Our GRC tooling covers an extensive array of solutions

CERRIX simplifies a broad number of themes that come together in one integrated GRC tool.


Risk management





Enterprise risk management

Enterprise risk management includes planning the approach, identifying and analyzing risks, response planning and implementation, and ongoing monitoring of risks. Risks may be linked to internal business activities, associated with management decision making or just an external circumstance or threat that may have impact for the business.

Risk management shapes the decision-making processes across the organization and within each of the many domains like operational risks, compliance risks, cybersecurity risks, data management risks, supply chain risks etc.

These presumptive disparate domains can be managed cohesively in CERRIX. Business risk management may more easily structure risk, enforce naming conventions, and aggregate multi-level risks thanks to a centralized risk taxonomy. Business assets and third parties are examples of risk domains that may have detailed risk scores but do not necessarily need to enlarge the primary risk register.
CERRIX will instill a sense of risk consciousness throughout the organization. Managers are able to determine the appropriate responses with thorough reporting and a consistent cycle of risk assessment. Also, CERRIX will assist in warning of prospective dangers and occurrences that demand assessment and quick response.
Enterprise risk management GRC tooling

Explore our solutions

From Enterprise Risk Management to Information Security and ISMS-tooling. Discover the solution theme’s in which CERRIX can enhance your organizations maturity to a higher level.

Compliance management


Information Security and ISMS


Supply chain management




Data management


Asset management


Decision making


Business process management


Information Security and ISMS

Fighting cyberthreats and crime

In the ever increasing digitization of our world we will benefit from increased efficiencies and speed of handling, but are simultaneously more than ever exposed to cyberthreats and dependencies on Internet infrastructures. Organizations must timely combat cybercrime and evaluate if the protection measures are still sufficient. In a highly regulated industry , regulators share the fear for cyberattacks and the impact it might have for business continuity and loss of (privacy-related) data and will impose standardized norms the organization has to comply with.

CERRIX can bring you a full Information Security Management System. We combine assets, applications, IT processes, standard IT Control frameworks all in one solution. Periodic assessments and control test procedures give insight in the maturity of IT risk management. Improvement measures will give directions for upgrading the maturity levels.

Fighting cyberthreats and crime with our GRC tooling
GRC tooling Customer Controls Framework according to the 3-lines-model for overall risk control


Comply with the Customer Controls Framework

CERRIX has been designed with a clear vision to support all stakeholders in the 3-lines. Business Management (1st and 2nd line) can work closely together with common risk taxonomies, control catalogues and a clear split between owner and monitoring role. All assessments executed by 3-lines staff in CERRIX are based on the same data. This single-version-of-truth may however encourage a variety of viewpoint and opinions by the 3-lines that favor overall risk control. Internal Audit has of course a high level of independency and must rely on secure prevention of accessing their data for others.

In CERRIX they can easily access all data of 1st and 2nd line, relate these to a Audit Universe Object and assess the risk and control environment for this object. CERRIX also supports the 4th line of defense. The external auditors may get access to all control test results via API’s which also benefits the speed of external audit (continuous monitoring) and may indeed lower the cost.

What developments we observe in the Regulatory Risk landscape

It is our mission to facilitate companies and institutions with a highly automated process enabling them to bring risk management into the nerves of the company.


In CERRIX you are able to set up the DORA framework and configure all available modules in such a way that you fully comply with DORA.

ICFR (Internal Control over Financial Reporting)

For Public Companies, preparing reliable financial information is a key responsibility, providing an ICFR system that offers reasonable assurance.


With the introduction of the NIS2 directive, operators of essential services and digital service providers will be subject to more stringent security requirements and...


Companies need to respond on the regulatory front with respect to ESG. It is highly recommended to integrate this into a platform the already...


Explore CERRIX's GRC tool embedded with the ISQM standards. With ready-to-use frameworks and proven workflows, enhance your audit quality. Ideal for firms of all sizes.


CERRIX ensures secure, anonymous whistleblowing channels, fostering a safe and transparent work environment. Learn how we safeguard confidentiality.

Dart Stas about Power BI in GRC-tooling

“Power BI is a powerful addition to our GRC-tooling, enhancing it with real-time data capabilities”

By integrating Power BI into CERRIX, organizations gain the ability to visualize and analyze data in a dynamic and interactive manner. Real-time dashboards and reports provide instant insights into risk management, compliance metrics, and governance performance.

– Dart Stas (Senior Consultant, CERRIX B.V.)

Policy management

Manage your policies with our Forms solution

Governance, risk management, and compliance depend greatly on policies. Organizations can establish trustworthy processes, transactions, and behavior through policies, enabling them to dependably accomplish their corporate goals.

CERRIX Forms are the ideal approach for managing policies:

  • Standardized version control with audit trail;
  • Approval steps in workflow;
  • Choose either for rich formatted webpages or Word/PDF formats;
  • Let employees and managers accept the policy formally;
  • Test the understanding of the policy among staff;
  • Link policies to risks and controls.
However, often there are too many departments sending too many policies in different formats. Policy management is buried in different formats like documents, spreadsheets and emails and oversight, coverage, version control, responsibility and adherence are not always clear. Moreover, rather than being a one-off event, it is a continuous managing process that requires regular adjustments to accommodate new technologies, updated legislation and advances in best practice.
grc tooling,3-lines-model,risk management

Our client success stories

Discover how Cerrix has helped many companies like yours with our integrated GRC tooling solution.

AH pensioen banner

Client Story

As a Dutch Pension Fund Ahold Delhaize Pension, services those who work or have worked at one of the following Ahold Delhaize companies: Albert Heijn,...