NIS2 readiness
Scope your entity, work the security-measure and incident-reporting obligations, and keep a defensible record of where you stand.
EU GRC platform
Cerynix brings NIS2, ISO 27001 and GDPR readiness — controls, risk, evidence, incidents and your security tools — into one multi-tenant workspace, with the audit-ready proof to back it.
Invite-only during onboarding. Readiness support — not legal advice or a guarantee of compliance.
Illustrative sample — not a real tenant.
Pick what you need
Enable one or more frameworks at onboarding. Controls map across them, so evidence you gather once counts everywhere it applies.
Scope your entity, work the security-measure and incident-reporting obligations, and keep a defensible record of where you stand.
All 93 Annex A controls, per-organization enablement, assessments and a generated Statement of Applicability (PDF/CSV).
A GDPR control library centred on Article 32 (security of processing), mapped to your NIS2 and ISO work to avoid duplicate effort.
The platform
A cross-framework control library with assessment workflow and gap tracking.
Generate the ISO 27001 SoA on demand as PDF or CSV from your assessments.
Author policies with an approval workflow and automatic review reminders.
Track risks with treatment plans, linked to the controls that mitigate them.
An inventory with findings and an explainable exposure score you can defend.
Attach and organise evidence so every claim traces back to a document.
Record incidents and support the NIS2 notification timeline.
Keep a third-party/supplier register for supply-chain obligations.
Pull assets and findings from Microsoft Entra ID, Intune and Defender, Tenable, Jira, Zabbix, Splunk, Trend Vision One, VMware, Action1, the Fortinet family (FortiGate / FortiAnalyzer / FortiClient EMS) and any HTTP/JSON source. Credentials are encrypted at rest.
See it in action
The Command Center folds controls, risk, evidence and incidents into a single readiness picture — with the trend that proves progress and the gaps to work next.
Illustrative sample — not a real tenant.
Insights that move the needle
Know which proof will lapse before an auditor does.
Residual risk after treatment, ranked so the top of the list is the work that matters.
Map controls once — evidence you gather counts toward every framework it satisfies.
Illustrative sample — not a real tenant.
Meet AURA
AURA is Cerynix's built-in assistant. Ask about your posture in plain language, get controls and gaps explained without the jargon, and turn “where do we stand?” into a clear next action.
Illustrative sample — not a real tenant. AURA is an assistant and does not provide legal advice.
Prove it
Turn your live posture into artifacts an auditor or your board will accept — generated from the same data you work in, not a slide deck you maintain by hand.
Illustrative sample — not a real tenant.
Security is the product
A GRC tool holds your most sensitive posture data. Cerynix is engineered so that isolation and least privilege are enforced, not assumed.
Who it's for
Organisations newly in NIS2 scope that need to show a defensible state of readiness — without a year of consulting.
One person, a small team or a vCISO running the whole programme — without a wall of spreadsheets.
Manage many client tenants from one portfolio with isolated data and per-tenant reporting (Enterprise edition).
The same obligations on tighter budgets — self-hostable, with an EU data-residency option.
How it works
Create your organisation and pick the frameworks that apply.
Link your identity, endpoint and security tools to import assets and findings.
Work through controls, log evidence and close gaps with tasks.
Generate the SoA and reports whenever an auditor or regulator asks.
We're onboarding pilot organisations now. Tell us about your NIS2, ISO 27001 or GDPR programme and we'll be in touch.