Solutions
One platform, four roles, four working surfaces.
Each role works on a tuned surface. The evidence underneath is shared, audited, and exportable to the same dossier.
PA · Platform Admin
Own the tenant. Provision the people. Keep the audit clean.
What this role gets done
See workflow- Stand up the tenant in under a day
- Map SSO to your IdP and lock down provisioning
- Audit every user action with timestamped before/after diffs
01Single tenant per organization, isolated by JWT
02SCIM 2.0 provisioning into your existing IdP
03Role-based access tuned to ISO 21434 phases
04Region-locked data residency at provisioning time
A typical week
- 1Review pending access requests in the inbox
- 2Approve / deny with a one-line reason that lands in audit
- 3Export the weekly audit pack to your SIEM
CSO · Cybersecurity Officer
Set policy. Sign the dossier. Defend the program at procurement.
What this role gets done
See workflow- Set the policy gates that decide when phases close
- Sign off on TARA dossiers with a snapshotted decision
- Map every artifact to a clause in 21434 / R155 / R156
01Org-level dashboard rolling up every program
02Policy gates wired to phase transitions
03One-click 21434 / R155 / R156 evidence packs
04Compliance posture tracked in a single audit timeline
A typical week
- 1Open the org dashboard, scan the gate breaches
- 2Sign or push back on dossiers awaiting approval
- 3Generate the monthly compliance posture export
CSM · Cybersecurity Manager
Run the program. Coordinate the reviews. Own supply-chain CS.
What this role gets done
See workflow- Coordinate CSPR / CSDR / CSCR / CSSR / CSAR phases
- Track milestones across multiple suppliers
- Move review tickets through state without losing audit
01Milestone tracker across the full §8 → §10 lifecycle
02Phase-gated review queues with owner SLAs
03Supply-chain interface evidence per §15
04Per-program risk dashboard with treatment status
A typical week
- 1Triage the review queue every morning
- 2Reassign blocked tickets to the right CSE
- 3Push the program status update to leadership
CSE · Cybersecurity Engineer
Ship the analysis. Author trees. Score feasibility. Defend in review.
What this role gets done
See workflow- Build TOE asset graphs for every subsystem you own
- Author attack trees and score feasibility
- Derive security goals and concepts from treated risk
01React Flow canvas tuned for asset graphs and attack trees
02170+ pre-loaded questions across SeRA / SeCa / SeCo / SeDP / SeTP
03Threat-to-clause auto-correlation against R155 Annex 5
04Versioned mitigation overlays you can A/B against feasibility
A typical week
- 1Pick up the highest-priority TOE in your queue
- 2Author trees, score feasibility, link mitigations
- 3Hand off the dossier to CSM with a single ticket move
Pick the workflow your team will live in.
We'll provision the right surface and the right access.