NIS2 readiness assessment

A plain-language review of exactly where your firm stands against NIS2. Delivered in weeks, not months.

What problem this solves

Before you can fix your NIS2 position, you need to know what it is. Many organisations waste months on compliance work that misses the most important gaps, or spend money on controls that are not actually required.

A structured readiness review gives you the map before you start the journey. It confirms whether you're in scope, identifies your actual gaps — not theoretical ones — and tells you what to fix first based on risk and effort, not vendor interest.

This is also the document that demonstrates to regulators, auditors, and insurers that you took the requirement seriously from the start. It becomes the first entry in your compliance evidence file.

What you get

  • Scope determination: confirmed assessment of whether your organisation meets NIS2 thresholds and under which classification
  • Gap analysis against all 10 NIS2 Article 21 requirements
  • Risk-prioritised remediation roadmap: what to fix first and why
  • Plain-language report, 15–25 pages — written for management, not IT
  • Findings presentation call with your management team
  • 30-day follow-up call to answer questions after you've had time to review

What changes after this

  • You know for certain whether NIS2 applies to your organisation
  • You can show directors exactly where the compliance gaps are and what it costs to close them
  • Your compliance programme starts from facts, not assumptions
  • The report itself becomes the first entry in your compliance evidence file

What it costs

Fixed price. Payable in two instalments: 50% at kick-off, 50% on delivery of the report. No surprises.

[TBD by user — insert fixed price here]

No obligation to engage further after the review. The report is yours.

How the NIS2 readiness review works

Kick-off

A 90-minute call with your management team. We confirm scope, collect existing documentation, and agree the review scope.

Review

We assess your policies, procedures, and controls against NIS2's 10 Article 21 requirements. A short follow-up call may clarify specific areas.

Report

You receive the written report. We walk through it together on a findings call — questions answered, next steps clear.

Frequently asked questions

A written report in plain language — no technical jargon. It covers whether your firm is in scope for NIS2, your current gap against all requirements, a prioritised list of actions sorted by risk reduction versus effort, and a suggested roadmap. Typically 15–25 pages.

We ask for a half-day of your time over 2–3 weeks — a kick-off call, a documentation review, and a findings call. The full engagement runs 3–4 weeks.

No. This is a governance and process review, not a technical attack simulation. We are checking whether your organisation has the right policies, procedures, and oversight in place — not whether your firewall has a misconfiguration.

No. The review is designed to establish a baseline from zero. If you have existing documentation, we work from it. If you don't, we note that as a gap.

You get the report. What you do with it is your decision — there is no obligation to engage us further. We can help with remediation if you want, or you can take the report to another provider or handle it internally.

Book your NIS2 readiness review

Fixed scope. Fixed price. Plain-language report. Send us a message and we'll confirm availability within one business day.

Book the NIS2 readiness review →

NIS2 Compliance

Once you know the gaps, we close them. A full compliance programme follows naturally from the readiness review.

Managed Threat Detection

Detection capability is one of NIS2's core requirements. Our monitoring service closes that gap directly.