Overview
Plattform-Übersicht
Ein strukturierter Arbeitsraum mit praxisorientierten Leitfäden, Maßnahmen, Nachweisen und Methodik — um regulatorische Änderungen im Finanzsektor in Sollzustände, Testprogramme, Evidence Packs und Managemententscheidungen zu überführen.
Was ist die Resilience Platform?
Die Resilience Platform ist ein strukturierter regulatorischer Arbeitsraum für Finanzinstitute, Versicherungen und IKT-Dienstleister. Sie übersetzt aufsichtsrechtliche Vorgaben aus DORA, MaRisk, NIS2 und ISO 27001 in prüfbare Sollmaßnahmen, Testprogramme, Evidence Packs und Managemententscheidungen.
Unlike traditional GRC tools, the focus is on operationalization: Instead of just documenting requirements, the platform delivers concrete workflows, decision templates, crosswalk analyses, and automated evidence management — tailored to the role- and institution-specific proportionality of each regulatory regime.
Alle Module
The platform covers all modules for regulatory operational and ICT resilience.
Kernmodule
- DORA — Digital Operational Resilience Act
- MaRisk — Minimum Requirements for Risk Management
- ISO 27001 — Information Security Management System
- Cyber Risk — ICT Risk Management
Produkte
- Exit & Portability
- Testing & Test Programmes
- Detection & SIEM Analysis
- Playbooks & Incident Response
- BCM & Business Continuity
Tools
- Compliance Check & Regulatory Radar
- Business Case & Impact Analysis
- Crosswalk & Regulatory Comparison
- Control Monitor & Evidence Ledger
- Scenario & Supplier Concentration
Dashboard & Navigation
- Role Dashboard
- Reports Dashboard
- Governance Dashboard
- Graph & Dependency Visualization
- HTML Sitemap
77
Module
103
Sollmaßnahmen
116
Evidence-Items
762
Routen
DORA
ProduktivDigital Operational Resilience Act: IKT-Risikomanagement, Vorfallmanagement, Resilienztests, Drittparteienrisiko.
103 Sollmaßnahmen
NIS2 Readiness
ProduktivEU 2022/2555: Betroffenheitsprüfung, Governance, Cyber-Risikomanagement, Incident-Reporting, Lieferkette.
MaRisk
ProduktivMindestanforderungen an das Risikomanagement: Governance, Auslagerung, Risikosteuerung, Interne Revision.
ISO 27001
ProduktivISO/IEC 27001:2022 als internationaler Kontrollanker mit 93 Annex-A-Controls und Evidence-Matrix.
Cyber Risk
Produktiv12 Kontrollziele für systematische Cyber-Sicherheit, abgestimmt auf DORA und ISO 27001.
Open Source & SBOM
ProduktivDORA-konforme OSS-Steuerung: SBOMs, Schwachstellen, Patch-Entscheidungen, Lieferantenanforderungen.
6 Sollmaßnahmen
Incident & Crisis Playbooks
Produktiv8 strukturierte Playbooks: IKT-Triage, Ransomware, Cloud-Ausfall, Drittanbieter, Meldung, Krisenstab, IT-Störung, Lieferkettenangriff.
Governance & Human Gates
Produktiv9 Human Gates + Decision Log + Governance Dashboard für Management, Risikoakzeptanz, Legal, Datenschutz.
AI Governance
ProduktivAgent Registry mit Input-/Output-Regeln, Human Gates, Datenklassen und Review-Pflichten.
Crosswalk
Produktiv10-Zeilen-Mapping NIS2/DORA/ISO 27001/Cyber Risk mit CSV- und PDF-Export.
BCM — Business Continuity
ProduktivDORA Art. 11, ISO 22301: BCM-Policy, BIA, Testing, Krisenmanagement, Evidence.
Audit Management
ProduktivPrüfungsmanagement: Planung, Nachweise, Findings, Management Review, Auditor-Interaktion.
Incident Reporting (BaFin)
ProduktivDORA Art. 19: Gestaffelte Meldepflicht 24h/72h/1M, Meldeformulare, Fristen, Evidence-Checkliste.
Cloud Security
ProduktivCSA CCM v4.0, DORA Art. 11(3): Governance, Controls, Multi-Cloud Risk, Cloud Resilience.
Privacy Management (DSGVO)
ProduktivDSGVO-Compliance: Betroffenenrechte, Verfahrensverzeichnis Art. 30, DSGVO-Audit.
Physical Security
ProduktivISO 27001 A.11: Zutrittskontrolle, Video & Alarm, Redundanz, DR-Standort.
IAM — Identity & Access
ProduktivISO 27001 A.9: IAM-Governance, RBAC, Berechtigungen, Identity Lifecycle (JML).
Change Management
ProduktivITIL, ISO 27001 A.12: Änderungsprozess, CAB, Release Management, Change-Audit.
