Zum Inhalt springen

Overview

Plattform-Übersicht

Ein strukturierter Arbeitsraum mit praxisorientierten Leitfäden, Maßnahmen, Nachweisen und Methodik — um regulatorische Änderungen im Finanzsektor in Sollzustände, Testprogramme, Evidence Packs und Managemententscheidungen zu überführen.

Hinweis: Diese Seite ist eine Umsetzungshilfe und ersetzt keine Rechtsberatung oder verbindliche aufsichtsrechtliche Auslegung.

Was ist die Resilience Platform?

Die Resilience Platform ist ein strukturierter regulatorischer Arbeitsraum für Finanzinstitute, Versicherungen und IKT-Dienstleister. Sie übersetzt aufsichtsrechtliche Vorgaben aus DORA, MaRisk, NIS2 und ISO 27001 in prüfbare Sollmaßnahmen, Testprogramme, Evidence Packs und Managemententscheidungen.

Unlike traditional GRC tools, the focus is on operationalization: Instead of just documenting requirements, the platform delivers concrete workflows, decision templates, crosswalk analyses, and automated evidence management — tailored to the role- and institution-specific proportionality of each regulatory regime.

Alle Module

The platform covers all modules for regulatory operational and ICT resilience.

Kernmodule

  • DORA — Digital Operational Resilience Act
  • MaRisk — Minimum Requirements for Risk Management
  • ISO 27001 — Information Security Management System
  • Cyber Risk — ICT Risk Management

Produkte

  • Exit & Portability
  • Testing & Test Programmes
  • Detection & SIEM Analysis
  • Playbooks & Incident Response
  • BCM & Business Continuity

Tools

  • Compliance Check & Regulatory Radar
  • Business Case & Impact Analysis
  • Crosswalk & Regulatory Comparison
  • Control Monitor & Evidence Ledger
  • Scenario & Supplier Concentration

Dashboard & Navigation

  • Role Dashboard
  • Reports Dashboard
  • Governance Dashboard
  • Graph & Dependency Visualization
  • HTML Sitemap

77

Module

103

Sollmaßnahmen

116

Evidence-Items

762

Routen

DORA

Produktiv

Digital Operational Resilience Act: IKT-Risikomanagement, Vorfallmanagement, Resilienztests, Drittparteienrisiko.

103 Sollmaßnahmen

NIS2 Readiness

Produktiv

EU 2022/2555: Betroffenheitsprüfung, Governance, Cyber-Risikomanagement, Incident-Reporting, Lieferkette.

MaRisk

Produktiv

Mindestanforderungen an das Risikomanagement: Governance, Auslagerung, Risikosteuerung, Interne Revision.

ISO 27001

Produktiv

ISO/IEC 27001:2022 als internationaler Kontrollanker mit 93 Annex-A-Controls und Evidence-Matrix.

Cyber Risk

Produktiv

12 Kontrollziele für systematische Cyber-Sicherheit, abgestimmt auf DORA und ISO 27001.

Open Source & SBOM

Produktiv

DORA-konforme OSS-Steuerung: SBOMs, Schwachstellen, Patch-Entscheidungen, Lieferantenanforderungen.

6 Sollmaßnahmen

Incident & Crisis Playbooks

Produktiv

8 strukturierte Playbooks: IKT-Triage, Ransomware, Cloud-Ausfall, Drittanbieter, Meldung, Krisenstab, IT-Störung, Lieferkettenangriff.

Governance & Human Gates

Produktiv

9 Human Gates + Decision Log + Governance Dashboard für Management, Risikoakzeptanz, Legal, Datenschutz.

AI Governance

Produktiv

Agent Registry mit Input-/Output-Regeln, Human Gates, Datenklassen und Review-Pflichten.

Crosswalk

Produktiv

10-Zeilen-Mapping NIS2/DORA/ISO 27001/Cyber Risk mit CSV- und PDF-Export.

BCM — Business Continuity

Produktiv

DORA Art. 11, ISO 22301: BCM-Policy, BIA, Testing, Krisenmanagement, Evidence.

Audit Management

Produktiv

Prüfungsmanagement: Planung, Nachweise, Findings, Management Review, Auditor-Interaktion.

Incident Reporting (BaFin)

Produktiv

DORA Art. 19: Gestaffelte Meldepflicht 24h/72h/1M, Meldeformulare, Fristen, Evidence-Checkliste.

Cloud Security

Produktiv

CSA CCM v4.0, DORA Art. 11(3): Governance, Controls, Multi-Cloud Risk, Cloud Resilience.

Privacy Management (DSGVO)

Produktiv

DSGVO-Compliance: Betroffenenrechte, Verfahrensverzeichnis Art. 30, DSGVO-Audit.

Physical Security

Produktiv

ISO 27001 A.11: Zutrittskontrolle, Video & Alarm, Redundanz, DR-Standort.

IAM — Identity & Access

Produktiv

ISO 27001 A.9: IAM-Governance, RBAC, Berechtigungen, Identity Lifecycle (JML).

