Have you started implementing things to match the requirements?

How about the requirement from the Digital Operational Resilience Act (DORA) that the Board of Directors and the CEO must have the knowledge (!) and skills (!) necessary to assess cybersecurity risks, challenge security plans, discuss activities, formulate opinions, and evaluate policies and solutions that protect the assets of their organization?

I do search best practices that you followed.

Here are thoughts I already had:

Organize in-house trainings with a coach Ask them to join trainings on their own Create own trainings matching identified company risks

Integrate in training application and run tests afterwards Teach them on demand all three month Integrate into standard meetings (about 20 a year?).

Any more ideas or recommendations?