Everything you need to run resilience, risk, and compliance
9 functional domains, 60+ integrated features, 36 native risk methodologies — the richest BCMS + GRC platform on the European market.
Business Continuity Management
Everything needed to implement, certify and operate an ISO 22301 BCMS at scale.
Business Impact Analysis (BIA)
Collaborative BIA with 8 impact dimensions, RTO/RPO/MBCO auto-computation, dependency mapping, department questionnaires.
8 plan types library
BCP, BRP, DRP, IRP, ERP, CMP, CCP, SRP — each preconfigured per ISO 22301 with templates, versioning, approval workflow.
Mobile Reflex Cards
Quick-reference action cards pushable to crisis team mobile devices in seconds when minutes matter.
Tabletop Exercises
40+ scenario library, injection generator, timeline tracking, roles & observers, post-mortem template.
Dependencies cascade
Visual graph from business processes → applications → infrastructure → suppliers. One-click impact analysis on failure.
BCMS Maturity Assessment
Self-assessment against ISO 22301 with benchmark vs peers in the same sector / size bracket.
Stress Tests Engine
Plan-level stress testing with parameterized scenarios (cyber, physical, supply chain, regulatory).
Emergency Operations Center
Digital EOC with real-time dashboards, decision logging, multi-location coordination, public-private interface.
Business Processes mapping
BPMN 2.0 diagrams, ownership, criticality rating, SLA tracking — linked to BIAs and plans.
Risk Management
36 risk methodologies natively supported — the widest catalog on the market.
36 methodologies
FAIR, EBIOS RM, ISO 27005, Bow-Tie, FMEA, HAZOP, COSO ERM, NIST 800-30, MEHARI, OCTAVE, RBA, VaR, TCFD, PESTEL, HRA...
FAIR + Monte Carlo
Quantitative risk analysis with built-in Monte Carlo engine (10k+ iterations), loss distribution curves, expected loss.
EBIOS RM (ANSSI)
Full 5-workshop methodology: scoping, risk sources, strategic scenarios, operational scenarios, risk treatment.
Bow-Tie Analysis
Threat → top event → consequences visualization with preventive and reactive barriers + effectiveness rating.
HAZOP / FMEA
Industrial-grade hazard identification, failure mode analysis with RPN scoring, cross-linked to BIAs.
VaR / CVaR quantitative
Value at Risk + Conditional VaR with historical, variance-covariance and Monte Carlo approaches.
TCFD climate scenarios
Physical and transition risk under RCP 4.5 / 8.5 and NGFS scenarios. Time horizons 2030, 2050, 2100.
Insider Threat
Structured assessment of employee/contractor malicious or accidental risk with behavior indicators.
Concentration Risk
Vendor, geographic, customer concentration with Herfindahl-Hirschman index + stress testing.
Geopolitical Risk
Country-level ratings (200+ countries), sanction exposure, supply chain cartography, daily news feeds.
KRI / KPI dashboards
Key Risk Indicators with thresholds, alerts, trends. Linked to risks, controls, plans.
Risk Register + Treatment
Enterprise-wide register with accept / mitigate / transfer / avoid tracking, residual risk, action plans.
Compliance & Governance
Multi-framework compliance with cross-mapping, audit trail, and automated evidence collection.
Multi-framework mapping
DORA, NIS2, ISO 22301, ISO 27001, NIST CSF 2.0, CRA, GDPR, CyFun — cross-mapped. One control satisfies many frameworks.
2000+ controls library
Pre-mapped controls across all major frameworks with evidence templates, ownership, frequency.
Gap Analysis
Current vs target posture per framework with remediation roadmap, effort sizing, priority ranking.
Regulatory Watch
AI-curated feed of regulatory changes with impact analysis on your current controls.
Policies & Document Control
Policy templates library, version control, approval workflows, distribution tracking, acknowledgment logs.
Committees & Minutes
Meeting scheduler, agenda templates, minutes editor, decision tracker, action assignment.
Non-conformities
CAPA workflow (Corrective And Preventive Actions) with root cause analysis, owner, deadline, closure evidence.
Competency Matrix
Employee skills inventory, certifications tracking, training plan alignment with control operator roles.
Complete audit trail
Every CRUD action logged with user, timestamp, before/after diff, IP — for ISO 27001, SOC 2, DORA audits.
AI-Powered Features
AI accelerates analysis, draft generation, and decision support — with EU hosting and audit trail.
AI Analyst
13 industry-specific AI agents generating insights, anomaly detection, board-ready reports from your data.
AI Contract Analysis
Upload contract → instant gap report against DORA, NIS2, CRA, ISO 22301, GDPR in < 2 minutes.
