Skip to main content
GRC platform

Governance, Risk & Compliance — covered end to end

Most teams run governance in one tool, risk in spreadsheets and compliance in another. ResiPlan brings the three disciplines of GRC onto a single platform: one source of truth, one audit trail, and intelligence shared across every module.

The G, the R and the C — one platform

Three historically siloed disciplines, unified to carry a single resilience.

Resilience
G

Governance

40+ modules

PoliciesCommitteesInternal auditGDPREthics
R

Risk

36 methodologies · ISO 31000

EBIOS RMFAIRMonte CarloBow-TieTCFD
C

Compliance

20+ frameworks

DORANIS2CRAISO 27001NIST CSF

The G, the R and the C from one platform — not three tools to reconcile.

Why a single platform

One source of truth

Assets, risks, controls, plans and evidence share one repository — no more duplication across tools and spreadsheets.

Cross-module intelligence

Rate a control once and it flows across ISO 27001, NIS2, DORA. A risk triggers a plan; an incident feeds lessons learned.

Audit-ready by design

Tamper-evident audit trail, cross-framework evidence and audit bundles assembled for ISO 22301, DORA, NIS2, CRA.

G — Governance

All of your governance

Committees, policies, privacy, ethics, controls and assurance — 40+ governance modules, all in production.

Governance & oversight

  • Governance committees
  • Meeting minutes
  • Management reviews
  • Board reporting
  • Objectives / OKRs
  • Maturity assessments
  • Succession plans
  • Stakeholder register
  • Risk appetite
  • COSO ERM

Policy & documentation

  • Policy management
  • Policy generator
  • Policy templates
  • Standards library
  • Document control

Privacy & data protection (GDPR)

  • Privacy suite (DSAR)
  • RoPA (Art. 30)
  • DPIA (Art. 35)
  • Consent management
  • Data classification

Ethics & conduct

  • Ethics hotline
  • Whistleblowing case tracking

Controls & assurance

  • Internal audit
  • Audit findings
  • Audit evidence bundles
  • Tamper-evident audit trail
  • Non-conformities
  • CAPA
  • Continuous Control Monitoring
  • ISMS — ISO 27001
  • Approvals & workflows

Financial, HSE & contracts

  • Financial controls (SOX / CIF)
  • Model risk (SR 11-7)
  • Loss events (Basel)
  • WHS / EHS
  • Training & competency
  • CLM + AI contract intelligence
R — Risk

Risk, structured by ISO 31000

A full ISO 31000 register, overlaid with 36 methodologies and every major risk category.

  1. 1

    Context

    Scope, stakeholders and risk criteria captured per register.

  2. 2

    Identification

    Risk capture, fed by the CMDB and scenario libraries.

  3. 3

    Analysis

    Likelihood × impact, overlaid with FAIR, Monte Carlo, Bow-Tie…

  4. 4

    Evaluation

    Prioritisation against appetite and per-category tolerance.

  5. 5

    Treatment

    Treatment plans linked to controls, BCP/DRP plans and CAPA.

  6. 6

    Monitoring & review

    KRIs, review frequencies, sign-off and versioning.

Risk categories covered

Cyber & information security

  • EBIOS Risk Manager
  • FAIR
  • ISO 27005
  • OCTAVE Allegro
  • MEHARI
  • NIST SP 800-30

Operational & safety

  • FMEA / FMECA
  • HAZOP
  • Bow-Tie
  • Human Reliability (HRA)
  • Kinney
  • Fault Tree Analysis

Third-party & supply chain

  • Third-party risk
  • Vendor questionnaires
  • Supply-chain tiers (T1–T3)
  • ISO 27036

Human, insider & change

  • Insider threat
  • Social engineering
  • Change risk

Financial & sectoral

  • Credit risk (Basel III)
  • ALM
  • Concentration (HHI)
  • Systemic risk
  • Legal & regulatory
  • Model risk (SR 11-7)

Strategic, climate & external

  • COSO ERM
  • PESTEL
  • Geopolitical
  • TCFD climate
  • Risk-based approach (AML/CFT)
  • Reputational
  • Strategic
  • Project risk

Quantification & indicators

  • Monte Carlo
  • Value at Risk
  • CVaR / Expected Shortfall
  • KRIs
  • Appetite vs exposure
  • Threat intelligence
  • Dynamic attack graph
Covered — dedicated module in productionPartial — tracked / mapped, no dedicated moduleRoadmap — planned
C — Compliance

Compliance, framework by framework

Dedicated modules for DORA, NIS2, CRA, ISO, GDPR and national baselines — plus a mapping engine for everything else.

EU digital resilience

  • DORA — RoI, CIF, incidents, TLPT
  • NIS2 — 24h / 72h / 1-month
  • CRA — SBOM, CVD, Annex I

ISO & NIST standards

  • ISO/IEC 27001:2022
  • ISO 22301:2019
  • ISO 31000 / 27005
  • NIST CSF

National cyber baselines

  • ANSSI (FR)
  • BSI (DE)
  • BIO (NL)
  • CyFun (BE)
  • CYRA (NL)
  • ENS (ES)
  • FNCS (IT)

Privacy & financial control

  • GDPR
  • SOX 302 / 404
  • French CIF
  • J-SOX / ACPR-AMF

Supported for tracking & mapping

  • SOC 2
  • PCI DSS
  • HIPAA
  • COBIT
  • ITIL

Cross-framework intelligence

  • Cross-mapping & coverage
  • Gap analysis
  • Regulatory watch
  • Continuous Control Monitoring
  • Audit evidence bundles
Covered — dedicated module in productionPartial — tracked / mapped, no dedicated moduleRoadmap — planned

One platform for the G, the R and the C of your GRC

GRC Platform — Governance, Risk & Compliance coverage | ResiPlan