Skip to Content

Security & Compliance

Lynx Compliance - Certification (ISO 27001 + SOC 2 mandatory artifacts)

Statement of Applicability, Internal Audit register, Management Review, Nonconformity/CAPA, Information Security Objectives, Risk Acceptance attestation. Mandatory ISO 27001:2022 clause 4-10 artifacts.

Talk to sales See pricing

lynx_compliance_certification · v19.0.1.1.0 · Premium

What this solves

Lynx Compliance — Certification

The ISO 27001:2022 mandatory-artifact pack — Statement of Applicability, internal audit register, management review, nonconformity / CAPA, security objectives, and risk-acceptance attestation — that turns lynx_compliance from a control registry into a Stage-1-ready ISMS.

Stage 1 of an ISO 27001 certification audit checks for the formal artefacts required by clauses 4-10. The base lynx_compliance module covers the control catalog and evidence; this module adds the documents and registers the auditor will demand on day one. Models are scoped to ISO clauses, the SoA report renders the full 93-control Annex A:2022 catalog with each control's applicability decision, and risk acceptance flows through lynx_sign so residuals above appetite carry a signed attestation.

Key Features

  • ISMS scope (cl. 4.3)lynx.iso.framework.scope defines the boundary: which sites, services, and products are in / out of scope; attaches to each compliance.profile so SoA respects the perimeter.

  • Security objectives (cl. 6.2)lynx.compliance.objective records measurable info-sec objectives per function / level with owner, target, baseline, and review cadence.

  • Internal audit cycle (cl. 9.2)lynx.internal.audit walks through plan → scope → sample → findings → management response → follow-up; lynx.internal.audit.finding cross-links to compliance.finding so audit gaps and CAPA rollups stay aligned.

  • Management review (cl. 9.3)lynx.management.review captures top-management ISMS review meetings with the required inputs (audit results, KPI status, risks, opportunities) and outputs (decisions, resources, improvements).

  • Nonconformity + CAPA (cl. 10.1)lynx.nonconformity carries identified-by, root cause, correction, corrective action, and effectiveness verification; lifecycle tracked from open to closed.

  • Risk acceptance attestation (cl. 6.1.3 / 8.3) — extends lynx.risk so residuals above appetite require a signed acceptance via lynx_sign before the assessment can move forward.

  • Statement of Applicability report — single PDF lists every Annex A:2022 control with applicability, justification, and reference; this is the document the lead auditor opens first.

  • Internal Audit + Management Review reports — ready-to-export PDFs of audit summary + findings + responses, and of the management review minutes with all cl. 9.3 inputs and outputs.

Integrates With

  • lynx_compliance (required) — framework / control / assessment / evidence registry that the certification artifacts attach to.

  • lynx_sign (required) — signed SoA, signed objectives, signed risk acceptance.

  • lynx_compliance_govern (recommended) — risk register the acceptance attestation extends.

Depends on

mail lynx_compliance_govern lynx_compliance lynx_base base lynx_sign lynx_helpdesk spreadsheet_dashboard lynx_license_enforcer

Try Lynx Compliance - Certification (ISO 27001 + SOC 2 mandatory artifacts) on your team.

Free trial, no credit card. Talk to sales when you're ready.

Start free trial Browse all modules