EU GRC platform

Cyber governance, made operational.

Cerynix brings NIS2, ISO 27001 and GDPR readiness — controls, risk, evidence, incidents and your security tools — into one multi-tenant workspace, with the audit-ready proof to back it.

Invite-only during onboarding. Readiness support — not legal advice or a guarantee of compliance.

NIS2 readiness
ISO/IEC 27001:2022 93 Annex A controls
GDPR Art. 32-centric

Illustrative sample — not a real tenant.

Pick what you need

One workspace, the frameworks that apply to you

Enable one or more frameworks at onboarding. Controls map across them, so evidence you gather once counts everywhere it applies.

NIS2 readiness

Scope your entity, work the security-measure and incident-reporting obligations, and keep a defensible record of where you stand.

ISO/IEC 27001:2022

All 93 Annex A controls, per-organization enablement, assessments and a generated Statement of Applicability (PDF/CSV).

GDPR

A GDPR control library centred on Article 32 (security of processing), mapped to your NIS2 and ISO work to avoid duplicate effort.

The platform

Everything a small security team needs to run the programme

Controls & assessments

A cross-framework control library with assessment workflow and gap tracking.

Statement of Applicability

Generate the ISO 27001 SoA on demand as PDF or CSV from your assessments.

ISMS policy register

Author policies with an approval workflow and automatic review reminders.

Risk register

Track risks with treatment plans, linked to the controls that mitigate them.

Assets & findings

An inventory with findings and an explainable exposure score you can defend.

Evidence management

Attach and organise evidence so every claim traces back to a document.

Incident management

Record incidents and support the NIS2 notification timeline.

Supplier register

Keep a third-party/supplier register for supply-chain obligations.

Integrations

Pull assets and findings from Microsoft Entra ID, Intune and Defender, Tenable, Jira, Zabbix, Splunk, Trend Vision One, VMware, Action1, the Fortinet family (FortiGate / FortiAnalyzer / FortiClient EMS) and any HTTP/JSON source. Credentials are encrypted at rest.

See it in action

Your whole posture, on one screen

The Command Center folds controls, risk, evidence and incidents into a single readiness picture — with the trend that proves progress and the gaps to work next.

app.cerynix.com/command-center
78% NIS2 Readiness Good · +6% this quarter ↑
Critical gaps
12
−2 this week
Open risks
27
4 critical
Evidence fresh
68%
32 expiring
Readiness trend · last 8 weeks+6%
Readiness by domain
Governance82%
Risk management71%
Evidence & audit68%
Incident response74%
Supply chain59%

Illustrative sample — not a real tenant.

Insights that move the needle

Charts that tell you what to do next

Evidence freshness

68%
  • Fresh 160
  • Expiring 32
  • Missing 18

Know which proof will lapse before an auditor does.

Risk by severity

Critical3
High8
Medium14
Low21

Residual risk after treatment, ranked so the top of the list is the work that matters.

Readiness by framework

NIS278%
ISO 2700172%
GDPR66%

Map controls once — evidence you gather counts toward every framework it satisfies.

Illustrative sample — not a real tenant.

Meet AURA

An AI analyst for your compliance programme

AURA is Cerynix's built-in assistant. Ask about your posture in plain language, get controls and gaps explained without the jargon, and turn “where do we stand?” into a clear next action.

  • Ask about controls, risks and evidence in plain language.
  • Get requirements and gaps explained — what they mean and why they matter.
  • Draft starting points for policies and remediation tasks.
  • Stays inside your workspace and your tenant's data boundary.

Illustrative sample — not a real tenant. AURA is an assistant and does not provide legal advice.

3
Frameworks in one workspace — NIS2 · ISO 27001 · GDPR
93
ISO/IEC 27001:2022 Annex A controls, ready to assess
14+
Native security-tool & identity integrations
1
Evidence base — gather once, counts everywhere it applies

Prove it

Board-ready reports & a Statement of Applicability, on demand

Turn your live posture into artifacts an auditor or your board will accept — generated from the same data you work in, not a slide deck you maintain by hand.

  • ISO 27001 Statement of Applicability as PDF or CSV.
  • Board reports summarising readiness, risk and progress.
  • An immutable audit trail of every sensitive action.
  • Each claim traces back to evidence in the vault.

Illustrative sample — not a real tenant.

Security is the product

Built to keep tenants isolated and secrets safe

A GRC tool holds your most sensitive posture data. Cerynix is engineered so that isolation and least privilege are enforced, not assumed.

  • Multi-tenant isolation with PostgreSQL Row-Level Security, forced on tenant tables.
  • RBAC on every route and audit events for sensitive actions.
  • Encrypted connector secrets — write-only, never returned by the API.
  • Hardened edge: security headers, rate limiting, internal endpoints closed off.
  • Self-hostable with Docker Compose — your data stays in your environment.
  • EU data-residency option for evidence storage.

Who it's for

Built for the teams NIS2 just put on the hook

Essential & important entities

Organisations newly in NIS2 scope that need to show a defensible state of readiness — without a year of consulting.

Lean security & GRC teams

One person, a small team or a vCISO running the whole programme — without a wall of spreadsheets.

MSPs & MSSPs

Manage many client tenants from one portfolio with isolated data and per-tenant reporting (Enterprise edition).

Public-sector bodies

The same obligations on tighter budgets — self-hostable, with an EU data-residency option.

How it works

From onboarding to audit-ready in four steps

Onboard

Create your organisation and pick the frameworks that apply.

Connect

Link your identity, endpoint and security tools to import assets and findings.

Assess

Work through controls, log evidence and close gaps with tasks.

Prove

Generate the SoA and reports whenever an auditor or regulator asks.

Get early access to Cerynix

We're onboarding pilot organisations now. Tell us about your NIS2, ISO 27001 or GDPR programme and we'll be in touch.