English » Networks and Cybersecurity » Cybersecurity » NIS 2 Readiness Audit

NIS 2 Readiness Audit

A structured NIS 2 assessment that shows where your organization stands, what is missing, and which steps lead to compliance. You receive a clear report, GAP analysis, and a prioritized action plan.

Contact us

What is a readiness audit?

A clear starting point before compliance

A readiness audit is a standalone, clearly time-bounded service — the diagnosis before treatment. Unlike a full compliance program, we do not implement measures or write policies here; we perform an accurate assessment of your current state and give you a clear picture of where you are, what is missing, and in what sequence to address it.

This is the low-commitment entry point: you start with an audit, gain clarity, and only then decide how far and how fast to proceed. An important distinction — this is a consulting readiness audit, not the official supervisory audit, which is the responsibility of the competent authority.

Our goal is to give you a clear picture and priorities so you can make confident next decisions. If you want to see the full framework, scope, and steps toward actual implementation, review NIS 2 Requirements.

View NIS 2 Requirements
NIS2 Audit

What do we assess?

We review your organization against the measures required by law across key domains.

Governance and accountability

Management commitment, role allocation, and internal information security policies.

Risk management

Whether a formalized, documented, and traceable process exists to identify and treat risk.

Incident handling and reporting

Processes and contacts for on-time reporting, including early warning within 24 hours.

Business continuity and recovery

Response plans, backup, and continuation of critical services during incidents.

Supply chain security

Supplier assessments and contractual security and resilience requirements.

Technical controls

Access control, assets, segmentation, cryptography, MFA, and monitoring.

People and processes

Cyber hygiene, staff training, and access and rights management.

Documentation and evidence

Whether there is a verifiable trail the competent authority would request during an inspection.

How does it work?

We work in five clear steps without disrupting your ongoing operations — we only need access to the relevant people and documents; we handle the rest.

1

Scope and applicability

We determine whether and as what type of entity (essential or important) you fall within scope.

2

Documentation review

Policies, procedures, plans, and supplier contracts.

3

Technical review and interviews

Verification of actual measures, interviews with responsible persons, and evidence collection.

4

GAP analysis and risk assessment

We compare findings against requirements and prioritize non-conformities by severity and urgency.

5

Report and roadmap

We present the outcome to your team and management with clear next steps.

What do you receive?

The audit is the diagnosis. If you decide to “treat” it, ASAP can also cover the full path to compliance — risk management, policies and procedures, technical implementation, and supervision readiness.

This full process is described on the NIS 2 Requirements page. The advantage is that the same team that audited you can also deliver implementation — without handing the project over between vendors.

  • Current state report

    A clear snapshot of where your organization stands today.

  • GAP matrix

    Specific non-conformities, domain by domain.

  • Risk assessment with priorities

    What is urgent, what can wait, and why.

  • Prioritized roadmap

    Which steps, in what sequence, and with what impact lead to compliance.

  • Executive summary

    A concise, non-technical summary for the people responsible for decisions and accountability.

Frequently Asked Questions

Below are concise answers to the most common questions about the NIS 2 readiness audit.

No. This is a consulting readiness audit that prepares you for real supervision. Official inspections are the responsibility of the competent authority.

The audit is the first step — a diagnosis that ends with a report and roadmap. The full service is implementation: deploying measures, policies, and training.

No, but they complement each other. If you already work under ISO 27001/27701/22301, many controls overlap, and the audit takes this into account.

It depends on your organization’s size and complexity. Scope and timeline are defined after a short initial discussion.

Just the decision to start and access to the relevant people and documents. We structure and handle the rest.

Do you have questions and need a consultation?

Contact us