SoftwareSecure, Compliance, Automated
CERRIX replaces fragmented spreadsheets and siloed tools with a structured ISMS platform. We help you protect your information assets, comply with ISO 27001 and other regulations, and embed policies, processes, and controls into daily operations.
Book a no-obligation demo today.
.jpg)
Core Capabilities of CERRIX ISMS
All-in-One ISMS
Manage risks, controls, policies, audits, KRIs, incidents, assets, and vendors in a single platform.
Built for Regulated Industries
Designed for ISO 27001, NIS2, GDPR, DORA, and more.
Audit-ready
Automate control testing, evidence collection, and reporting to shorten audit prep.
Policy–Process–Control Integration
Link security policies directly to processes and controls for complete traceability.
How CERRIX Helps Your ISMS Achieve ISO 27001
CERRIX turns these into practical, day-to-day processes:
.png)
Risk Analysis and Treatments
ISO 27001 requires organizations to identify, analyze, and treat risks. CERRIX makes this process structured and collaborative:
🟢 Capture risks across IT, processes, and third parties with digital forms.
🟢 Score risks (probability × impact) against your risk appetite.
🟢 Define and track treatment plans with responsible owners.
🟢 Monitor progress with dashboards and KPIs.
.jpg)
Policies, Processes & Controls
At the heart of ISO 27001 is the requirement for documented policies, clear processes, and implemented controls. CERRIX strengthens this foundation by making policies actionable and auditable:
🟢 Central library for security policies with version control
🟢 Link policies to business processes and risk domains
🟢 Define controls (preventive, detective, corrective) and assign responsibilities
🟢 Automate control testing and log evidence for audit readiness
Ownership & Accountability
A successful ISMS requires clear responsibilities across the organization. CERRIX supports accountability through:
🟢 Assigning risk and control ownership to departments or process owners
🟢 Role-based dashboards for first, second, and third lines of defense
🟢 Automated reminders and workflows for tasks, reviews, and control tests
Monitoring, Reporting & Continuous Improvement
ISO 27001 emphasizes continuous improvement through monitoring, audits, and management review. CERRIX provides:
🟢 Real-time dashboards showing risk exposure, control effectiveness, and incident trends
🟢 Automatic audit trails logging who did what, when, and why
🟢 Data-driven insights from incidents and KPIs to improve future controls
ISO 27001 in Practice
A modular platform for integrated governance, risk, compliance.
CERRIX brengt structuur in de manier waarop uw teams overzichten beheren, samenwerken in verschillende functies en klaar zijn voor audits.
Rapportage en dashboard in realtime
Directe gepersonaliseerde context en volgende stappen in één weergave gemarkeerd. Widgets, taken uit te voeren taken en waarschuwingen met slepen en neerzetten zorgen ervoor dat elke gebruiker gefocust blijft.
GDPR Management
Geregistreerde verwerkingsactiviteiten, gekoppeld aan privacyrisico's, afgehandeld inbreuken. Gegevensbescherming is bewezen in alle systemen en partners.
Nalevingsbeheer
Regelgeving in kaart gebracht, taken gepland, attesten opgeslagen. Voortdurende naleving wordt getoond zonder chaos in de spreadsheet.
Beheer door derden
Gegevens van derden vergeleken en gescoord. Contracten gecontroleerd, SLA-inbreuken gealarmeerd, DORA-paraatheid aangetoond.
Auditbeheer
Audits gepland, werkdocumenten gecentraliseerd, bevindingen opgevolgd. Garantie geleverd met volledige traceerbaarheid.
Incidentbeheer
Incidenten worden eenmaal geregistreerd, automatisch gerouteerd en de hoofdoorzaken worden opgespoord. Voortdurende verbetering is ingebed in het dagelijkse werk.
Procesbeheer
Elke flow is gevisualiseerd en eigendom. Risico's worden automatisch gekoppeld, attesten bijgehouden, prestatie-inzichten ingebed.
