NIS-2 Readiness Check

Prepare your company for NIS-2 in a structured and effective way.
Organizational assessment, technical assessment, and risk-based penetration testing.

Everything from a single source!

experienced auditors

In-depth OT/IoT expertise

reliable results

Why the NIS-2 Readiness Check?

NIS-2 requires more than just guidelines and documented measures: Above all, companies must be able to demonstrate that their security measures have been properly implemented and will actually be effective in the event of an emergency. Our NIS-2 Readiness Check provides insight into whether your risk management measures have been effectively implemented from a technical, operational, and organizational perspective—and thus actually work in day-to-day operations.

Together with you, we’ll develop a clear picture of your current implementation status, identify relevant gaps, and establish a solid foundation for self-declaration, audits, and further actions.

We combine regulatory expertise with practical experience in dealing with attacks, and we do not view NIS-2 readiness as merely a checklist exercise. Rather, we assess the actual effectiveness of your implementation measures.

NIS-2 Readiness Check

FREE: 30-MINUTE NIS-2 INITIAL CHECK

During an initial consultation, we'll analyze your needs and potential next steps toward achieving NIS 2 readiness!


Results of the NIS-2 Readiness Check

Specific Action Plan

The core of the NIS-2 Readiness Check: You’ll receive a concrete action plan to serve as the basis for internal roadmaps, audit preparation, and additional documentation.

Prioritized Recommendations

Our specific recommendations for action are ranked by priority in order to address critical gaps in a targeted manner and make effective use of your resources.

Content Tailored to the Target Audience

Depending on your needs, the results of the NIS-2 Readiness Check are tailored to the target audience and presented in a clear and understandable manner—whether as a management summary or as technical documentation.

Clear Risk Allocation

We cross-reference our findings with your affected systems, business processes, and relevant areas for action, and identify the associated risks.

Traceable Documentation

Our audit procedures, spot checks, scope of audits, and results are thoroughly documented so that you can fully understand our work in the best possible way for your security.

Effectiveness within the Scope

You receive a structured assessment of whether organizational, operational, and technical risk management measures in your company—particularly with regard to regulatory requirements—are being implemented in a transparent manner and are effective.

Holistic Approach

Three Perspectives—A Comprehensive View That Reflects the Actual Exam

An effective and as comprehensive as possible NIS-2 Readiness Check requires various perspectives, including to address regulatory requirements. Accordingly, we support companies with services ranging from individual analyses to assessments across the following three areas: The organizational assessment provides transparency regarding governance, processes, and supporting documentation. The technical assessment evaluates configurations, architectures, and security measures. The NIS-2 penetration test simulates real attacker paths in a controlled and coordinated manner, revealing which risks would actually be relevant in a real-world scenario.

This gives you not just a snapshot, but concrete information on which to base your decisions: Which measures are already effective? Where are the gaps? Which findings are business-critical? And which next steps will move your company toward audit readiness the fastest?

Organizational Review

Assessment of ISMS, processes, policies, responsibilities, and evidence—with a focus on risk management and operational implementation.

Technical Inspection

Assessment of architecture, hardening, access controls, vulnerability management, monitoring, and resilience within the defined scope.

NIS-2 Penetration Test

Controlled attack simulation with a risk-based scope, an “assumed breach” scenario, and an appropriate mix of black-, gray-, and white-box techniques.
STEP 1

Organizational Review

The organizational audit assesses whether structures, processes, documents, and responsibilities are designed in such a way that NIS-2 risk management measures can be managed in a transparent manner and implemented effectively. Particular focus is placed on the risk management process as the basis for defining the scope, selecting measures, and setting priorities. The assessment is based on document reviews, interviews, workshops, random sampling, plausibility checks, etc.

Your Outcome

Together, we will prepare you to demonstrate compliance and implement the NIS-2 risk management measures at the organizational and operational levels. Ultimately, you will have a clear overview of your organizational maturity, ability to demonstrate compliance, gaps, and recommended actions.
STEP 2

Technical Inspection

The technical audit determines whether security measures have been appropriately implemented and are effective within the defined scope. Among other things, the audit examines IT/OT architectures, segmentation, firewall rules, system hardening, permissions, MFA, vulnerability management, logging, monitoring, and backup and recovery processes. The audit is conducted on a risk-based approach using technical inspections, configuration reviews, and targeted tests. In doing so, we take particular care to minimize disruption to ongoing operations.

Your Outcome

You will receive a thorough assessment of the technical security landscape and the actual effectiveness of existing security measures. The results will identify specific vulnerabilities, misconfigurations, and critical access paths, and provide prioritized recommendations for a secure and verifiable implementation.
STEP 3

NIS-2 Penetration Test

As part of the NIS-2 penetration test, we assess the effectiveness of your security measures through controlled, realistic attack simulations. We systematically replicate the tactics, techniques, procedures, and tools used by real attackers. This allows us to put your security efforts to the test and determine whether they can prevent, detect, or mitigate attacks. Depending on your requirements, we use assumed-breach scenarios as well as black-box, gray-box, and white-box approaches. Among other things, we examine attack vectors, segmentation, hardening, permissions, and external attack surfaces.

Your Outcome

The NIS-2 penetration test provides reliable evidence of whether attacks on your systems can be prevented, detected, or effectively mitigated. We evaluate the findings from both a technical and business perspective and document them in a transparent manner. This results in a prioritized action plan designed to specifically reduce relevant risks.

Frequently asked questions

Is the NIS-2 Readiness Check an official audit?

Are tests conducted in a production environment as part of the NIS-2 Readiness Check?

Why isn't a document review enough?

How is the scope determined?

What should we prepare?

What will be delivered to us?

Defending what matters

In an increasingly connected world, we protect what matters most to you!