NIS2 Consulting

NIS2 consulting helps organizations understand obligations, gaps, and priorities. The focus is on implementable actions, clear responsibilities, and reliable decision support.

Quick overview

Typical use cases

• First assessment: Am I in scope as an essential or important entity?
• Board or leadership briefing with clear obligations
• Gap analysis before audit, customer inquiry, or supplier requirements
• M&A or reorganization: new entities, new obligations
• Building a security program with defensible measures

Process & methodology

• short initial assessment of applicability and maturity
• structured interviews and document review
• mapping obligations to existing controls
• gap and risk analysis with priorities
• implementation plan with effort, dependencies, and ownership

Scope & preparation

• systems, processes, locations, and key providers
• existing policies, incident processes, risk register
• critical services and dependencies
• timeline and target state (e.g., 6-12 months)

Execution

• review of policies, processes, and technical controls
• alignment against NIS2-relevant requirements
• assessment of maturity, effectiveness, and evidence
• prioritization by risk and feasibility

Deliverables

• applicability and obligations overview
• gap analysis with priorities (short / mid / long term)
• implementation plan incl. actions, owners, effort
• evidence and documentation list for audits

Provider selection criteria

• clear separation of consulting and legal advice
• transparent methodology and scoped approach
• practical security program experience, not only compliance
• clear deliverables with sample structure
• realistic timelines and explicit dependencies

Next steps