Overview Dashboard
Executive RAG summary across all modules, giving leadership a clear cross-platform view of current position and priority issues.
Keystone is the enterprise security governance platform from Ordinex. It brings together risk, audit, legal and regulatory obligations, policy management, controls assurance, incidents, vulnerabilities, supplier risk, continuity, and board reporting in a single, structured platform.
Keystone is designed for organisations that need more than a basic GRC register. It provides a connected operating model for security governance, linking executive reporting with underlying evidence, actions, assurance activity and operational risk data.
Replace fragmented spreadsheets and disconnected registers with one structured platform for security governance.
Link audits, control testing, corrective actions, evidence and management review outputs across the lifecycle.
Surface analyst activity, incident data, vulnerabilities and control health in a format suitable for leadership.
Support ISO 27001, Statement of Applicability, CAF assessments and wider legal and regulatory obligations.
The module structure below reflects the current Keystone product concept and can be used as a basis for a website, investor summary, product brochure or internal platform architecture.
Executive RAG summary across all modules, giving leadership a clear cross-platform view of current position and priority issues.
Board-ready reporting workspace that supports concise status summaries, risk movement, key metrics and board pack generation.
Annual internal audit and assurance schedule used to plan, sequence and monitor formal assurance activity across the year.
Central log for risks, assumptions, issues and dependencies, supporting project-level and programme-level governance.
Information security risk register with treatment plans, ratings, ownership and tracking through review cycles.
Structured register of legislation, regulations and compliance obligations with ownership, applicability and traceability.
Supplier risk assessments, due diligence outcomes, assurance status and risk visibility across the supply chain.
Nonconformity log with root cause analysis, corrective actions, due dates, validation and closure workflow.
Clause 6.2 information security objectives with progress tracking, evidence and formal status reporting.
Repository for internal and external audit records, findings, recommendations, evidence references and follow-up tracking.
Controlled document library for policies with versioning, ownership, review cycles and approval workflow.
Mapped control framework covering ISO 27001 Annex A controls, testing, control ownership and evidence status.
Formal ISO 27001:2022 SoA module covering all 93 Annex A controls, applicability decisions and implementation status.
NCSC CAF Baseline and Advanced assessment module aligned to contributing outcomes and maturity progression.
Clause 9.3 management review records with agenda items, decisions, actions and retained evidence for governance purposes.
Security incident management register supporting triage, investigation, lessons learned and post-incident review activity.
Vulnerability management workflow with SLA tracking, prioritisation and integration points such as Tenable.io sync.
Operational work queue showing prioritised tasks, overdue items, SLA breaches and actionable alerts for analysts.
Business continuity and disaster recovery plans with exercise records, resilience assumptions, RTO and RPO tracking.
Register of hardware, software, data, services and cloud assets to support ownership, assurance and risk traceability.
Cross-module action management layer for findings, decisions, treatment tasks and corrective actions across the platform.
Keystone is built to support security leaders, assurance teams, risk owners, legal stakeholders and executives through a common platform with role-based views and consistent governance data.
Each module is aligned to a typical functional owner while still supporting shared visibility across the business.
Support evidence-led governance by linking records, findings, actions and decisions across assurance and compliance workflows.
Organise governance activity against recognised standards and regulatory expectations without losing operational detail.
Convert detailed operational data into concise, useful reporting for senior leadership and formal governance forums.
Keystone provides a unified approach to enterprise security governance by connecting governance records, assurance activity, operational security data and leadership reporting in a single platform.
Ordinex Keystone is an enterprise security governance platform designed to bring risk, assurance, compliance and operational oversight into one structured environment. It replaces fragmented trackers and disconnected governance records with a connected system of record that supports both day-to-day security management and board-level visibility.
From risk registers and legal obligations through to audits, controls, vulnerabilities, continuity and management review, Keystone helps organisations manage security governance in a way that is evidence-led, framework-aligned and operationally useful.
This page is set up as a single-file starting point for the Ordinex website or product microsite. The next logical additions are a finished logo, a proper product illustration or screenshot, a contact form, and a module detail page for each capability.