Risico- en controlebeheer
Risico's kwamen aan het licht, de controles werden op elkaar afgestemd, de blootstelling werd in één gestructureerde weergave bijgehouden. Naleving en strategie worden op één lijn gehouden, zodat uw teams kunnen anticiperen op bedreigingen, onder controle kunnen blijven en zelfverzekerde, datagestuurde beslissingen kunnen nemen.
Service Packages
Starter
Perfect for small teams looking for simple and cost-effective solutions
🟢 Core GRC modules
🟢 Real-time reporting
🟢 5 heavy & 50 light users
🟢 Add-on options for a tailored experience
Professional
Ideal for mid-sized businesses that need flexibility and scalability.
🟢 Core GRC modules
🟢 Real-time reporting
🟢 API integration with existing system
🟢 Customer support for smooth operations
🟢 15 heavy & 150 light users
🟢 Add-on options for a tailored experience
Enterprise
Built for large enterprises with complex workflows and high user demands.
🟢 Core GRC modules
🟢 Audit module
🟢 Real-time reporting
🟢 API integration with existing system
🟢 Dedicated customer success
🟢 50 heavy & 500 light users
Echt Resultaten, Echt Invloed
.png)
How Menzis Gained Efficiency and Real-Time Insights
“I love how I can create dashboards tailored for specific teams. For example, I built a dashboard for our IT cluster that provides real-time updates on control tests linked to DNB Good Practice Information Security.” – Barbara Bloeme, Risk Controller at Menzis.
Structuring Risk and Audit Across Teams
“Some teams weren’t used to actively monitoring their actions. Now they have the data available every day, every hour… they could play much closer to the ball….”.
Arjan Man, Haier Europe.
Stater Strengthened First-Line Ownership and Assurance
“We want to bring risk management closer to where the real decisions are made, in day-to-day business operations. CERRIX is helping us embed risk ownership across the organization.”
Petra Pannevis, Manager Risk Management at Stater.
Frequently asked questions
CERRIX helps you meet ISO 27001 requirements by centralizing policies, risks, and controls, automating evidence collection, and producing audit-ready reports. This shortens audit preparation and ensures your ISMS is always certification-ready.
2. Can we manage both IT and business risks in CERRIX?
Yes. CERRIX covers cyber, operational, compliance, and third-party risks, giving you a holistic risk view across the organization.
3. How does CERRIX handle policy management and awareness?
Policies are stored in a version-controlled library, linked to risks and controls. Employees can acknowledge policies digitally, providing attestation records for compliance and awareness tracking.
4. Does CERRIX support third-party risk management?
Yes. Vendors and partners can be included in your ISMS by linking third-party risks to controls, ownership, and monitoring workflows.
5. How does CERRIX ensure accountability across teams?
With role-based dashboards for the three lines of defense, task assignments, and automated reminders, accountability is embedded at every level of the ISMS.
6. What frameworks beyond ISO 27001 does CERRIX support?
CERRIX supports multiple frameworks, including NIS2, GDPR, and DORA, helping you align policies and controls once and demonstrate compliance across different regulations.
Op bedrijfsniveau beveiliging
Gegevensbescherming
ISO/IEC 27001-gecertificeerd om ervoor te zorgen dat uw organisatie voldoet aan de wereldwijde normen voor informatiebeveiliging en -beheer.
Verzekering van de controle
ISAE 3402 Type II-geverifieerd, met onafhankelijk gecontroleerde interne controles die de betrouwbaarheid en naleving van de dienstverlening garanderen.
Paraatheid voor de financiële sector
FSQS-NL-geregistreerd — vooraf gekwalificeerd voor aanbestedingen door toonaangevende banken en verzekeraars in Nederland.
Request a demo
.png)
In the demo, you'll get:
🟢 A personalized walkthrough of risk registers, assessments, and dashboards tailored to your industry
🟢 A live look at real-time reporting and Power BI integration
🟢 An overview of how to map risks, controls, audits & KRIs in one workspace
🟢 A Q&A session with a GRC expert to address your needs
Book your no-obligation demo today.