{ "organization": { "name": "InfraNord SAS", "siret": "000 000 000 00000", "sector": "Énergie · entité essentielle NIS2", "employees": 240, "ciso": "Karim B. (interne)", "cisoEmail": "ciso@infranord.example" }, "audits": [ { "id": "a1", "name": "Audit NIS2 initial — mise en conformité 2026", "startedAt": "2026-05-08", "status": "in_progress", "evidences": [ { "id": "e1", "indicatorId": "N-1", "text": "RSSI désigné en interne : Karim Belkacem. Lettre de mission signée par le COMEX le 03/02/2025. Rattachement direct au CEO + reporting trimestriel. Backup interim : DSI.", "fileNames": [ "lettre-mission-rssi.pdf" ], "submittedAt": "2026-05-08" }, { "id": "e2", "indicatorId": "N-6", "text": "MFA obligatoire sur tous les accès distants (VPN, Office 365, GitHub, AWS). Comptes à privilèges en Just-In-Time via Azure PIM. FIDO2 keys pour les admins.", "fileNames": [], "submittedAt": "2026-05-08" }, { "id": "e3", "indicatorId": "N-10", "text": "Sauvegardes Veeam quotidiennes, chiffrées AES-256, répliquées immuables S3 Object Lock (mode compliance) sur AWS région Paris. Dernier test de restauration : 2026-04-15, RTO 4h respecté.", "fileNames": [ "test-restauration-2026-04.pdf" ], "submittedAt": "2026-05-08" } ], "validations": [ { "evidenceId": "e1", "indicatorId": "N-1", "status": "valid", "score": 100, "matched": [ "rssi", "responsable", "sécurité", "désignation", "mission" ], "missing": [], "feedback": "Désignation conforme NIS2. ✅", "validatedAt": "2026-05-08" }, { "evidenceId": "e2", "indicatorId": "N-6", "status": "valid", "score": 100, "matched": [ "mfa", "authentification", "privilège", "accès" ], "missing": [ "double facteur" ], "feedback": "MFA bien généralisé avec PIM. ✅", "validatedAt": "2026-05-08" }, { "evidenceId": "e3", "indicatorId": "N-10", "status": "valid", "score": 100, "matched": [ "sauvegarde", "backup", "immuable", "restauration", "chiffré" ], "missing": [], "feedback": "Architecture sauvegarde alignée best practice anti-ransomware. ✅", "validatedAt": "2026-05-08" } ] } ] }