Governance · Evidence · Resilience

Cyber governance,
made operational.

Cerynix helps security and compliance teams manage NIS2 readiness, evidence, risk and board reporting from one enterprise-grade platform.

Illustrative sample. Not a real tenant.

Built for the European regulatory stack

NIS2 ISO/IEC 27001 GDPR DORA planned EU AI Act planned

The modules that run the programme

Every module ships in one workspace, share the same evidence base and enforce the same tenant boundary.

NIS2 Ready

Scope your entity, work through security-measure and incident-reporting obligations, and keep a defensible record of where you stand.

Learn more

Evidence Vault

Attach and organise evidence so every claim traces back to a document with a full audit trail.

Learn more

Risk Ledger

Track risks with treatment plans, inherent and residual scoring, linked to the controls that mitigate them.

Learn more

Remediation Hub

Turn gaps and risks into accountable tasks with owners, priorities and clear SLAs.

Learn more

Asset Exposure

See your assets, their internet exposure, security coverage and where the control weaknesses concentrate.

Learn more

Board Reports

Executive-ready reports and a Statement of Applicability, generated from live data, not maintained by hand.

Learn more

One platform.
Every domain of governance.

Governance, risk, controls, evidence, incidents, suppliers and integrations, all under one tenant boundary with a single audit trail.

Enable the frameworks that apply to you

Turn on one or more frameworks at onboarding. Controls map across them, so evidence you gather once counts everywhere it applies.

NIS2

Directive

Scope your entity, work the security-measure and incident-reporting obligations, and keep a defensible record of where you stand.

Domains covered · Governance to Supply chain

ISO/IEC 27001:2022

Assessable

All 93 Annex A controls, per-organisation enablement, assessments and a generated Statement of Applicability as PDF or CSV.

93 Annex A controls ready

GDPR

Art. 32-centric

A GDPR control library centred on security of processing, mapped to your NIS2 and ISO work to avoid duplicate effort.

17 controls, mapped to NIS2 and ISO

Your whole posture, on one screen

The Command Center folds controls, risk, evidence and incidents into one readiness picture, with the trend that proves progress and the gaps to work next.

Illustrative sample. Not a real tenant.

Charts that tell you what to do next

Every chart resolves to an action. What is expiring, what is drifting, where the residual risk actually lives.

Evidence freshness

68%
  • Fresh 160
  • Expiring 32
  • Missing 18

Know which proof will lapse before an auditor does.

Risk by severity

Critical3
High8
Medium14
Low21

Residual risk after treatment, ranked so the top of the list is the work that matters.

Readiness by framework

NIS278%
ISO 2700172%
GDPR66%

Map controls once. Evidence counts toward every framework it satisfies.

Illustrative sample. Not a real tenant.

AI Governance Assistant

Meet AURA, your AI governance assistant.

Ask evidence-grounded questions, identify missing proof, summarise risk and prepare executive-ready answers with transparent confidence and sources.

Open AURA

Executive-ready reports and a Statement of Applicability, on demand

Turn live posture into artifacts an auditor or your board will accept, generated from the same data you work in, not a slide deck maintained by hand.

  • Evidence-backed readiness scoring
  • Confidentiality labels and version snapshots
  • ISO 27001 Statement of Applicability as PDF or CSV
  • Every claim traces back to an evidence record
Preview report

Illustrative sample. Not a real tenant.

Built to keep tenants isolated and secrets safe

A GRC tool holds your most sensitive posture data. Cerynix is engineered so that isolation and least privilege are enforced, not assumed.

  • Multi-tenant isolation with PostgreSQL Row-Level Security, forced on tenant tables.
  • RBAC on every route and audit events for sensitive actions.
  • Encrypted connector secrets, write-only and never returned by the API.
  • Hardened edge: security headers, rate limiting, internal endpoints closed off.
  • Self-hostable with Docker Compose. Your data stays in your environment.
  • EU data-residency option for evidence storage.

Built for the teams NIS2 just put on the hook

The people who own resilience, not the people who write the marketing.

CISO & Security Leaders

Visibility and control across the whole programme.

IT & Infrastructure

Manage risk and reduce exposure without extra tooling.

Compliance Officers

Stay aligned and audit-ready across every framework.

Executives & Boards

Make confident, informed decisions with evidence behind them.

Auditors & Consultants

Review evidence with a clear, immutable trail.

From onboarding to audit-ready in four steps

A short path from picking your frameworks to generating a board-ready report.

Onboard

Create your organisation and pick the frameworks that apply.

Connect

Link identity, endpoint and security tools to import assets and findings.

Assess

Work through controls, log evidence and close gaps with tasks.

Prove

Generate the SoA and reports whenever an auditor or regulator asks.

3
Frameworks in one workspace. NIS2, ISO 27001, GDPR.
93
ISO/IEC 27001:2022 Annex A controls, ready to assess.
14+
Native security-tool and identity integrations.
1
Evidence base. Gather once, counts everywhere it applies.

Ready to operationalise cyber governance?

See how Cerynix turns NIS2 readiness, evidence and risk into one operational workflow.