NIS2 Officer, certified by DNSC

Become compliant with the NIS2 Directive without turning it into an overwhelming project. We offer consulting and can even take on the role of security officer, certified by DNSC.

What we do

From "we don't know where to start" to demonstrable compliance

NIS2 requires essential and important entities to implement cybersecurity measures, appoint an officer and report incidents to DNSC. We guide you through the whole process: we determine whether you fall under the directive, assess your current state, implement the necessary measures and keep you compliant over time.

Step 1

Gap analysis & risk assessment

We assess where you stand against NIS2 requirements and identify risks, with a prioritised treatment plan.

Step 2

Policies & procedures

The required documentation: security policies, incident management, continuity and supply chain.

Step 3

Technical & organisational measures

We implement the necessary controls: MFA, segmentation, backup, monitoring, access control.

Step 4

Officer & DNSC reporting

We can take on the security officer role and manage incident reporting within legal deadlines.

Real results

Case studies

Anonymised examples from delivered projects. Client names are confidential.

RORomaniaUtility provider · essential entity

NIS2 compliance from scratch, demonstrable

Challenge

The company fell under NIS2 as an essential entity but had no formalised measures and no designated security officer. Management did not know where to start or what their exposure to sanctions was.

Solution

We carried out a full gap analysis against NIS2 requirements, built the set of policies and procedures, implemented the priority technical measures (MFA, segmentation, monitoring, backup) and took on the role of security officer, certified by DNSC, as the single point of contact.

Outcome

Compliance is no longer a race against the clock, but a maintained process. With a dedicated security officer and clear procedures, the company can respond to DNSC requests and partner requirements with documents, not improvisation, and periodic reviews keep the level of compliance over time.

Technologies & frameworks
  • ISO 27001 (framework)
  • Wazuh SIEM
  • Microsoft Entra ID
  • Veeam Backup
  • GLPI (asset register)
Results at 3–6 months

Measured impact

38% → 95%
level of compliance against NIS2 requirements
< 24h
capacity to report incidents to DNSC
1
single point of contact and security officer

“We now have a file we can put on the table at any inspection.”

RORomaniaPrivate hospital

Protecting patient data and getting audit-ready

Challenge

The hospital processed sensitive medical data but was uncertain about its legal obligations and had a large attack surface: medical and administrative systems on the same network, with no incident plan.

Solution

We carried out a risk analysis, segmented the medical systems from the administrative ones, deployed EDR, MFA and immutable backup, and wrote an incident response plan, tested through a practical exercise.

Outcome

Patient data is now protected through multiple layers, and the staff know how to react to an incident, because they have rehearsed the scenario. The hospital moved from legal uncertainty to a position where it can demonstrate compliance to the authorities, with documentation kept up to date.

Technologies used
  • Network segmentation
  • Bitdefender GravityZone
  • Microsoft Entra MFA
  • Veeam Immutable Backup
  • Tested IR plan
Results at 3–6 months

Measured impact

-60%
attack surface, through segmentation and hardening
100%
medical systems isolated from the administrative network
IR ✓
incident response plan tested and functional

“We know exactly what to do if an incident happens — we've practised it.”

RORomaniaLogistics operator

Supply chain risk, under control

Challenge

The operator worked with dozens of suppliers who had access to systems, with no clear rules and no assessment. NIS2 requires explicit management of supply chain risk, something entirely uncovered.

Solution

We introduced security policies for suppliers, a third-party assessment process, granular access control (least privilege) and monitoring of external connections. We centralised identities and removed unnecessary access.

Outcome

The relationship with suppliers became safer and more transparent: each third party has access only to what it needs and is monitored. The supply chain risk, previously invisible, is now documented and managed as part of day-to-day operations, not a problem discovered at audit.

Technologies used
  • IAM / least privilege
  • Vendor risk assessment
  • Microsoft Entra ID
  • MFA
  • Third-party monitoring
Results at 3–6 months

Measured impact

100%
critical suppliers assessed and documented
-70%
accounts with external access, after cleanup
supply chain risk mapped and monitored

“Now we know exactly who has access to what, and why.”

Do you fall under NIS2?

Let's check together and build you a clear compliance plan.

Request an assessment