CADMUS Bootcamp Course

Cyber Regulatory Compliance & Policy Management

A theory-focused, LMS-based bootcamp for compliance, legal, and policy professionals

Translate NIS2, DORA, and CRA Into Auditable Practice, Before the Inspector Calls

,  ,  ,

Reading the text of NIS2 is not the same as building the controls-to-obligations mapping that satisfies a supervisory authority. CADMUS-BTCMP-21 is built on a single conviction: regulatory compliance is operationalized, not declared, and the gap between policy on paper and evidence on demand is where penalties happen.

The EU-funded CADMUS project (https://cadmus-project.eu/), aiming to address the cybersecurity expertise shortage in Europe, organizes a Bootcamp course on the three pillars of the EU cyber regulatory wave, namely the NIS2 Directive, the Digital Operational Resilience Act (DORA), and the Cyber Resilience Act (CRA). The course targets the Cyber Legal, Policy & Compliance Officer profile of the EU Cybersecurity Skills Framework (ECSF) and is structured around LOS 9 (Compliance-Driven Quality Management) and LOS 14 (Security Strategy & Business Alignment).https://cadmus-project.eu/

Who can attend?

- Compliance and Governance Officers: compliance officers, GRC professionals, and policy managers responsible for regulatory alignment.

- Legal Counsel and DPOs: legal counsel with cybersecurity responsibilities and Data Protection Officers extending their remit to NIS2 and DORA.

- Public Sector and SME Managers: public sector IT managers and SME managers responsible for regulatory compliance and reporting. - Security Consultants: consultants advising on EU cyber regulation and supply-chain compliance obligations.

Why participate?

By joining this Bootcamp, you will have the opportunity to:

•    Master the NIS2, DORA, and CRA Regulatory Triad

,

Classify EU cyber regulatory frameworks by scope, entity classification, and primary obligations. Compare Article 21 NIS2 risk-management measures, the five DORA pillars, and CRA essential requirements for products with digital elements.

•    Build Controls-to-Obligations Mappings

,

Produce traceability matrices linking ISO 27001 controls, NIST CSF functions, and EU regulatory requirements. Build audit-ready compliance documentation trails and continuous-compliance monitoring artefacts.

•    Design Regulatory-Compliant Incident Workflows

,

Translate NIS2 24-hour early warning, 72-hour notification, and 1-month final report timelines, and DORA major-incident reporting, into concrete escalation matrices, templates, and cross-functional coordination protocols.

Deliver a Compliance Roadmap to Executives

Construct a compliance gap analysis and prioritized remediation roadmap for a given organizational scenario. Skills are mapped to the EU Cybersecurity Skills Framework (ECSF). Participants receive a completion record suitable for CPD portfolios and training records.

How to participate?

Participation is free of charge. Places are available on a rolling basis.

Register your participation through the designated link by 29 April 2026.

Detailed information about the course will be sent after registration.

The course follows a fully asynchronous structure with a total duration of approximately 8 hours, organized in six self-paced modules of about 1.3 hours each, complemented by a capstone compliance deliverable package and a final knowledge-check assessment delivered through the CADMUS LMS.

What to bring?

•    Your curiosity

No hands-on technical skills are required. General awareness of the EU regulatory landscape (GDPR familiarity is beneficial) is sufficient.

•    No device needed beyond a standard browser

All annotated regulatory summaries, templates, and capstone scenarios are delivered through the CADMUS LMS.

•    Optional preparation

A short pre-session baseline quiz is available. Completing it helps tailor the experience to the participant’s level.