SoftwareSecure, Compliance, Automated
CERRIX replaces fragmented spreadsheets and siloed tools with a structured ISMS platform. We help you protect your information assets, comply with ISO 27001 and other regulations, and embed policies, processes, and controls into daily operations. With clear dashboards, standardized risk assessments, and audit-ready reports, you gain confidence in your security posture while saving time and reducing compliance costs.
Book a no-obligation demo today.
Core Capabilities of CERRIX ISMS
All-in-One ISMS
Manage risks, controls, policies, audits, KRIs, incidents, assets, and vendors in a single platform.
Built for Regulated Industries
Designed for ISO 27001, NIS2, GDPR, DORA, and more.
Audit-ready
Automate control testing, evidence collection, and reporting to shorten audit prep.
Policy–Process–Control Integration
Link security policies directly to processes and controls for complete traceability.
How CERRIX Helps Your ISMS Achieve ISO 27001
CERRIX turns these into practical, day-to-day processes:
.png)
Risk Analysis and Treatments
ISO 27001 requires organizations to identify, analyze, and treat risks. CERRIX makes this process structured and collaborative:
🟢 Capture risks across IT, processes, and third parties with digital forms.
🟢 Score risks (probability × impact) against your risk appetite.
🟢 Define and track treatment plans with responsible owners.
🟢 Monitor progress with dashboards and KPIs.
Policies, Processes & Controls
At the heart of ISO 27001 is the requirement for documented policies, clear processes, and implemented controls. CERRIX strengthens this foundation by making policies actionable and auditable:
🟢 Central library for security policies with version control
🟢 Link policies to business processes and risk domains
🟢 Define controls (preventive, detective, corrective) and assign responsibilities
🟢 Automate control testing and log evidence for audit readiness
.jpg)
Ownership & Accountability
A successful ISMS requires clear responsibilities across the organization. CERRIX supports accountability through:
🟢 Assigning risk and control ownership to departments or process owners
🟢 Role-based dashboards for first, second, and third lines of defense
🟢 Automated reminders and workflows for tasks, reviews, and control tests
Monitoring, Reporting & Continuous Improvement
ISO 27001 emphasizes continuous improvement through monitoring, audits, and management review. CERRIX provides:
🟢 Real-time dashboards showing risk exposure, control effectiveness, and incident trends
🟢 Automatic audit trails logging who did what, when, and why
🟢 Data-driven insights from incidents and KPIs to improve future controls
A modular platform for integrated governance, risk, compliance.
CERRIX brengt structuur in de manier waarop uw teams overzichten beheren, samenwerken in verschillende functies en klaar zijn voor audits.
Rapportage en dashboard in realtime
Directe gepersonaliseerde context en volgende stappen in één weergave gemarkeerd. Widgets, taken uit te voeren taken en waarschuwingen met slepen en neerzetten zorgen ervoor dat elke gebruiker gefocust blijft.
GDPR Management
Geregistreerde verwerkingsactiviteiten, gekoppeld aan privacyrisico's, afgehandeld inbreuken. Gegevensbescherming is bewezen in alle systemen en partners.
Nalevingsbeheer
Regelgeving in kaart gebracht, taken gepland, attesten opgeslagen. Voortdurende naleving wordt getoond zonder chaos in de spreadsheet.
Beheer door derden
Gegevens van derden vergeleken en gescoord. Contracten gecontroleerd, SLA-inbreuken gealarmeerd, DORA-paraatheid aangetoond.
Auditbeheer
Audits gepland, werkdocumenten gecentraliseerd, bevindingen opgevolgd. Garantie geleverd met volledige traceerbaarheid.
Incidentbeheer
Incidenten worden eenmaal geregistreerd, automatisch gerouteerd en de hoofdoorzaken worden opgespoord. Voortdurende verbetering is ingebed in het dagelijkse werk.
Procesbeheer
Elke flow is gevisualiseerd en eigendom. Risico's worden automatisch gekoppeld, attesten bijgehouden, prestatie-inzichten ingebed.
Risico- en controlebeheer
Risico's kwamen aan het licht, de controles werden op elkaar afgestemd, de blootstelling werd in één gestructureerde weergave bijgehouden. Naleving en strategie worden op één lijn gehouden, zodat uw teams kunnen anticiperen op bedreigingen, onder controle kunnen blijven en zelfverzekerde, datagestuurde beslissingen kunnen nemen.
Pricing Models
Starter
Perfect for small teams looking for simple and cost-effective solutions
🟢 Core GRC modules
🟢 Real-time reporting
🟢 5 heavy & 50 light users
🟢 Add-on options for a tailored experience
Professional
Ideal for mid-sized businesses that need flexibility and scalability.
🟢 Core GRC modules
🟢 Real-time reporting
🟢 API integration with existing system
🟢 Customer support for smooth operations
🟢 15 heavy & 150 light users
🟢 Add-on options for a tailored experience
Enterprise
Built for large enterprises with complex workflows and high user demands.
🟢 Core GRC modules
🟢 Audit module
🟢 Real-time reporting
🟢 API integration with existing system
🟢 Dedicated customer success
🟢 50 heavy & 500 light users
Echt Resultaten, Echt Invloed
.png)
How Menzis Gained Efficiency and Real-Time Insights
“I love how I can create dashboards tailored for specific teams. For example, I built a dashboard for our IT cluster that provides real-time updates on control tests linked to DNB Good Practice Information Security.” – Barbara Bloeme, Risk Controller at Menzis.
Structuring Risk and Audit Across Teams
“Some teams weren’t used to actively monitoring their actions. Now they have the data available every day, every hour… they could play much closer to the ball….”.
Arjan Man, Haier Europe.
Stater Strengthened First-Line Ownership and Assurance
“We want to bring risk management closer to where the real decisions are made, in day-to-day business operations. CERRIX is helping us embed risk ownership across the organization.”
Petra Pannevis, Manager Risk Management at Stater.
Op bedrijfsniveau beveiliging
Gegevensbescherming
ISO/IEC 27001-gecertificeerd om ervoor te zorgen dat uw organisatie voldoet aan de wereldwijde normen voor informatiebeveiliging en -beheer.
Verzekering van de controle
ISAE 3402 Type II-geverifieerd, met onafhankelijk gecontroleerde interne controles die de betrouwbaarheid en naleving van de dienstverlening garanderen.
Paraatheid voor de financiële sector
FSQS-NL-geregistreerd — vooraf gekwalificeerd voor aanbestedingen door toonaangevende banken en verzekeraars in Nederland.
Request a demo
.png)
In the demo, you'll get:
🟢 A personalized walkthrough of risk registers, assessments, and dashboards tailored to your industry
🟢 A live look at real-time reporting and Power BI integration
🟢 An overview of how to map risks, controls, audits & KRIs in one workspace
🟢 A Q&A session with a GRC expert to address your needs
Book your no-obligation demo today.