Anticipate the audit
Justify your decisions and controls
6 offers in Cyber, AI & Resilience
Choose your path (AI, cybersecurity, continuity, NIS2, DORA, AI Act) and DEVFORMA will deploy, via PECB IMS2, a management system and auditable evidence: governance, risks, controls, internal audit, and certification readiness.
Key figures in 2025
Average global cost of a data breach
Average cost of a cyberattack in France
Average time to identify and contain a breach
increase in the exploitation of vulnerabilities (almost x3) year-on-year
Our mission
Devforma supports organizations that need to demonstrate their cyber, AI, and resilience capabilities,
whether in the context of a certification audit, regulatory inspection, or customer audit.
Our approach combines governance, risk management, operational controls, and auditable evidence
to transform requirements (ISO 27001/42001/22301, NIS2, DORA, AI Act) into concrete, manageable, and sustainable systems.
Choose the path that suits your context: AI governance & compliance, integrated ISMS/IAM, NIS2 compliance, NIS2 resilience, DORA compliance, or DORA resilience, and let’s work together to build a structured, demonstrable, audit-ready preparation.
AI Governance & Compliance
ISO/IEC 42001 + AI Act
Deployment of an AI Management System (AIMS) compliant with ISO/IEC 42001, with audit-ready registers, risks, and evidence packs, aligned with the AI Act.
Integrated SMSI & SMIA
ISO/IEC 27001 + ISO/IEC 42001 + AI Act
Deploy an integrated ISO/IEC 27001 + ISO/IEC 42001 system : consistent IS/AI risks, shared controls, and a single evidence pack, with a structured AI Act roadmap.
NIS2 compliance
ISO/IEC 27001 compliant trajectory
Transform NIS2 into operational measures : qualification, gap analysis, and prioritized remediation, with auditable evidence backed by an ISO/IEC 27001 foundation.
NIS2 Resilience
ISO/IEC 27001 + ISO 22301
Strengthen your NIS2 resilience with an ISO/IEC 27001 + ISO 22301 framework : continuity (BIA, PRA/PCA), crisis management, and tested evidence ready for audits/assessments.
DORA compliance
ISO/IEC 27001 compliant trajectory
Put DORA into operation : ICT risk, incidents & notification, ICT third-party management, and testing program, with auditable evidence ready for inspections.
DORA Resilience
finance ISO/IEC 27001 + ISO 22301
Secure DORA ICT resilience with ISO/IEC 27001 + ISO 22301 : continuity (BIA, PRA/PCA), crisis, resilience testing, ICT third parties, and tested evidence ready for audits.
Ready to secure your compliance and evidence?
Let’s discuss your situation and identify the most suitable path forward.