Cryptography
ProduktivBSI TR-02102, ISO 27001 A.10: Verschlüsselung, PKI, Key-Management, HSM.
Network Security
ProduktivISO 27001 A.13: Netzsegmentierung, Firewall, VPN, Netzmonitoring, SIEM.
Data Loss Prevention
ProduktivISO 27001 A.8.12, DORA Art. 9: Datenklassifizierung, DLP Controls, Incident Response.
Review Packs
ProduktivManagement-Review-Generator für DORA, NIS2, Cyber Risk, ISO 27001 und AI Governance mit JSON-Download.
BSI Technology Risk Crosswalk
Produktiv9 Digitalisierungsaktivitäten × 13 Technologien: Risikobewertung nach BSI 200-2/200-3.
Open Finance Security
ProduktivAPI-Sicherheit, OAuth/FAPI, mTLS-Zertifikatsmanagement für Open Finance und Banking-as-a-Service.
Automation Risk
ProduktivRPA- und Low-Code/No-Code-Governance mit Bot-Identity-Management und Shadow-Automation-Kontrolle.
Vulnerability Assessment
ProduktivValidierte Schwachstellen-Workbench mit Scan/Assessment/Pentest-Methodik, Resilience Priority Scoring und OWASP/NIST-Integration.
SIEM Risk Analysis
ProduktivDORA Art. 10: Asset-spezifische SIEM-Bewertung mit BSI 200-3, Brutto/Netto-Risiko und kompensierenden Kontrollen.
Scenario Simulation Studio
Produktiv6 DORA-Bedrohungsszenarien mit Decision-Gates, Evidence-Checklisten und interaktiver Simulation.
Regulatory Impact Engine
ProduktivRadar-Signale automatisch in betroffene Frameworks, Rollen, To-dos und Decision-Log-Einträge übersetzen.
Supplier Concentration
Produktiv47 Lieferanten-Tracking, Konzentrationsrisiko-Analyse mit CSS-Bars, DORA Art. 28–31-Compliance.
OSS/SBOM Hub
Produktiv468 Komponenten-Inventar, SBOM-Generator, License/Vuln/Freshness-Governance-Cards.
Secure Dev Lifecycle
Produktiv5-Step SDLC Pipeline, 8 SDL-Controls, OWASP Top 10 Mapping, DORA Art. 16 Compliance.
Reports Dashboard
Produktiv6 Report-Vorlagen (DORA/NIS2/SIEM/Vuln/Evidence/ICT-TPR) mit Format-Badges und Export-Historie.
SWIFT CSP Assessment
Produktiv48 Prüferanforderungen in 21 Kontrollbereichen. Evidence Packs, DORA-/MaRisk-Mapping, SOAR-Antwortleitfäden.
Governance Dashboard
Produktiv9 Human Gates in Matrix-Darstellung, 5 aktuelle Decisions mit Status, Quick Stats.
Local AI Reviewer
AlphaAir-gap-fähiger Code/Doc-Reviewer: OWASP, CSP, PII, DORA-Control-Mapping — lokal, kein Cloud-Upload.
Resilience Radar Newsletter
ProduktivWöchentliche regulatorische Signale per E-Mail. Double-Opt-in, 7 Topics, kein Tracking.
Dashboard
ProduktivZentrale Übersicht mit Live-Statistiken, Compliance-Score, Radar-Preview und Quick-Actions.
Resilience Graph
ProduktivZentrales Objektmodell: 16 Anforderungen × 10 Controls × 379 Maßnahmen vernetzt. JSON-Export mit SHA-256.
Evidence Ledger
ProduktivArtifact-Management mit SHA-256, Klassifikation, Review-Status und Retention. Keine Datei ohne Manifest.
Control Monitor
ProduktivContinuous Monitoring: Evidence-Freshness, überfällige Reviews, offene Findings. Ampel-System (grün/gelb/rot).
Sitemap
ProduktivHTML-Sitemap mit 19 Gruppen und 80+ Seiten. Strukturierte Navigation über alle Module.
AVV (Data Processing Agreement)
ProduktivGDPR-compliant data processing agreement per Art. 28 with SCC and sub-processor governance.
TOM (Technical and Organizational Measures)
ProduktivAll TOM categories per GDPR Art. 32: access, entry, disclosure, input, and availability controls.
SLA (Service Level Agreements)
ProduktivAvailability, performance, support, and security SLAs with escalation matrix.
Exit Management
ProduktivStructured contract termination, data return and deletion with transition support.
Software Supply Chain
PreviewDual-gate control framework for artifact procurement, dependency governance, and build security.
Build Security
PreviewBuild process controls, artifact integrity, deployment evidence.
Dependency Governance
PreviewLockfile management, SCA, update governance and risk acceptance.
