Skip to content

Customer evidence pack

For every deployment (customer × site × product version), Resilic assembles a printable security evidence pack — the answer to the security questionnaires your customers send you. NIS2-regulated operators are the sharpest case, but the same document serves TISAX, ISO 27001, and insurance asks.

The pack is generated fresh from data Resilic already holds, per deployment:

  1. Prepared for — the deployment’s customer and site; product, manufacturer, version, and the deployed date.
  2. Support window — support start/end, expected use time, and the determination rationale.
  3. SBOM — format, spec version, and component count for this version, or an honest “no SBOM ingested” line.
  4. Vulnerability posture — current correlation findings for the version (total and actively exploited) plus the monitoring statement (EUVD, NVD, CISA KEV).
  5. Security contact & CVD — your CVD policy’s security contact and the policy’s status.
  6. Advisory channel — your CSAF publisher namespace, or “not configured”.
  7. EU Declaration of Conformity — a reference line; when no DoC is recorded in Resilic, the pack says so and asks you to attach it separately.
  8. Framing disclaimer — see below.

Absent data is printed as absent. The pack prompts you to close gaps; it never fabricates.

Every deployment row offers the pack as a PDF download. To hand it to a customer without emailing files around, create a share link:

  • The link is valid for 30 days by default and requires no account on the customer’s side.
  • There is one active link per deployment: issuing a new link immediately kills the previous one.
  • You can revoke a link at any time. Expired, revoked, and invalid links all behave identically — the page is simply not found.

NIS2 binds the operator — your customer — never you as the machine builder. The pack is the product-security evidence your customer will ask for, not “NIS2 compliance”, and Resilic does not certify anything. What the pack demonstrates is that you can answer a security questionnaire with current, product-specific evidence: who to contact, what software is inside, how long it is supported, and what your monitoring posture looks like — per machine, not as a generic brochure.