NIS2 readiness
Scope your entity, work the security-measure and incident-reporting obligations, and keep a defensible record of where you stand.
EU GRC platform
Cerynix brings NIS2, ISO 27001 and GDPR readiness — controls, risk, evidence, incidents and your security tools — into one multi-tenant workspace, with the audit-ready proof to back it.
Invite-only during onboarding. Readiness support — not legal advice or a guarantee of compliance.
Illustrative sample — not a real tenant.
Pick what you need
Enable one or more frameworks at onboarding. Controls map across them, so evidence you gather once counts everywhere it applies.
Scope your entity, work the security-measure and incident-reporting obligations, and keep a defensible record of where you stand.
All 93 Annex A controls, per-organization enablement, assessments and a generated Statement of Applicability (PDF/CSV).
A GDPR control library centred on Article 32 (security of processing), mapped to your NIS2 and ISO work to avoid duplicate effort.
The platform
A cross-framework control library with assessment workflow and gap tracking.
Generate the ISO 27001 SoA on demand as PDF or CSV from your assessments.
Author policies with an approval workflow and automatic review reminders.
Track risks with treatment plans, linked to the controls that mitigate them.
An inventory with findings and an explainable exposure score you can defend.
Attach and organise evidence so every claim traces back to a document.
Record incidents and support the NIS2 notification timeline.
Keep a third-party/supplier register for supply-chain obligations.
Pull assets and findings from Microsoft Entra ID, Intune and Defender, Tenable, Jira, Zabbix, Splunk, Trend Vision One, VMware, Action1, the Fortinet family (FortiGate / FortiAnalyzer / FortiClient EMS) and any HTTP/JSON source. Credentials are encrypted at rest.
Security is the product
A GRC tool holds your most sensitive posture data. Cerynix is engineered so that isolation and least privilege are enforced, not assumed.
How it works
Create your organisation and pick the frameworks that apply.
Link your identity, endpoint and security tools to import assets and findings.
Work through controls, log evidence and close gaps with tasks.
Generate the SoA and reports whenever an auditor or regulator asks.
We're onboarding pilot organisations now. Tell us about your NIS2, ISO 27001 or GDPR programme and we'll be in touch.