Resources

Make sense of the regulation.

Practical, no-fluff guides on DORA, NIS2, ISO 27001 and building an operational-resilience programme.

Topic hubs

Start with a hub.

The DORA hub

Everything you need to make sense of the EU Digital Operational Resilience Act — the articles, the Register of Information, ICT third-party risk and incident reporting.

Explore the hub

The NIS2 hub

Practical guidance on NIS2 — who's in scope, the risk-management measures, and the staged incident-reporting timelines essential and important entities must meet.

Explore the hub

Latest guides

Fresh from the team.

DORA6 min read

DORA Article 30 explained: the contractual provisions you actually need

What Article 30 requires in your ICT supplier contracts — the standard provisions, the enhanced set for critical functions, and how to keep them evidenced.

15 June 2026

DORA5 min read

Building a DORA Register of Information that survives a supervisor

The Register of Information is one of DORA's most concrete deliverables. Here's how to build one that stays accurate and export-ready.

12 June 2026

NIS25 min read

NIS2 incident reporting: the timelines that catch teams out

NIS2 reporting happens in stages, on the clock. Here's what each stage asks for and how to avoid scrambling when an incident hits.

10 June 2026

Operational resilience6 min read

DORA vs NIS2: what's the difference, and can one platform cover both?

DORA and NIS2 are often mentioned in the same breath. They overlap, but they're aimed at different things. Here's how they differ — and where they reinforce each other.

8 June 2026

Want a specific topic covered?

Tell us what you're working through and we'll point you to the right guidance.

Book a demo Contact sales