Risk Areas


Does the management have a structured picture of the strategic risks and which scenarios are conceivable?

Data Risk

Not only does the new privacy legislation set (new) requirements for your data management, but what about your calculation models?

Process management

Where are the risks in the processes and can they be managed better and more efficiently?

Project management

Many large IT and infrastructure projects fail unnecessarily. Have you already built in a Risk Control cycle?


How do you get the Compliance Controls in the right place in the organization?

3rd Party Risk Management

Which parties do you do business with? Do they have everything in order and how do you monitor that?

IT Security

Cyber attacks are an increasingly important operational risk. How is your control process arranged?

Inspection Management

How do you ensure that safety regulations are observed on the work floor and / or work site and incidents are reported immediately?


You take risks to achieve your business goals. Your medium-term plans (MTP) can take place according to a few scenarios. Regular testing of your plans against current internal and external risks is therefore necessary to measure their feasibility.

  • Map the Risk Drivers of your business lines per risk category;
  • Quantify the Risk Drivers in possible effects for revenue and cost pools;
  • What is an acceptable deviation from your business forecast that you can tolerate?

Process Management

CERRIX provides insight into your processes. The graphical representations of the processes not only provide insight into the flows, but also the responsibilities, risks and (compliance) control measures per process step. The most current test results are directly in your process flows and give you quick insight into the processes where important controls are not effective, where actions are still open or where incidents have been reported.

The process owners and employees can easily navigate through the processes with the help of a Viewer. This makes process knowledge easy to share in the organization.


The multitude of all regulations, laws and standards make control increasingly challenging. A few years ago it was still possible to keep an Excel spreadsheet, but the inefficiencies and the chances of error demand a more professional approach.

Compliance Controls must be properly anchored in business processes and behavior. The status of these controls must be easily traceable per compliance framework.

IT Security

Recent examples of Cyberrisks, among others, show the importance of adequate IT risk management. With CERRIX you realize a very effective ISMS (Information Security Management System) in a short time.

  • Standard IT security compliance templates available (ISO27001 /2; CSA, COBIT, Surfaudit, BiG, DiGiD);
  • Standard IT process templates (BISL);
  • Combining IT processes, applications and infrastructure;
  • Supporting multiple compliance frameworks so that your In-Control checks can be performed efficiently;
  • Graphically model your IT infrastructure in the CERRIX Risk Universe
  • Workflow for rapid follow-up and monitoring actions due to IT security incidents;
  • Real-time connection with your IT application landscape for collecting evidence such as loggings.


The increase in data that you collect and generate will only increase in the coming years. Do you have sufficient guarantees that your data is properly stored, is safe from cyber crime and that your staff knows how to handle it?

In addition, you will receive more and more requirements based on legislation and regulations. The General Data Protection Regulation (AVG) sets quite a few requirements in the nearly 100 articles of this Act that you must meet from 25 May 2018. It requires a process of monitoring privacy controls, maintaining a processing register, being alert to the execution of Data. Privacy Impact Analyzes, timely reporting of data breaches and the correct information of requests by data subjects.

CERRIX offers all the required functionality for securing the Data Privacy process for your organization. It provides a complete platform with which staff departments such as Compliance and Risk can properly perform its tasks and an integration with primary care to make this privacy aware, to have assessments carried out and to report data breaches.

Project Risk Management

In general, projects do not run as planned. This is not surprising, as time goes by, the circumstances and sometimes the goals often change. At the start of most projects, a Risk Assessment is therefore carried out and periodic Risk & Action logging takes place.

Projects and subprojects can be registered in CERRIX. In addition, the risks, control measures, actions, deviations and responsibilities can be recorded for each subproject (and / or project phase). The workflow in CERRIX provides efficient support for your risk management activities. In short, deploying CERRIX for risky projects ensures better control of your projects and therefore the intended end result.

3rd Party Risk Management

If you are responsible for risk monitoring of your external partners (asset managers, IT partners, suppliers, executive organizations, etc.), then CERRIX can be of great help in supporting the entire risk management process by:

  • Registering your external partners;
  • Keeping up with risk assessments, possibly with standard frameworks;
  • Having risk assessments / questionnaires filled in online (periodically);
  • Scoring the results;
  • Testing (or having tested) specific evidence;
  • Preparation of Findings Reports;
  • Plotting (and monitoring) actions for the partner;
  • The real-time dashboard with the scores and schedules.

Inspection Management

CERRIX has a complete module for inspection management.

Assessments can be performed on location using a tablet (offline). Photos can be added and the assessments can then be forwarded to a central unit, where all assessments can be assessed and outcomes prioritized.

During a major sporting event in London in 2012, the CERRIX tooling was used to monitor water quality at remote locations. The inspections took place daily and the findings and / or incidents could be tackled immediately.