Governance, Risk & Compliance — covered end to end
Most teams run governance in one tool, risk in spreadsheets and compliance in another. ResiPlan brings the three disciplines of GRC onto a single platform: one source of truth, one audit trail, and intelligence shared across every module.
The G, the R and the C — one platform
Three historically siloed disciplines, unified to carry a single resilience.
Governance
40+ modules
Risk
36 methodologies · ISO 31000
Compliance
20+ frameworks
The G, the R and the C from one platform — not three tools to reconcile.
Why a single platform
One source of truth
Assets, risks, controls, plans and evidence share one repository — no more duplication across tools and spreadsheets.
Cross-module intelligence
Rate a control once and it flows across ISO 27001, NIS2, DORA. A risk triggers a plan; an incident feeds lessons learned.
Audit-ready by design
Tamper-evident audit trail, cross-framework evidence and audit bundles assembled for ISO 22301, DORA, NIS2, CRA.
All of your governance
Committees, policies, privacy, ethics, controls and assurance — 40+ governance modules, all in production.
Governance & oversight
- Governance committees
- Meeting minutes
- Management reviews
- Board reporting
- Objectives / OKRs
- Maturity assessments
- Succession plans
- Stakeholder register
- Risk appetite
- COSO ERM
Policy & documentation
- Policy management
- Policy generator
- Policy templates
- Standards library
- Document control
Privacy & data protection (GDPR)
- Privacy suite (DSAR)
- RoPA (Art. 30)
- DPIA (Art. 35)
- Consent management
- Data classification
Ethics & conduct
- Ethics hotline
- Whistleblowing case tracking
Controls & assurance
- Internal audit
- Audit findings
- Audit evidence bundles
- Tamper-evident audit trail
- Non-conformities
- CAPA
- Continuous Control Monitoring
- ISMS — ISO 27001
- Approvals & workflows
Financial, HSE & contracts
- Financial controls (SOX / CIF)
- Model risk (SR 11-7)
- Loss events (Basel)
- WHS / EHS
- Training & competency
- CLM + AI contract intelligence
Risk, structured by ISO 31000
A full ISO 31000 register, overlaid with 36 methodologies and every major risk category.
- 1
Context
Scope, stakeholders and risk criteria captured per register.
- 2
Identification
Risk capture, fed by the CMDB and scenario libraries.
- 3
Analysis
Likelihood × impact, overlaid with FAIR, Monte Carlo, Bow-Tie…
- 4
Evaluation
Prioritisation against appetite and per-category tolerance.
- 5
Treatment
Treatment plans linked to controls, BCP/DRP plans and CAPA.
- 6
Monitoring & review
KRIs, review frequencies, sign-off and versioning.
Risk categories covered
Cyber & information security
- EBIOS Risk Manager
- FAIR
- ISO 27005
- OCTAVE Allegro
- MEHARI
- NIST SP 800-30
Operational & safety
- FMEA / FMECA
- HAZOP
- Bow-Tie
- Human Reliability (HRA)
- Kinney
- Fault Tree Analysis
Third-party & supply chain
- Third-party risk
- Vendor questionnaires
- Supply-chain tiers (T1–T3)
- ISO 27036
Human, insider & change
- Insider threat
- Social engineering
- Change risk
Financial & sectoral
- Credit risk (Basel III)
- ALM
- Concentration (HHI)
- Systemic risk
- Legal & regulatory
- Model risk (SR 11-7)
Strategic, climate & external
- COSO ERM
- PESTEL
- Geopolitical
- TCFD climate
- Risk-based approach (AML/CFT)
- Reputational
- Strategic
- Project risk
Quantification & indicators
- Monte Carlo
- Value at Risk
- CVaR / Expected Shortfall
- KRIs
- Appetite vs exposure
- Threat intelligence
- Dynamic attack graph
Compliance, framework by framework
Dedicated modules for DORA, NIS2, CRA, ISO, GDPR and national baselines — plus a mapping engine for everything else.
EU digital resilience
- DORA — RoI, CIF, incidents, TLPT
- NIS2 — 24h / 72h / 1-month
- CRA — SBOM, CVD, Annex I
ISO & NIST standards
- ISO/IEC 27001:2022
- ISO 22301:2019
- ISO 31000 / 27005
- NIST CSF
National cyber baselines
- ANSSI (FR)
- BSI (DE)
- BIO (NL)
- CyFun (BE)
- CYRA (NL)
- ENS (ES)
- FNCS (IT)
Privacy & financial control
- GDPR
- SOX 302 / 404
- French CIF
- J-SOX / ACPR-AMF
Supported for tracking & mapping
- SOC 2
- PCI DSS
- HIPAA
- COBIT
- ITIL
Cross-framework intelligence
- Cross-mapping & coverage
- Gap analysis
- Regulatory watch
- Continuous Control Monitoring
- Audit evidence bundles