ICT Risk Register
NeuCentral risk register for ICT risks per DORA Art. 5-8 with risk matrix and treatment.
Vendor Scorecard
NeuAssessment of ICT third-party providers by security, compliance, availability, support, and innovation.
Report Builder
NeuCompliance reports for DORA, MaRisk, ISO 27001 and NIS2 with templates and export.
Incident Response Drill
NeuInteractive incident response exercises with realistic scenarios, timer and scoring.
Gap Analysis Tool
NeuFramework comparison: DORA, MaRisk, ISO 27001 and NIS2 — automatically detect gaps.
BCM Workspace
NeuBusiness Continuity Management: BIA, risk scenarios, test management and contingency plans.
MaRisk 10. Novelle
NeuPractical implementation tool for the 10th MaRisk amendment with gap analysis and action tracking.
NIS2 Readiness Check
NeuInteractive NIS2 compliance check with sector selection, threshold analysis and requirement tracking.
Cross-Framework Navigator
NeuInteractive matrix comparing DORA, MaRisk, ISO 27001, NIS2 and AI Act coverage.
Industry Rollout Guides
NeuTailored compliance guides for banks, insurers, payment institutions and ICT providers.
Regulatory Monitor
NeuLive monitoring of BaFin, EBA, ESMA, EIOPA and Bundesbank regulatory sources.
Executive Dashboard
NeuLeadership overview: compliance scores, risk register, vendor status, alerts and platform health.
Compliance Advisor
NeuAI-powered compliance scores and prioritized improvement recommendations.
Compliance Monitor
NeuReal-time compliance monitoring with automated metrics from risks, vendors, gaps and alerts.
Command Center
NeuIntegrated live dashboard combining risks, vendors, compliance scores, alerts, and platform health.
Monthly Compliance Report
NeuAggregated compliance report with scores, risk summary, vendor overview, alerts and evidence gaps.
ESG Compliance
NeuCSRD, EU Taxonomy and SFDR compliance tracking with requirements and deadlines.
Compliance Timeline
NeuRegulatory milestones, deadlines and compliance events across all frameworks.
Compliance Training
NeuInteractive compliance training modules for DORA, MaRisk, ISO 27001 and NIS2.
Vendor Risk Assessment
NeuAutomated vendor risk evaluation with weighted scoring across security, compliance and operations.
Integrated View
NeuCross-module relationships: how risks connect to measures, evidence and reports.
Enterprise Identity & Tenancy
NeuTenant model, RBAC matrix, SSO/SAML, SCIM provisioning and MFA overview.
Board Pack Generator
NeuOne-click board pack generation with evidence manifest, redaction log and signed exports.
Audit Pack Generator
NeuAudit evidence pack with findings tracking, control assessment and integrity verification.
Onboarding Wizard
NeuGuided onboarding for CISO, ICT Risk, TPRM, Compliance, Audit and Board roles.
Import Pipeline
NeuCSV and API import for vendors, contracts, services, regulated activities and identifiers.
Customer Assurance Room
NeuSecure NDA-gated document access with watermarking, access logs and expiry tracking.
Due Diligence Documents
NeuComplete due diligence document register: DPA, TOM, SLA, subprocessors, backup, retention and more.
Quick Links
Quick Links
Für welche Rollen?
The Resilience Platform addresses all responsibilities in regulatory resilience management of a financial institution.
CISO
ICT risk management, security strategy, incident governance
Risk Manager
Risk analysis, scenarios, supplier concentration, BIA
Compliance Officer
Regulatory mapping, crosswalk, reporting obligations
Internal Auditor
Audit procedures, evidence packs, test programmes
IT Security Officer
Security controls, SIEM, vulnerability management
Department Head
Business impact, exit planning, business continuity
Data Protection Officer (DPO)
DPA, TOM, GDPR evidence, processing oversight
Board / Executive
Reports, decision templates, governance overview
Regulatorische Abdeckung
The platform covers all major regulatory regimes for financial institutions in the DACH region.
DORA
Digital Operational Resilience Act — EU Regulation 2022/2554 for ICT risk management, testing, incident reporting and third-party risk.
MaRisk
Minimum Requirements for Risk Management (BA) — AT 7, AT 9, BT 3 for ICT risks, outsourcing and business continuity.
NIS2
Network and Information Security Directive — EU Directive 2022/2555 for critical infrastructure, reporting and supply chain security.
ISO 27001
Information Security Management System — ISMS setup, controls, audit evidence and certification preparation.
Technische Basis
The Resilience Platform is built on a modern, lean technology stack.
Laravel
PHP-Framework v13 — Routing, Eloquent ORM, Queue, Events, Testing
Filament
Admin Panel & UI-Komponenten v5 — Formulare, Tabellen, Widgets, Multi-Tenancy
SQLite
Datenbank — Dateibasiert, wartungsarm, ideal für Middle-Enterprise-Plattformen