Discover all the ISO27001 and NIS2 puzzle pieces for your organization
From insight and policy to implementation, training, and continuous monitoring: Download the pages to strengthen your organization step by step in terms of cybersecurity.
1. Cybersecurity baseline audit
Discover which cyber risks threaten your organization
Want to know at a glance how strong your organization is today in terms of cybersecurity? The Cybersecurity baseline assessment maps your entire IT environment and shows where risks and vulnerabilities lie. You get a clear overview of what needs to be prioritized and which steps will have the most impact. This allows you to lay a solid foundation for targeted security measures and a well-thought-out NIS2 process.
2. Scope Assessment NIS2
The first step toward compliance
NIS2 requires clear choices and clear demarcation. With a well-considered scope definition, you determine which systems, processes, and responsibilities fall under the NIS2 directive. This allows you to avoid gray areas, focus on what is truly critical, and demonstrate administrative responsibility. This demarcation forms a solid basis for further steps toward NIS2 compliance and possible growth toward ISO 27001.
3. CISO Manager -
GRC tool
Take control of NIS2 & ISO 27001 in one powerful GRC tool
Today's cybersecurity requires overview, structure, and demonstrable control. CISO Manager is a user-friendly GRC tool that helps you centrally manage risks, assets, actions, and policy documents. You can see at a glance where you stand in relation to NIS2, ISO 27001, or CyFun and where the biggest gaps are. This gives you control over your cyber strategy and allows you to continue working on maturity in a focused manner, with clear actions and measurable progress.
4. Process + document implementation
The combination of documentation and implementation is the key to success.
Strong cybersecurity relies not only on technology, but also on clear agreements and demonstrable evidence. In this phase, the necessary policy documents, risk analyses, and procedures are developed. This ensures that documentation and implementation are perfectly aligned, from access management to onboarding and offboarding. The result is a workable framework that complies with NIS2 and ISO27001 and is truly supported within the organization.
5. ISO27001 toolkit
+ support
The right foundation for perfecting your documentation
Good documentation forms the backbone of any ISO 27001 or NIS2 process. With the ISO 27001 Documentation Toolkit, you have access to professionally designed templates that are tailored to your scope, sector, and chosen framework. You only work with documents that are truly relevant, supported by practical guidance on how to complete and apply them. This allows you to build structured, audit-ready documentation without wasting time on unnecessary searching.
6. ISO/IEC 27001:2022
The formal basis for certification
ISO/IEC 27001:2022 forms the formal and legal basis for every ISO 27001 certification. The official standard describes exactly which requirements apply and on which auditors base their assessment. By working with this recognized reference, you avoid differences in interpretation and build your ISMS correctly and defensibly. This creates audit certainty and an internationally recognized basis for information security and compliance.
7. Internal NIS2 guideline
Clear internal guidelines for achieving NIS2 together
A strong NIS2 policy only works if everyone understands and applies it. The internal NIS2 guideline combines all essential rules, procedures, and best practices in one clear and accessible manual. Employees can quickly find what is expected of them without getting lost in separate documents. This bridges the gap between formal policy and daily practice, turning security into a shared responsibility.
8. Technical implementation NIS2
Implement the correct security measures as documented
Strong cybersecurity policies only prove their worth when they are enforced technically. In this phase, we translate documentation, risk analyses, and procedures into concrete security measures that comply with NIS2 or ISO 27001. Policies are effectively applied through technical controls and user-friendly workflows, integrated into the existing working environment. This closes the gap between policy and practice and makes compliance demonstrable and workable.
9. Awareness Training
Protect yourself and your colleagues from digital threats
Human behavior remains one of the biggest risk factors in cybersecurity. Awareness Training raises employee awareness with short, interactive modules on phishing, working safely, and digital best practices. Realistic phishing simulations show where your organization stands today and where adjustments are needed. This increases your team's digital resilience and ensures compliance with NIS2 and ISO 27001 requirements.
10. Training of procedures and policies
So that everyone can work together with confidence in a safe organization
Security policies only work when employees know how to apply them in practice. This training translates procedures and policies into clear, recognizable steps in daily operations. Employees understand their role, the reasoning behind each measure, and how processes should be carried out correctly. This ensures that policies are actively complied with, efficiency increases, and you can demonstrate compliance with NIS2 obligations.
11. Password Manager
The essential piece of the puzzle for your security and password policy
Passwords remain one of the biggest weak links in cybersecurity. A password manager offers a secure and user-friendly environment in which strong, unique passwords are managed centrally. Employees can work more easily and securely, while IT retains full control over access and policy. This means that a strong password policy is not only established, but also effectively applied and demonstrably complied with.
12. Backup for Microsoft 365
So that your digital environment is not lost
Data in Microsoft 365 is crucial, but it is not automatically protected against loss or attacks. With a separate Microsoft 365 backup, all your emails, files, and Teams data are stored securely and automatically. You can restore data at any time, even years ago, without impacting users. This protects your organization against data loss and strengthens business continuity and compliance.
13. SOC outsourcing
Major obligations require a larger security team
Cyber threats do not stop after office hours and require constant vigilance. With SOC outsourcing, your IT environment is monitored 24/7 by specialized security experts who immediately detect and follow up on incidents. This allows you to meet the strict requirements of NIS2 Essential without having to build an internal SOC team yourself. You combine permanent protection, in-depth expertise, and demonstrable compliance in one scalable solution.
14. CISO outsourcing
We help you stay compliant after a completed project
Cybersecurity does not end after the completion of a project, but requires ongoing monitoring. With CISO outsourcing, an external security team continuously monitors the compliance and effectiveness of your policies, processes, and technical measures. Deviations are identified in a timely manner and translated into clear reports and improvement actions. This ensures that your organization remains demonstrably compliant with NIS2 and ISO 27001, even in the long term.
15. Communication plan NIS2
Clear communication so you can work together towards compliance
NIS2 compliance requires more than just introducing new rules. A well-thought-out communication plan ensures that employees understand what is changing, why it is necessary, and what their role is in it. By sharing the right message at the right time through the right channels, you avoid confusion and increase support. In this way, security measures are not only imposed, but also effectively applied within the organization.