Customer evidence pack
For every deployment (customer × site × product version), Resilic assembles a printable security evidence pack — the answer to the security questionnaires your customers send you. NIS2-regulated operators are the sharpest case, but the same document serves TISAX, ISO 27001, and insurance asks.
What’s in the pack
Section titled “What’s in the pack”The pack is generated fresh from data Resilic already holds, per deployment:
- Prepared for — the deployment’s customer and site; product, manufacturer, version, and the deployed date.
- Support window — support start/end, expected use time, and the determination rationale.
- SBOM — format, spec version, and component count for this version, or an honest “no SBOM ingested” line.
- Vulnerability posture — current correlation findings for the version (total and actively exploited) plus the monitoring statement (EUVD, NVD, CISA KEV).
- Security contact & CVD — your CVD policy’s security contact and the policy’s status.
- Advisory channel — your CSAF publisher namespace, or “not configured”.
- EU Declaration of Conformity — a reference line; when no DoC is recorded in Resilic, the pack says so and asks you to attach it separately.
- Framing disclaimer — see below.
Absent data is printed as absent. The pack prompts you to close gaps; it never fabricates.
Download it, or share a link
Section titled “Download it, or share a link”Every deployment row offers the pack as a PDF download. To hand it to a customer without emailing files around, create a share link:
- The link is valid for 30 days by default and requires no account on the customer’s side.
- There is one active link per deployment: issuing a new link immediately kills the previous one.
- You can revoke a link at any time. Expired, revoked, and invalid links all behave identically — the page is simply not found.
What this is — and isn’t
Section titled “What this is — and isn’t”NIS2 binds the operator — your customer — never you as the machine builder. The pack is the product-security evidence your customer will ask for, not “NIS2 compliance”, and Resilic does not certify anything. What the pack demonstrates is that you can answer a security questionnaire with current, product-specific evidence: who to contact, what software is inside, how long it is supported, and what your monitoring posture looks like — per machine, not as a generic brochure.