For CISOs
Prove DORA, NIS2 and ISO 27005 compliance without drowning your team in paperwork.
Your daily challenges
Multiple regulators and auditors
Each authority asks for the same evidence in a different shape, forcing your team to rebuild reports from scratch for every audit cycle.
Cyber risk stuck in silos
EBIOS RM sits in one sheet, ISO 27005 in another, and incident tickets never feed back into your risk register.
Third-party exposure is invisible
Critical suppliers change, contracts drift, and you only discover concentration risk after an incident hits the news.
Board reporting takes weeks
Translating technical findings into executive narratives means marathon slide sessions each quarter instead of real steering.
How ResiPlan helps
Multi-framework mapping
One control set, automatically cross-mapped to DORA, NIS2, ISO 27001/27005 and NIST CSF so you never fill two questionnaires for the same evidence.
Unified cyber risk register
EBIOS RM, ISO 27005 and FAIR share the same data model, turning incidents and supplier findings into a single euro-denominated view.
Continuous third-party oversight
Supplier criticality, contract clauses and questionnaires stay linked to live risks, triggering reviews before your next board meeting.
Audit-ready evidence on demand
Every control, test and approval is versioned with an immutable audit log, exportable in one click for regulators or internal audit.
Key features for you
EBIOS RM
Strategic scenarios, operational paths and workshops aligned with ANSSI guidance, linked to your controls and assets.
Threat intelligence
Curated feeds and MITRE ATT&CK mappings feed your scenarios so emerging threats translate into concrete risk updates.
Insider threat
Role-based monitoring, segregation of duties and behavioural indicators reduce exposure to malicious or negligent insiders.
Third-party risk
Suppliers, contracts, questionnaires and ICT concentration risk tracked against DORA Article 28 requirements in one register.
Incident response
IRP playbooks, severity scoring and DORA major incident reporting with 4h / 72h / monthly templates automated.
Audit trail
Immutable log of every access, change and approval with tamper-evident export for internal audit and regulators.
Before vs after ResiPlan
Without ResiPlan
- One Excel per framework, maintained by hand
- Audits mean weeks of chasing evidence across teams
- Cyber risks sit in silos with no consolidated view
- Regulatory reporting is a quarterly marathon
With ResiPlan
- One platform, all frameworks mapped and synced
- Evidence centralised, audit export in a single click
- Unified view of risks, controls and incidents
- DORA and NIS2 reports generated automatically
What your peers say
We migrated our EBIOS RM workshops into ResiPlan and reused the same controls for DORA reporting. Our last supervisory audit closed in four days instead of six weeks, with zero spreadsheets.
Frequently asked
Does ResiPlan support SSO and MFA for administrators?
Yes. SSO via SAML or OIDC is available on Professional, and MFA is mandatory for admin roles. We support Azure AD, Okta and Google Workspace out of the box.
How long are audit logs retained?
Audit logs are retained for seven years by default, with tamper-evident hashing and scheduled export to your SIEM or object storage if needed.
Is the platform pen-tested?
Yes. Annual third-party penetration tests and continuous vulnerability scans are performed. Executive summaries are available to customers on request under NDA.
Is customer data encrypted at rest?
Yes. AES-256 encryption at rest, TLS 1.3 in transit, per-tenant key scoping, and all infrastructure hosted in the European Union for GDPR alignment.
Can we run EBIOS RM alongside ISO 27005?
Absolutely. Both methodologies share the same asset and threat catalogue, so a scenario modelled in EBIOS RM automatically surfaces in ISO 27005 deliverables.