Change Management

Produktiv

ITIL, ISO 27001 A.12: Änderungsprozess, CAB, Release Management, Change-Audit.

Cryptography

Produktiv

BSI TR-02102, ISO 27001 A.10: Verschlüsselung, PKI, Key-Management, HSM.

Network Security

Produktiv

ISO 27001 A.13: Netzsegmentierung, Firewall, VPN, Netzmonitoring, SIEM.

Data Loss Prevention

Produktiv

ISO 27001 A.8.12, DORA Art. 9: Datenklassifizierung, DLP Controls, Incident Response.

Review Packs

Produktiv

Management-Review-Generator für DORA, NIS2, Cyber Risk, ISO 27001 und AI Governance mit JSON-Download.

BSI Technology Risk Crosswalk

Produktiv

9 Digitalisierungsaktivitäten × 13 Technologien: Risikobewertung nach BSI 200-2/200-3.

Open Finance Security

Produktiv

API-Sicherheit, OAuth/FAPI, mTLS-Zertifikatsmanagement für Open Finance und Banking-as-a-Service.

Automation Risk

Produktiv

RPA- und Low-Code/No-Code-Governance mit Bot-Identity-Management und Shadow-Automation-Kontrolle.

Vulnerability Assessment

Produktiv

Validierte Schwachstellen-Workbench mit Scan/Assessment/Pentest-Methodik, Resilience Priority Scoring und OWASP/NIST-Integration.

SIEM Risk Analysis

Produktiv

DORA Art. 10: Asset-spezifische SIEM-Bewertung mit BSI 200-3, Brutto/Netto-Risiko und kompensierenden Kontrollen.

Scenario Simulation Studio

Produktiv

6 DORA-Bedrohungsszenarien mit Decision-Gates, Evidence-Checklisten und interaktiver Simulation.

Regulatory Impact Engine

Produktiv

Radar-Signale automatisch in betroffene Frameworks, Rollen, To-dos und Decision-Log-Einträge übersetzen.

Supplier Concentration

Produktiv

47 Lieferanten-Tracking, Konzentrationsrisiko-Analyse mit CSS-Bars, DORA Art. 28–31-Compliance.

OSS/SBOM Hub

Produktiv

468 Komponenten-Inventar, SBOM-Generator, License/Vuln/Freshness-Governance-Cards.

Secure Dev Lifecycle

Produktiv

5-Step SDLC Pipeline, 8 SDL-Controls, OWASP Top 10 Mapping, DORA Art. 16 Compliance.

Reports Dashboard

Produktiv

6 Report-Vorlagen (DORA/NIS2/SIEM/Vuln/Evidence/ICT-TPR) mit Format-Badges und Export-Historie.

SWIFT CSP Assessment

Produktiv

48 Prüferanforderungen in 21 Kontrollbereichen. Evidence Packs, DORA-/MaRisk-Mapping, SOAR-Antwortleitfäden.

Governance Dashboard

Produktiv

9 Human Gates in Matrix-Darstellung, 5 aktuelle Decisions mit Status, Quick Stats.

Local AI Reviewer

Alpha

Air-gap-fähiger Code/Doc-Reviewer: OWASP, CSP, PII, DORA-Control-Mapping — lokal, kein Cloud-Upload.

Resilience Radar Newsletter

Produktiv

Wöchentliche regulatorische Signale per E-Mail. Double-Opt-in, 7 Topics, kein Tracking.

Dashboard

Produktiv

Zentrale Übersicht mit Live-Statistiken, Compliance-Score, Radar-Preview und Quick-Actions.

Resilience Graph

Produktiv

Zentrales Objektmodell: 16 Anforderungen × 10 Controls × 379 Maßnahmen vernetzt. JSON-Export mit SHA-256.

Evidence Ledger

Produktiv

Artifact-Management mit SHA-256, Klassifikation, Review-Status und Retention. Keine Datei ohne Manifest.

Control Monitor

Produktiv

Continuous Monitoring: Evidence-Freshness, überfällige Reviews, offene Findings. Ampel-System (grün/gelb/rot).

Sitemap

Produktiv

HTML-Sitemap mit 19 Gruppen und 80+ Seiten. Strukturierte Navigation über alle Module.

AVV (Data Processing Agreement)

Produktiv

GDPR-compliant data processing agreement per Art. 28 with SCC and sub-processor governance.

TOM (Technical and Organizational Measures)

Produktiv

All TOM categories per GDPR Art. 32: access, entry, disclosure, input, and availability controls.

SLA (Service Level Agreements)

Produktiv

Availability, performance, support, and security SLAs with escalation matrix.

Exit Management

Produktiv

Structured contract termination, data return and deletion with transition support.

Software Supply Chain

Preview

Dual-gate control framework for artifact procurement, dependency governance, and build security.

Build Security

Preview

Build process controls, artifact integrity, deployment evidence.

Dependency Governance

Preview

Lockfile management, SCA, update governance and risk acceptance.

