Unique catalog on the market
36 risk methodologies, one platform
From quantitative FAIR to climate TCFD, through EBIOS RM, MEHARI, HAZOP, OCTAVE, COSO ERM — ResiPlan covers every approach with a unified UI and automatic cross-linkage between methods.
5
Qualitative
4
Quantitative
8
Scenario
7
Sectoral
11
Strategic
Qualitative(5)
ISO 27005
Qualitative
ISO 27005:2022
Information security risk management reference, aligned with ISO 27001.
ISO 31000
Qualitative
ISO 31000:2018
Enterprise risk management framework — scope beyond cyber.
MEHARI
Qualitative
CLUSIF
Structured audit-based risk method maintained by CLUSIF — popular in French banking.
OCTAVE Allegro
Qualitative
CERT/SEI
Carnegie Mellon CERT methodology for information asset-focused risk assessment.
NIST SP 800-30
Qualitative
NIST
US federal reference for information security risk assessment.
Quantitative(4)
FAIR + Monte Carlo
Quantitative
Open Group O-RT/O-RA
Financial quantification of cyber risk. Built-in Monte Carlo engine (10k+ iterations) + loss distribution.
VaR (Value at Risk)
Quantitative
Financial VaR with historical, variance-covariance, and Monte Carlo methods.
CVaR / Expected Shortfall
Quantitative
Conditional Value at Risk — expected loss beyond the VaR threshold.
Monte Carlo Simulation
Quantitative
Generic Monte Carlo engine usable on any risk scenario with configurable distributions.
Scenario(8)
EBIOS Risk Manager
Scenario
ANSSI 2018
French reference method with 5 workshops: scoping, sources, strategic, operational, treatment.
Bow-Tie Analysis
Scenario
Threat → top event → consequences with preventive + reactive barriers and effectiveness rating.
HAZOP
Scenario
IEC 61882
Industrial hazard and operability study with guide words — critical for process industries.
FMEA / FMECA
Scenario
IEC 60812
Failure Mode & Effects Analysis with RPN scoring (Severity × Occurrence × Detection).
Fault Tree Analysis
Scenario
Top-down deductive failure analysis with boolean logic gates.
Insider Threat Assessment
Scenario
Structured employee / contractor risk assessment with behavioral indicators.
Social Engineering Risk
Scenario
Phishing, pretexting, baiting, tailgating — scenario-based exposure mapping.
Change Risk
Scenario
Pre-change risk assessment for IT changes, organization changes, and strategic pivots.
Sectoral(7)
COSO ERM
Sectoral
COSO 2017
Enterprise Risk Management framework popular in US-listed companies (SOX compliance).
Credit Risk
Sectoral
Basel III
PD / LGD / EAD modeling for credit exposure — banking sector.
ALM (Asset-Liability)
Sectoral
Balance sheet interest rate + liquidity risk for banks and insurance.
Concentration Risk
Sectoral
Herfindahl-Hirschman index for vendor, customer, geographic concentration + stress testing.
Systemic Risk
Sectoral
Cascading failure analysis across interconnected financial / infrastructure entities.
Legal & Regulatory Risk
Sectoral
Exposure mapping to litigation, sanctions, regulatory changes, fines.
Human Reliability Analysis
Sectoral
Critical in nuclear / aviation / healthcare — quantifies human error contribution.
Strategic(11)
TCFD Climate Scenarios
Strategic
TCFD 2017
Physical + transition risk under RCP 2.6/4.5/8.5 and NGFS scenarios to 2030/2050/2100.
Geopolitical Risk
Strategic
200+ country ratings, sanctions exposure, supply chain mapping, daily news feeds.
PESTEL Analysis
Strategic
Political, Economic, Social, Technological, Environmental, Legal external factors scan.
Risk-Based Approach (RBA)
Strategic
AML/CFT risk-based methodology for financial compliance (FATF + European directives).
Supply Chain Risk
Strategic
Multi-tier mapping (T1/T2/T3), single-source dependencies, geographic concentration.
Third-Party Risk
Strategic
Vendor questionnaires, due diligence, re-assessment, SOC 2 / ISO 27001 evidence.
Reputational Risk
Strategic
Brand exposure monitoring with media, social, and stakeholder sentiment analysis.
Strategic Risk
Strategic
Board-level risks to business model, market position, competitive pressure.
Business Process Risk
Strategic
Risk mapping per business process with control effectiveness scoring.
Project Risk
Strategic
PMI / PRINCE2
Project-level risk register with owner, probability, impact, mitigation per milestone.
Model Risk (SR 11-7)
Strategic
Fed SR 11-7
Risk of loss from adverse decisions based on incorrect model outputs — banking regulation.
Why it matters
No single methodology covers all your cases. Mature organizations combine 4 to 8 methods based on context.
Everyone uses their preferred method
Your cyber team loves FAIR, your BCM uses HAZOP, your CISO wants EBIOS. No more silos — all methods in one repository.
Cross-referencing automatic
A risk modeled in FAIR automatically appears in the ISO 27005 register. EBIOS scenarios populate the Bow-Tie trees.
Consistent reporting
Board dashboards aggregate qualitative + quantitative views. Translate FAIR € amounts into ISO heat map for regulators.