All systems running +48 697 610 212
IT services

NIS2 isn't paperwork. It's defences that work.

We help meet the technical and organizational requirements of the NIS2 directive — from a gap audit, through immutable backups and a tested recovery plan, to incident monitoring and procedures. We handle the IT side, not legal advice.

What NIS2 is about

A regulation that comes down to one thing: survive the incident

NIS2 extends cybersecurity obligations to a far wider set of companies and their suppliers. In practice it's about being able to keep operating after an attack, outage or breach — and to report the incident on time. It isn't a one-off audit for the drawer; it's a set of capabilities you have to build and maintain.

What we do

  • Gap audit — current state versus NIS2 requirements, with priorities
  • Immutable, offsite backups resilient to ransomware
  • Tested disaster recovery plan with a defined RTO and RPO
  • Access control, MFA, clean permission management
  • Monitoring and incident detection (24/7)
  • Hardening of servers, networks and workstations
  • Documented incident response and reporting procedures

How we work

  • Audit — gap analysis and a report with a list of risks
  • Plan — what to implement first, schedule and cost estimate
  • Implementation — defences, backup, DR, procedures
  • Maintenance — monitoring, recovery tests, procedure updates

Compliance is a continuous state. We reach it in a project, then maintain it — because an audit from a year ago won't stop today's incident.

Start with an IT and security audit

FAQ

Frequently asked questions

Does my company even fall under NIS2?

The directive covers a much wider set of entities than its predecessor — including many service providers, manufacturers and supply-chain companies, mid-sized ones too. If you're unsure, in the opening audit we help establish whether and to what extent it applies. We don't provide legal advice — we handle the technical and organizational side.

What do you technically need to be compliant?

Most often: backups resilient to incidents (immutable, offsite), a tested recovery plan, access control and MFA, monitoring and incident detection, system hardening, and documented procedures. NIS2 also requires the ability to report an incident within a set timeframe — that's a procedure, not just a tool.

Where do we start?

With an audit that shows the gap between your current state and the requirements. You get a list of gaps ranked by risk and a remediation plan with priorities — then you know what to do first and what it costs.

Is this a one-off or ongoing?

Both. We can bring the environment into compliance as a project, then keep it there on a retainer — because NIS2 is a continuous state, not a one-time certificate. