purely formal approaches.
Purpose of the course
The course aims to:
- Fully understand the structure and logic of ISO 22301.
- Learn how to define a BCMS consistent with regulatory and business requirements.
- Know how to properly set up BIA, Risk Assessment and business continuity strategies.
- Know the key elements for effective system maintenance and passing certification/supervision audits without criticality.
- Integrate BCMS with other business management systems (ISO 27001, ISO 9001, ISO 20000-1, etc.).
- Know how to identify gaps, priorities and plans for continuous system improvement.