Skip to content
English - United Kingdom
Kontaktieren Sie uns

NIS2 Readiness Assessment 

We assess your organization's maturity level concerning the NIS2 directive requirements, assisting you in identifying and mitigating key risks.

Our evaluation is grounded in the Zero Trust Maturity Model, the ISO 27001 standard, and CIS Controls. 

We evaluate your IT environment not only for regulatory compliance but also in the context of today's dynamic landscape and emerging threats.

Our action plan helps reduce actual threats to your business while ensuring full compliance with all NIS2 requirements. 

Your business challenges

Prioritize cyber risks with a limited budgett

With a limited budget, you need to eliminate the most significant cyber risk.

Insufficient skills or capabilities

You do not have enough cybersecurity competencies and various vendors offer so many products you do not understand what is the most valuable investment

Potential damage to reputation

Non-compliance with regulations can lead to financial penalties, legal issues, and reputational damage

Our Solution

Your organization's IT and cyber security management processes will be assessed in 5 pillars:

  • Identity Management
  • Device Management
  • Network/Environment
  • Business Applications 
  • Data Management

 

Our standard delivery process:

Under these categories, we evaluate the technologies you currently use and their management model. 

The ISO 27001 management standard for cyber security, CIS controls, and the Zero Trust Framework serve as a basis. We have developed a compact and efficient solution that can be scaled in the future.

All aspects of your existing cyber security model are mapped against the known NIS2 requirements to identify and close gaps.

Your benefits and deliverables

After engaging our services, your organization will be better prepared and protected from cyberattacks and meet the requirements of the NIS2 cybersecurity policy to ensure long-term reliability and success in the digital environment.

Comprehensive plan and Security policies

  • We prepare a detailed audit report in which we comprehensively analyze the existing cybersecurity risks and recommendations for their elimination. In addition, we create a roadmap for a cybersecurity improvement strategy to help you achieve an optimal level of security.
  • The IT infrastructure is made more secure and the risks are assessed under the requirements of NIS2.
  • You also receive a vulnerability assessment report and can patch or reconfigure the most critical points from an intruder's perspective.
  • We create a list of changes required in your existing policies and provide templates for missing documents for basic NIS2 compliance.
nis2-assessment-servicepaket-verpackung-softline

We are ready to tell you more

We are happy to advise you and determine the necessary measures.
thumbnail-softline-webinar-nis2

Webinar recording (only in German)

In our latest webinar, you will learn the most important basics about NIS2, receive a 15-step action plan and recommendations for organisational and technical tools. 

Everything you need to know about NIS2

Overview of NIS2

NIS2 (Network and Information Security) regulates the cyber and information security of companies and institutions. The directive is a tightening and expansion of the previous NIS directive from 2016.

For this reason, NIS2 contains stricter security requirements, reporting obligations and enforcement provisions for a broader range of organisations.

NIS2 requirements
NIS2 requires the implementation of a minimum standard to ensure the security of IT systems and their physical environment. The choice of security level is decided by the organisations themselves, depending on the extent of risk exposure, the size of the organisation and the probability of security incidents and their severity. 

  • Creation of concepts in relation to risk analysis and for the security of information systems
  • Incident response measures (detection, analysis, containment and reaction to incidents)
  • Secure voice, video and text communication as well as secure emergency communication
  • Maintaining operations (incl. backup management and recovery after an incident)
  • Basic training (awareness) in cyber security and cyber hygiene
  • Security measures for the acquisition, development and maintenance of network and IT systems
  • Concepts and evaluation of the effectiveness of risk management measures (crisis simulation)
  • Concepts and procedures for the use of cryptography (encryption where applicable)
  • Personnel security, access control and asset management
  • Security in the supply chain
Tightening of liability

Another new feature of NIS2 is the significantly stricter fines. The supervisory authorities will probably have to report the regulated companies for the first time in April 2025 and then every two years. The fine will be determined on the basis of annual global turnover.

For essential entities: up to €10 million or 2% of the company's total worldwide annual turnover, whichever is higher.

For important entities: up to €7 million or 1.4% of the company's total worldwide annual turnover, whichever is higher.

Management will be given responsibility for implementing the guidelines. They must monitor the implementation of the measures and are personally liable in the event of non-compliance. 

The reporting obligation will also be tightened. A preliminary report must be submitted within 24 hours; a qualified report of an incident must be submitted within 72 hours at the latest. A progress/final report must be submitted one month after the incident.