Cyber risk does not move in annual cycles. Cloud configurations drift, vulnerabilities appear daily, access rights accumulate, and suppliers change. A control that was well evidenced during an assessment can be weakened weeks later.
CyConex reframes CAF and other assessments from a one-off deliverable into an ongoing, repeatable programme — scheduled runs, an assurance history you can trust, and a live posture you can share.
Instead of scrambling before each audit, you can schedule recurring assessment runs so posture stays current between formal reviews.
Recurring runs turn assurance into a steady operational rhythm rather than a periodic fire drill, and make it far easier to demonstrate that controls remain effective over time.
Assurance history and control timeline
CyConex keeps an assurance history so you can see how each control has changed across cycles.
A control timeline records score and status changes cycle over cycle, with the rationale behind them, so trends and regressions are visible — not buried in old spreadsheets.
Live, shareable posture
Boards and regulators do not want a snapshot from six months ago. CyConex lets you publish a shareable heatmap link that reflects the current assessment.
A live posture link means stakeholders always see where essential functions are resilient and where improvement activity is underway — without waiting for the next report.
Why continuous beats point-in-time
Scheduled, recurring assessment runs
Assurance history across review cycles
Control timeline with rationale for changes
Always-current shareable heatmap link
Demonstrate ongoing control effectiveness
Replace periodic fire drills with a steady rhythm
Run assurance as a programme
Move from point-in-time audits to continuous, evidence-led assurance with CyConex — sign up free for early access.
Is CyConex a one-off assessment tool or continuous?
CyConex is built for continuous assurance. You can run recurring assessments on a schedule, track an assurance history and control timeline across cycles, and publish a live shareable heatmap that stays current for boards and regulators — not just a point-in-time snapshot.
Can CyConex export Word and Excel reports?
Yes. CyConex generates structured Excel and Word assessment exports, along with CAF heatmaps at objective and principle level — ready for GovAssure reviewers, competent authorities, and governance stakeholders.
Which frameworks does CyConex support?
NCSC CAF is the primary framework — four objectives, fourteen principles, 41 contributing outcomes, and IGPs. CyConex also supports Cyber Essentials, NIST 800-53, NIST CSF 2.0, and custom control catalogues, with structured catalogues and reusable assessment context.