ICT Risk Register

Neu

Central risk register for ICT risks per DORA Art. 5-8 with risk matrix and treatment.

Vendor Scorecard

Neu

Assessment of ICT third-party providers by security, compliance, availability, support, and innovation.

Report Builder

Neu

Compliance reports for DORA, MaRisk, ISO 27001 and NIS2 with templates and export.

Incident Response Drill

Neu

Interactive incident response exercises with realistic scenarios, timer and scoring.

Gap Analysis Tool

Neu

Framework comparison: DORA, MaRisk, ISO 27001 and NIS2 — automatically detect gaps.

BCM Workspace

Neu

Business Continuity Management: BIA, risk scenarios, test management and contingency plans.

MaRisk 10. Novelle

Neu

Practical implementation tool for the 10th MaRisk amendment with gap analysis and action tracking.

NIS2 Readiness Check

Neu

Interactive NIS2 compliance check with sector selection, threshold analysis and requirement tracking.

Cross-Framework Navigator

Neu

Interactive matrix comparing DORA, MaRisk, ISO 27001, NIS2 and AI Act coverage.

Industry Rollout Guides

Neu

Tailored compliance guides for banks, insurers, payment institutions and ICT providers.

Regulatory Monitor

Neu

Live monitoring of BaFin, EBA, ESMA, EIOPA and Bundesbank regulatory sources.

Executive Dashboard

Neu

Leadership overview: compliance scores, risk register, vendor status, alerts and platform health.

Compliance Advisor

Neu

AI-powered compliance scores and prioritized improvement recommendations.

Compliance Monitor

Neu

Real-time compliance monitoring with automated metrics from risks, vendors, gaps and alerts.

Command Center

Neu

Integrated live dashboard combining risks, vendors, compliance scores, alerts, and platform health.

Monthly Compliance Report

Neu

Aggregated compliance report with scores, risk summary, vendor overview, alerts and evidence gaps.

ESG Compliance

Neu

CSRD, EU Taxonomy and SFDR compliance tracking with requirements and deadlines.

Compliance Timeline

Neu

Regulatory milestones, deadlines and compliance events across all frameworks.

Compliance Training

Neu

Interactive compliance training modules for DORA, MaRisk, ISO 27001 and NIS2.

Vendor Risk Assessment

Neu

Automated vendor risk evaluation with weighted scoring across security, compliance and operations.

Integrated View

Neu

Cross-module relationships: how risks connect to measures, evidence and reports.

Enterprise Identity & Tenancy

Neu

Tenant model, RBAC matrix, SSO/SAML, SCIM provisioning and MFA overview.

Board Pack Generator

Neu

One-click board pack generation with evidence manifest, redaction log and signed exports.

Audit Pack Generator

Neu

Audit evidence pack with findings tracking, control assessment and integrity verification.

Onboarding Wizard

Neu

Guided onboarding for CISO, ICT Risk, TPRM, Compliance, Audit and Board roles.

Import Pipeline

Neu

CSV and API import for vendors, contracts, services, regulated activities and identifiers.

Customer Assurance Room

Neu

Secure NDA-gated document access with watermarking, access logs and expiry tracking.

Due Diligence Documents

Neu

Complete due diligence document register: DPA, TOM, SLA, subprocessors, backup, retention and more.

Quick Links

Für welche Rollen?

The Resilience Platform addresses all responsibilities in regulatory resilience management of a financial institution.

CISO

ICT risk management, security strategy, incident governance

Risk Manager

Risk analysis, scenarios, supplier concentration, BIA

Compliance Officer

Regulatory mapping, crosswalk, reporting obligations

Internal Auditor

Audit procedures, evidence packs, test programmes

IT Security Officer

Security controls, SIEM, vulnerability management

Department Head

Business impact, exit planning, business continuity

Data Protection Officer (DPO)

DPA, TOM, GDPR evidence, processing oversight

Board / Executive

Reports, decision templates, governance overview

Regulatorische Abdeckung

The platform covers all major regulatory regimes for financial institutions in the DACH region.

DORA

Digital Operational Resilience Act — EU Regulation 2022/2554 for ICT risk management, testing, incident reporting and third-party risk.

MaRisk

Minimum Requirements for Risk Management (BA) — AT 7, AT 9, BT 3 for ICT risks, outsourcing and business continuity.

NIS2

Network and Information Security Directive — EU Directive 2022/2555 for critical infrastructure, reporting and supply chain security.

ISO 27001

Information Security Management System — ISMS setup, controls, audit evidence and certification preparation.

Technische Basis

The Resilience Platform is built on a modern, lean technology stack.

Laravel

PHP-Framework v13 — Routing, Eloquent ORM, Queue, Events, Testing

Filament

Admin Panel & UI-Komponenten v5 — Formulare, Tabellen, Widgets, Multi-Tenancy

SQLite

Datenbank — Dateibasiert, wartungsarm, ideal für Middle-Enterprise-Plattformen