For CISOs
Prove DORA, NIS2 and ISO 27005 compliance without drowning your team in paperwork.
Your cyber exposure, quantified over time
From your CMDB's real vulnerabilities (CVSS, KEV, EPSS) and your network topology, a Monte-Carlo simulation models how a compromise spreads, asset by asset. You get each system's compromise probability over time, tagged with MITRE ATT&CK, plus a board-ready executive summary written by AI.
- Compromise-probability curves and time-to-compromise, per asset
- MITRE ATT&CK techniques exercised (Enterprise and ICS/OT)
- AI board summary and one-click PDF export
Jour 0 / 21
Your daily challenges
Multiple regulators and auditors
Each authority asks for the same evidence in a different shape, forcing your team to rebuild reports from scratch for every audit cycle.
Cyber risk stuck in silos
EBIOS RM sits in one sheet, ISO 27005 in another, and incident tickets never feed back into your risk register.
Third-party exposure is invisible
Critical suppliers change, contracts drift, and you only discover concentration risk after an incident hits the news.
Board reporting takes weeks
Translating technical findings into executive narratives means marathon slide sessions each quarter instead of real steering.
How ResiPlan helps
Multi-framework mapping
One control set, automatically cross-mapped to DORA, NIS2, ISO 27001/27005 and NIST CSF so you never fill two questionnaires for the same evidence.
Unified cyber risk register
EBIOS RM, ISO 27005 and FAIR share the same data model, turning incidents and supplier findings into a single euro-denominated view.
Continuous third-party oversight
Supplier criticality, contract clauses and questionnaires stay linked to live risks, triggering reviews before your next board meeting.
Audit-ready evidence on demand
Every control, test and approval is versioned with an immutable audit log, exportable in one click for regulators or internal audit.
How it works
- 1
Map your obligations
Cross-map DORA, NIS2, NIST CSF and ISO 27001 once — assess a control and see coverage across every framework.
- 2
Quantify the exposure
Turn cyber risk into euro-denominated, board-ready numbers with EBIOS RM, FAIR and live threat intelligence.
- 3
Close the gaps
Track third-party and insider risk, incident response and remediation from a single prioritised view.
- 4
Prove control
Evidence vault, immutable audit trail and one-click reports ready for auditors and the board.
Key features for you
EBIOS RM
Strategic scenarios, operational paths and workshops aligned with ANSSI guidance, linked to your controls and assets.
Threat intelligence
Curated feeds and MITRE ATT&CK mappings feed your scenarios so emerging threats translate into concrete risk updates.
Insider threat
Role-based monitoring, segregation of duties and behavioural indicators reduce exposure to malicious or negligent insiders.
Third-party risk
Suppliers, contracts, questionnaires and ICT concentration risk tracked against DORA Article 28 requirements in one register.
Incident response
IRP playbooks, severity scoring and DORA major incident reporting with 4h / 72h / monthly templates automated.
AI-generated BIA (new)
Resiplan AI reads your sector + frameworks (DORA/NIS2/CRA) and generates a contextual BIA questionnaire in 30 seconds. Full audit trail of AI context.
Cascade simulator (new)
Unified dependency graph + time-propagated cascade with EUR cost. Resiplan AI suggests missing dependencies from your BIA + CMDB + contracts.
Native mass notification (new)
SMS / voice / email / push / Slack / Teams triggered directly from incidents. Safety check-in + auto-escalation, GDPR-first. No separate Everbridge contract.
Audit trail
Immutable log of every access, change and approval with tamper-evident export for internal audit and regulators.
Before vs after ResiPlan
Without ResiPlan
- One Excel per framework, maintained by hand
- Audits mean weeks of chasing evidence across teams
- Cyber risks sit in silos with no consolidated view
- Regulatory reporting is a quarterly marathon
With ResiPlan
- One platform, all frameworks mapped and synced
- Evidence centralised, audit export in a single click
- Unified view of risks, controls and incidents
- DORA and NIS2 reports generated automatically
What your peers say
We migrated our EBIOS RM workshops into ResiPlan and reused the same controls for DORA reporting. Our last supervisory audit closed in four days instead of six weeks, with zero spreadsheets.
Frequently asked
Does ResiPlan support SSO and MFA for administrators?
Yes. SSO via SAML or OIDC is available on Professional, and MFA is mandatory for admin roles. We support Azure AD, Okta and Google Workspace out of the box.
How long are audit logs retained?
Audit logs are retained for seven years by default, with tamper-evident hashing and scheduled export to your SIEM or object storage if needed.
Is the platform pen-tested?
Yes. Annual third-party penetration tests and continuous vulnerability scans are performed. Executive summaries are available to customers on request under NDA.
Is customer data encrypted at rest?
Yes. AES-256 encryption at rest, TLS 1.3 in transit, per-tenant key scoping, and all infrastructure hosted in the European Union for GDPR alignment.
Can we run EBIOS RM alongside ISO 27005?
Absolutely. Both methodologies share the same asset and threat catalogue, so a scenario modelled in EBIOS RM automatically surfaces in ISO 27005 deliverables.