NIS2 Readiness Assessment – Your foundation for enhanced cybersecurity
Secure your company comprehensively: With Softline’s NIS2 Readiness Assessment, we evaluate your current maturity level based on the Zero Trust model, ISO 27001, and CIS controls. Together, we identify relevant risks and develop concrete measures to efficiently meet all requirements of the NIS2 Directive. This way, you strengthen your cybersecurity sustainably and reduce real threats in a dynamic threat landscape.
Your business challenges
Prioritize risks with a limited budget
With a limited budget, you need to eliminate the most critical cyber risks.
Insufficient skills or capacity
You lack adequate cybersecurity expertise, and at the same time, the multitude of available security solutions makes it difficult to choose the most effective investments without sufficient know-how.
Potential reputational damage
Non-compliance can lead to financial penalties, legal issues, and significant reputational damage.
Our solution
The IT and cybersecurity management processes of your company are evaluated across five pillars
- Identity Management
- Device Management
- Network/Environment
- Business Applications
- Data Management
Our standard delivery process
Within these categories, we assess the technologies you are currently using and their management model.
The assessment is based on the ISO 27001 management standard for cybersecurity, CIS controls, and the Zero Trust framework. We have developed a compact and efficient solution that can be scaled in the future.
All aspects of your existing cybersecurity model are compared with the established NIS2 requirements to identify and close any gaps.
Your benefits and outcome
After utilizing our services, your organization will be better prepared for cyberattacks and will meet the requirements of the NIS2 cybersecurity directive. This ensures long-term reliability and success in the digital world.
Together, we will assess how well your company is positioned in terms of information security and IT security and provide you with concrete recommendations for action.
Comprehensive plan and security policies
We prepare a detailed audit report in which we comprehensively analyze the existing cybersecurity risks and provide recommendations for eliminating them. In addition, we create a roadmap for improving cybersecurity so that you can achieve an optimal level of security.
Maturity analyses according to ISO 27001 and 27002
You will also receive a vulnerability assessment report, enabling you to patch or reconfigure the most critical points from an attacker’s perspective.
We prepare a list of the changes required in your existing policies and provide templates for any missing documents to ensure basic NIS2 compliance.
Everything you need to know about NIS2
NIS2 (Network and Information Security) regulates the cyber and information security of companies and institutions. The directive is a tightening and expansion of the previous NIS directive from 2016.
For this reason, NIS2 contains stricter security requirements, reporting obligations, and enforcement regulations for a broader range of organizations.
NIS2 requires the implementation of a minimum standard to ensure the security of IT systems and their physical environment. Companies themselves decide on the appropriate security level depending on the degree of risk exposure, the size of the organization, and the likelihood and severity of security incidents.
- Development of concepts for risk analysis and the security of information systems
- Incident response measures (detection, analysis, containment, and response to incidents)
- Secure voice, video, and text communication as well as secured emergency communication
- Continuity of operations (including backup management and recovery after an incident)
- Basic training (awareness) in cybersecurity and cyber hygiene
- Security measures during procurement, development, and maintenance of network and IT systems
- Concepts and evaluation of the effectiveness of risk management measures (crisis simulation)
- Concepts and procedures for the use of cryptography (encryption if necessary)
- Personnel security, access control, and asset management
- Supply chain security
New under NIS2 are the significantly tightened penalties. The supervisory authorities will likely have to report the regulated companies for the first time in April 2025 and then every two years. The fine will be determined based on the company’s worldwide annual turnover.
- For essential entities: Fines of up to 10 million euros or 2% of the company’s worldwide annual turnover, whichever amount is higher.
- For important entities: Fines of up to 7 million euros or 1.4% of the worldwide annual turnover, whichever amount is higher.
Responsibility for implementing the directive is assigned to management. Management must oversee the implementation of the measures and is personally liable in the event of non-compliance.
The reporting obligation is also being tightened. A preliminary report must be submitted within 24 hours; no later than 72 hours after an incident, a qualified report must be provided. One month after the incident, a progress or final report must be submitted.