Skip to content
rPResiliencePilot

Resources

Make sense of the regulation.

Practical, no-fluff guides on DORA, NIS2, ISO 27001 and building an operational-resilience programme. Not sure where you stand? Start with the 5-minute readiness check.

Take the readiness checkBook a demo

Topic hubs

Start with a hub.

The DORA hub

Everything you need to make sense of the EU Digital Operational Resilience Act: the articles, the Register of Information, ICT third-party risk and incident reporting.

Explore the hub

The NIS2 hub

Practical guidance on NIS2: who's in scope, the risk-management measures, and the staged incident-reporting timelines essential and important entities must meet.

Explore the hub

The ISO 27001 hub

Plain-English guidance on ISO/IEC 27001: the move to the 2022 revision, the Statement of Applicability, and running the ISMS as a living management system.

Explore the hub

The ISO 22301 hub

Guidance on ISO 22301 business continuity: the BIA, RTO/RPO, and how one BCMS evidences the tested continuity DORA and NIS2 both expect.

Explore the hub

Interactive tools

Get an answer in minutes.

DORA tool

Is your incident reportable under DORA?

Answer a few questions about an ICT incident and get an indicative read on whether it's a major incident you'd have to report, following DORA's classification criteria. Runs entirely in your browser.

Check reportability

Readiness check

Where do you stand on DORA, NIS2 or ISO 27001?

A 5-minute self-assessment that scores your programme and emails you a tailored readiness report. No spreadsheets, no sales call.

Take the readiness check

Latest guides

Fresh from the team.

ISO 270015 min read

ISO 27001:2022 vs 2013: what changed, and the deadline that's now passed

The 2022 revision restructured Annex A to 93 controls in four themes and added 11 new ones. The transition deadline was 31 October 2025; 2013 certificates are no longer valid.

18 June 2026
ISO 270015 min read

What is a Statement of Applicability? The ISO 27001 document auditors open first

The SoA lists every Annex A control, whether it applies, why, and its status. It's the map between your risk treatment and your controls, and it's where an auditor starts.

16 June 2026
DORA6 min read

DORA Article 30 explained: the contractual provisions you actually need

What Article 30 requires in your ICT supplier contracts: the standard provisions, the enhanced set for critical functions, and how to keep them evidenced.

15 June 2026
ISO 223015 min read

What is ISO 22301? Business continuity management, explained

ISO 22301 is the international standard for business continuity management. At its heart: a business impact analysis, recovery objectives, tested plans, and a management system that stays current.

14 June 2026
ISO 223015 min read

Using one ISO 22301 BCMS to satisfy DORA and NIS2

DORA Article 11 and NIS2 Article 21 both expect tested continuity and recovery. ISO 22301 is the ready-made framework, so you build it once and evidence it against both.

12 June 2026
DORA5 min read

Building a DORA Register of Information that survives a supervisor

The Register of Information is one of DORA's most concrete deliverables. Here's how to build one that stays accurate and export-ready.

12 June 2026
NIS25 min read

NIS2 incident reporting: the timelines that catch teams out

NIS2 reporting happens in stages, on the clock. Here's what each stage asks for and how to avoid scrambling when an incident hits.

10 June 2026
Operational resilience6 min read

DORA vs NIS2: what's the difference, and can one platform cover both?

DORA and NIS2 are often mentioned in the same breath. They overlap, but they're aimed at different things. Here's how they differ, and where they reinforce each other.

8 June 2026

Free templates & checklists

Working starters, not blank pages.

DORA Register of Information starter

A simplified single-sheet starter to gather the core data the DORA RoI needs: providers (with LEI), contracts, function criticality and data locations. The official RoI is a multi-table xBRL-CSV submission; this helps you collect, not file.

DORA Article 30 contract checklist

A working checklist of the mandatory contractual provisions: the standard set for all ICT services and the enhanced set for critical or important functions.

NIS2 incident-reporting timeline

A one-page reference to the NIS2 Article 23 clock: 24-hour early warning, 72-hour notification, intermediate report on request, and the 1-month final report.

Business impact analysis starter

A starting BIA template aligned to ISO 22301 clause 8.2: process criticality, MTPD, RTO/RPO, dependencies and single points of failure.

Stay in the loop

New DORA, NIS2 and ISO guidance as we publish it.

Occasional and practical, no spam. The odd template or checklist too.