NIS2 Directive
Consulting and support for the compliance

Supporting the organization in the compliance process with the requirements of Directive (EU) 2022/2555 (NIS2), which introduces stringent obligations regarding cybersecurity, risk management, governance, and incident notification for public entities and companies operating in critical or essential sectors.

Preliminary analysis and gap assessment:

  • Mapping of the organization and verification of the directive’s applicability
  • Analysis of existing controls in the areas of security, business continuity, and IT governance
  • Identification of gaps in relation to NIS2 requirements

Drafting of a compliance plan

  • Development of an operational plan with priorities, activities, and timeline
  • Definition of corrective actions for technical, organizational, and procedural compliance
  • Identification of internal responsibilities

Implementation support

  • Updating of policies and procedures (e.g., incident management, access control, supplier management)
  • Support in risk assessment and the definition of security measures
  • Targeted training for involved personnel, if necessary

Ongoing support and internal audit

  • Periodic verification of progress status
  • Preparation for supervision by the national authority (ACN or other competent body)
  • Drafting of technical documentation and compliance reports

Outputs of the service

Gap analysis reports
NIS2 Compliance Plan
Policies and procedures update
Informative material (if necessary)
Final report with compliance status

Duration and delivery method

The service is delivered in a hybrid mode (remote/on-site) based on the client’s needs and the complexity of the organization. The duration depends on the size, maturity, and sector of the entity