Crisis Copilot
AI assistant during live incidents: reads context, drafts communications, suggests next actions.
Automated Reports
Board reports, regulator reports, exec summaries generated from your BCMS data in one click.
AI Regulatory Watch
LLM-powered scraping + classification + impact analysis of new EU/national regulations daily.
EBIOS suggestions
AI proposes risk sources, attack paths, missing clauses based on your industry + scope.
CMDB & Supply Chain
Full asset inventory linked to business processes, suppliers, and risks — the foundation for resilience.
IT Assets inventory
Applications, infrastructure, systems, data, facilities — unified view with criticality rating.
Suppliers & third-parties
Tier-1/2/3 supplier registry, criticality, SLA, risk scores, concentration analysis.
Dependencies graph
Interactive visualization: process → app → infra → supplier. Click any node to see upstream/downstream impact.
Vendor Risk Management
40+ question vendor questionnaires, due diligence workflow, re-assessment scheduler, SOC 2 / ISO 27001 evidence collection.
ServiceNow integration
Bi-directional sync of CIs, incidents, changes. Auto-import CMDB assets from ServiceNow.
Jira / Slack / Teams
Push incidents to Slack channels, create Jira tickets for risks, notify Teams during crisis.
Business processes + BPMN
BPMN 2.0 diagrams editor, process ownership, SLA targets, links to BIAs + plans.
Controls implementation
2000+ control library (ISO, NIST, COBIT) — assign to assets, suppliers, processes. Evidence tracking.
Crisis Management
From tabletop to live crisis — gamified training and real-time coordination.
Crisis Gaming
Interactive tabletop exercises with AI injections, decision scoring, multi-team simulation, post-mortem.
Scenario library
40+ scenarios: ransomware, natural disaster, supply chain disruption, pandemic, data breach, and sector-specific.
Digital crisis cell
Real-time collaboration space with role assignment, decision log, status dashboard, external stakeholder view.
Communication templates
Pre-approved templates for employees, customers, regulators, media — adjustable severity + tone.
Incident management
End-to-end incident workflow: detect → qualify → notify → remediate → close. ITIL + NIS2 ready.
War room EOC
Digital Emergency Operations Center with multi-screen layout, timeline, decision authority tracking.
CRA Compliance Suite
7 integrated modules to be ready for the Cyber Resilience Act deadline of 11 December 2027.
PDE Registry
Inventory Products with Digital Elements, classification, conformity route, CE marking, lifecycle.
SBOM Management
Import CycloneDX / SPDX, CVE cross-reference, version diff, supplier SBOM ingestion.
Coordinated Vulnerability Disclosure
RFC 9116 security.txt + public intake form + 8-state triage workflow + 30-day CVSS ≥ 7 SLA.
Annex I Matrix
13 essential CRA requirements × products + evidence library + readiness score for CE marking.
Security Updates Lifecycle
Patch history with CVE links + 5-year / 15-year support clock + customer notification log.
Market Surveillance
Pre-assembled audit dossiers + 15-business-day response timer for authority requests.
Climate & ESG
Climate resilience and ESG reporting aligned with CSRD, TCFD, GHG Protocol.
Carbon Footprint (Scope 1/2/3)
GHG Protocol compliant carbon accounting with emission factors, supplier scope 3, reduction plans.
TCFD Climate Scenarios
Physical + transition risk analysis under RCP 2.6/4.5/8.5 and NGFS Orderly/Disorderly/Hot House.
CSRD Reporting
ESRS-aligned reporting: environmental (E1-E5), social (S1-S4), governance (G1) data collection + audit evidence.
Site-level resilience
Per-site climate exposure heat maps (flood, wildfire, heat waves, drought) with adaptation plans.
Platform & Reporting
Multi-tenant, approval workflows, board-ready reports, and enterprise-grade observability.
Executive dashboards
Board-ready dashboards with risk heat maps, plan coverage, maturity trends, compliance scores.
Board & regulator reports
One-click report generation: ACPR, BCE, ENISA, SEC — pre-formatted for each authority.
Multi-step approvals
Parallel and sequential approval chains with notifications, delegation, audit trail.
Multi-tenant (groups / subsidiaries)
Hierarchical org structure: group-level rollup, subsidiary isolation, cross-entity risk aggregation.
Enterprise security
SSO SAML/OIDC, SCIM provisioning, MFA, RBAC (9 roles), EU hosting, SOC 2 Type II ready.
PWA offline mode
Progressive Web App with offline reflex cards, crisis docs caching, install on mobile/desktop.
Help center + in-app guides
Contextual tours, video tutorials, 500+ article knowledge base, live chat with BCMS experts.
67+ features, one platform
Free 14-day trial, no credit card. Access to all features during the evaluation period.