DICOM
LV RU EN
Contact Us

NIS2 Audit & Implementation

NIS2 is a European Union cybersecurity directive that came into force in 2023 and is mandatory for implementation in member states by 2024/2025. It expands the requirements of the original NIS directive and establishes stricter rules for organizations providing essential or important services. The directive's goal is to raise the overall level of cybersecurity in Europe by ensuring a unified approach to risk management, incident reporting, and supply chain security. NIS2 particularly emphasizes management responsibility: company executives must ensure appropriate strategy and resources for cybersecurity measures. Regular staff training and implementation of technical controls are also required — access management, data backups, event log maintenance, as well as monitoring solutions (EDR, SIEM, etc.). We help both with initial compliance assessment and with practical implementation and documentation of verifiable control measures.

Overview Who it applies to Process Deliverables Pricing FAQ

What is NIS2

NIS2 is a European Union cybersecurity directive that came into force in 2023 and is mandatory for implementation in member states by 2024/2025. It expands the requirements of the original NIS directive and establishes stricter rules for organizations providing essential or important services. The directive's goal is to raise the overall level of cybersecurity in Europe by ensuring a unified approach to risk management, incident reporting, and supply chain security. NIS2 particularly emphasizes management responsibility: company executives must ensure appropriate strategy and resources for cybersecurity measures. Regular staff training and implementation of technical controls are also required — access management, data backups, event log maintenance, as well as monitoring solutions (EDR, SIEM, etc.). We help both with initial compliance assessment and with practical implementation and documentation of verifiable control measures.

What you get

  • Detailed compliance status assessment and roadmap for next steps
  • Documented policies, procedures, and incident management mechanisms
  • Technical recommendations: access control, backups, event logs, EDR/SIEM
  • Management briefings, regular reports, and staff training
  • Reduced legal and financial risks associated with NIS2 non-compliance

Who must comply with NIS2

NIS2 applies to 'essential' and 'important' entities in several sectors: energy, transport, water supply, healthcare, finance and public services, ICT infrastructure and managed services (MSP/MSSP), as well as data centers and digital services. The directive also provides for supply chain security — this means that requirements may affect suppliers and outsourcing service providers. In practice, this often applies to medium and large companies with significant impact on service continuity.

  • ICT and managed services (MSP/MSSP), cloud solutions
  • Energy, transport, water supply, healthcare, and public services
  • Digital services and data centers, internet exchange points
  • Medium and large companies with significant impact on service continuity

How implementation works

  1. 01
    Quick stakeholder interview
    We map systems, data flows, and responsibilities. We clarify current technical and organizational controls, supplier contracts, and incident practices.
  2. 02
    NIS2 gap analysis
    We compare directive requirements with the actual situation, identify non-compliances and risks: access, backups, logs, recovery, supply chain, training, etc.
  3. 03
    Roadmap and priorities
    We create a feasible plan: order, deadlines, and responsible parties. We identify quick wins and critical actions with the greatest impact.
  4. 04
    Documentation and technical work
    We develop policies/procedures, implement and configure controls: access, backups, monitoring (EDR/SIEM), logs, and reporting procedures.
  5. 05
    Training and audit
    We train the team, test the incident process (tabletop), conduct internal audit, and prepare evidence of compliance (evidence pack).

Typical timeframe: 4–12 weeks depending on scope. Collaboration format is flexible: we can work in stages or full cycle until audit.

You will receive

  • Gap analysis report with risks, impacts, and priorities
  • Policies and procedures: access, backups, incident management, change management
  • Asset registry and critical dependencies map (systems/suppliers)
  • Incident management plan: rules, escalation, 24h/72h reporting
  • Technical controls implementation recommendations and configuration descriptions (EDR, SIEM, logs)
  • Training materials and management briefing package (summaries, KPIs)
  • Evidence pack: reports, protocols, and compliance evidence

Pricing

We offer fixed packages and custom projects depending on scope, number of systems, and supply chain complexity.

Start
From €2,900
Quick diagnostics, gap analysis, and roadmap with priorities
Popular
Standard
From €6,900
Documentation + basic controls implementation and team training
Enterprise
From €12,000
Full cycle with technical implementation, audit, and supervision preparation

Exact price after free discovery call (30–45 min). We work transparently with concrete results.

Get Consultation

FAQ

Do I really need NIS2?
It depends on industry, company size, and impact on service continuity. We'll quickly help determine status and scope to understand if requirements apply specifically to you.
Are documents alone sufficient?
No. NIS2 requires both documented and actually implemented controls and regular practical testing (drills, checks, evidence).
Do you help with supplier risk assessment?
Yes. We assess suppliers, prepare contract requirements, and develop checklists for periodic control.
How quickly can we start?
Usually within 1–2 weeks. We immediately agree on priorities and responsible parties to move quickly and purposefully.
Have questions? Write to us.