NIS2 compliance from scratch, demonstrable
The company fell under NIS2 as an essential entity but had no formalised measures and no designated security officer. Management did not know where to start or what their exposure to sanctions was.
We carried out a full gap analysis against NIS2 requirements, built the set of policies and procedures, implemented the priority technical measures (MFA, segmentation, monitoring, backup) and took on the role of security officer, certified by DNSC, as the single point of contact.
Compliance is no longer a race against the clock, but a maintained process. With a dedicated security officer and clear procedures, the company can respond to DNSC requests and partner requirements with documents, not improvisation, and periodic reviews keep the level of compliance over time.
- ISO 27001 (framework)
- Wazuh SIEM
- Microsoft Entra ID
- Veeam Backup
- GLPI (asset register)
Measured impact
“We now have a file we can put on the table at any inspection.”
