ISMS Tooling: Secure, Compliance, Automated
CERRIX replaces fragmented spreadsheets and siloed tools with a structured ISMS platform. We help you protect your information assets, comply with ISO 27001 and other regulations, and embed policies, processes, and controls into daily operations.
Book a no-obligation demo today.
.jpg)
Core Capabilities of CERRIX ISMS
All-in-One ISMS
Manage risks, controls, policies, audits, KRIs, incidents, assets, and vendors in a single platform.
Built for Regulated Industries
Designed for ISO 27001, NIS2, GDPR, DORA, and more.
Audit-ready
Automate control testing, evidence collection, and reporting to shorten audit prep.
Policy–Process–Control Integration
Link security policies directly to processes and controls for complete traceability.
How CERRIX Helps Your ISMS Achieve ISO 27001
CERRIX turns these into practical, day-to-day processes:
.png)
Risk Analysis and Treatments
ISO 27001 requires organizations to identify, analyze, and treat risks. CERRIX makes this process structured and collaborative:
🟢 Capture risks across IT, processes, and third parties with digital forms.
🟢 Score risks (probability × impact) against your risk appetite.
🟢 Define and track treatment plans with responsible owners.
🟢 Monitor progress with dashboards and KPIs.
.jpg)
Policies, Processes & Controls
At the heart of ISO 27001 is the requirement for documented policies, clear processes, and implemented controls. CERRIX strengthens this foundation by making policies actionable and auditable:
🟢 Central library for security policies with version control
🟢 Link policies to business processes and risk domains
🟢 Define controls (preventive, detective, corrective) and assign responsibilities
🟢 Automate control testing and log evidence for audit readiness
Ownership & Accountability
A successful ISMS requires clear responsibilities across the organization. CERRIX supports accountability through:
🟢 Assigning risk and control ownership to departments or process owners
🟢 Role-based dashboards for first, second, and third lines of defense
🟢 Automated reminders and workflows for tasks, reviews, and control tests
Monitoring, Reporting & Continuous Improvement
ISO 27001 emphasizes continuous improvement through monitoring, audits, and management review. CERRIX provides:
🟢 Real-time dashboards showing risk exposure, control effectiveness, and incident trends
🟢 Automatic audit trails logging who did what, when, and why
🟢 Data-driven insights from incidents and KPIs to improve future controls
ISO 27001 in Practice
A modular platform for integrated governance, risk, compliance.
CERRIX brings structure to the way your teams manage oversights, collaborate across functions, and stay audit-ready.
Real-time Reporting & Dashboard
Instant context personalised and next steps highlighted in one view. Drag-drop widgets, to-do tasks, and alerts keep every user focused.
GDPR Management
Processing activities recorded, privacy risks linked, breaches handled. Data protection proven across systems and partners.
Compliance Management
Map regulations, automate control testing, manage evidence, and stay audit-ready with one integrated compliance management platform.
Third Party Management
Third-party data contralized and scored. Contracts monitored, SLA breaches alerted, DORA readiness evidenced.
Audit Management
Audits planned, workpapers centralized, findings followed up. Assurance delivered with full traceability.
Incident Management
Incidents logged once, routed automatically, root causes traced. Continuous improvement baked into daily work.
Process Management
Every flow visualised and owned. Risks linked automatically, attestations tracked, performance insights embedded.
Risk & Controls Management
A centralized platform to manage risks, monitor controls, and drive confident decision-making—so your organization can stay compliant, reduce exposure, and act faster in the face of change.
Service Packages
Starter
Perfect for small teams looking for simple and cost-effective solutions
🟢 Core GRC modules
🟢 Real-time reporting
🟢 5 heavy & 50 light users
🟢 Add-on options for a tailored experience
Professional
Ideal for mid-sized businesses that need flexibility and scalability.
🟢 Core GRC modules
🟢 Real-time reporting
🟢 API integration with existing system
🟢 Customer support for smooth operations
🟢 15 heavy & 150 light users
🟢 Add-on options for a tailored experience
Enterprise
Built for large enterprises with complex workflows and high user demands.
🟢 Core GRC modules
🟢 Audit module
🟢 Real-time reporting
🟢 API integration with existing system
🟢 Dedicated customer success
🟢 50 heavy & 500 light users
Real Results, Real Impact
.png)
How Menzis Gained Efficiency and Real-Time Insights
“I love how I can create dashboards tailored for specific teams. For example, I built a dashboard for our IT cluster that provides real-time updates on control tests linked to DNB Good Practice Information Security.” – Barbara Bloeme, Risk Controller at Menzis.
Structuring Risk and Audit Across Teams
“Some teams weren’t used to actively monitoring their actions. Now they have the data available every day, every hour… they could play much closer to the ball….”.
Arjan Man, Haier Europe.
Stater Strengthened First-Line Ownership and Assurance
“We want to bring risk management closer to where the real decisions are made, in day-to-day business operations. CERRIX is helping us embed risk ownership across the organization.”
Petra Pannevis, Manager Risk Management at Stater.
Frequently asked questions
CERRIX helps you meet ISO 27001 requirements by centralizing policies, risks, and controls, automating evidence collection, and producing audit-ready reports. This shortens audit preparation and ensures your ISMS is always certification-ready.
2. Can we manage both IT and business risks in CERRIX?
Yes. CERRIX covers cyber, operational, compliance, and third-party risks, giving you a holistic risk view across the organization.
3. How does CERRIX handle policy management and awareness?
Policies are stored in a version-controlled library, linked to risks and controls. Employees can acknowledge policies digitally, providing attestation records for compliance and awareness tracking.
4. Does CERRIX support third-party risk management?
Yes. Vendors and partners can be included in your ISMS by linking third-party risks to controls, ownership, and monitoring workflows.
5. How does CERRIX ensure accountability across teams?
With role-based dashboards for the three lines of defense, task assignments, and automated reminders, accountability is embedded at every level of the ISMS.
6. What frameworks beyond ISO 27001 does CERRIX support?
CERRIX supports multiple frameworks, including NIS2, GDPR, and DORA, helping you align policies and controls once and demonstrate compliance across different regulations.
Enterprise-grade security
Data Protection
ISO/IEC 27001 certified to ensure your organization meets global standards for information security and governance.
Control Assurance
ISAE 3402 Type II verified, with independently audited internal controls that guarantee service reliability and compliance.
Financial Sector Readiness
FSQS-NL registered — pre-qualified for procurement by leading banks and insurers in the Netherlands.
Request a demo
.png)
In the demo, you'll get:
🟢 A personalized walkthrough of risk registers, assessments, and dashboards tailored to your industry
🟢 A live look at real-time reporting and Power BI integration
🟢 An overview of how to map risks, controls, audits & KRIs in one workspace
🟢 A Q&A session with a GRC expert to address your needs
Book your no-obligation demo today.