Cerynix
GOVERNANCE
REPORTING
PLATFORM
AC
Acme Corporation
Enterprise plan
AURA AI ASSISTANT
Evidence-grounded governance assistant · Acme Corporation
New chat History
Which NIS2 requirements are still missing evidence, and what should we prioritize before the audit?
FACTS
3 of 24 NIS2 domains have controls without linked evidence: Supply Chain Security (2 controls), Incident Handling (1), Business Continuity (1). 12 evidence items are expired and 21 are missing entirely.
INFERENCE
Supply Chain Security has the lowest readiness (52%) and the most unlinked controls, so it is the largest driver of your current gap and the highest audit exposure.
RECOMMENDATION
1. Upload the DR test report to close Business Continuity (BC-03).
2. Attach the latest vendor security review for the top-2 critical suppliers.
3. Renew 12 expired evidence items flagged in Evidence Vault.
MISSING DATA
No incident-handling playbook is linked. AURA cannot assess Incident Handling completeness until IR-02 evidence is provided.
Sources: Control Matrix · 24 domains Evidence Vault · 225 items Risk Ledger
Confidence: High
Create remediation tasks Draft board summary Export as PDF
AURA supports governance decisions using your evidence and does not provide legal advice, regulatory certification or a guarantee of compliance. Verify critical conclusions with a qualified professional.
Summarize top risks What evidence is expiring this month? Explain our residual risk on suppliers
Ask AURA about controls, evidence, risks or readiness…
Demo data — Example tenant. AURA answers are grounded in your Cerynix data with visible sources and confidence.