CERRIX Successfully Completes ISO 27001 Surveillance Audit in 2025

CERRIX Retains ISO 27001 Certification

We’re proud to share that CERRIX has successfully completed its ISO 27001 surveillance audit — reaffirming our commitment to the highest standards in information security management.

While we first earned our ISO 27001 certification in 2024, this recent audit confirms that our policies, processes, and security culture continue to meet the rigorous expectations of the international standard. For us, it’s not just about passing audits — it’s about living up to what we promise our clients every day.

How We Stay in Control

At the core of CERRIX is our “CERRIX in Control” system — a structured set of internal controls that help us manage operational and information security risks effectively. These controls are designed to support best practices, like conducting regular security awareness training and logging evidence to demonstrate compliance.

Many of these controls are aligned with the ISO 27001 framework, which sets out how to establish, maintain, and improve an information security management system (ISMS). The audit process confirms that our system remains effective , not just on paper, but in practice.

How the Surveillance Audit Works

Unlike the initial certification audit, the surveillance audit is focused on ensuring that we’re continuing to meet ISO 27001 standards over time. It’s not a one-time check, but part of an ongoing cycle of validation and improvement.

The external auditor reviews our documentation, interviews our people, and assesses our ability to operate in line with the framework. Any findings fall into three categories:

• Opportunity for Improvement – suggestions to strengthen what’s already working

• Minor Nonconformity – issues to address

• Major Nonconformity – serious gaps that could lead to loss of certification

We’re pleased to report a successful outcome — a testament to the maturity and discipline we’ve built as a team.

Why This Matters (Especially If You’re in Financial Services)

This certification is more than just a stamp — it shows that we manage risk proactively and take security seriously. If you’re in a highly regulated sector like banking, insurance, pensions, or audit, this matters. See more which industries benefit most from ISO certification.

Regulations like DORA, NIS2, and ISQM are placing greater emphasis on secure vendor relationships and continuous risk management. Working with a certified ISO 27001 vendor like CERRIX can help you meet those expectations faster and with more confidence.

Want to Know More About How We Support Secure Compliance?

Get in touch with our team or explore how CERRIX helps organizations stay audit-ready, secure, and in control.

‍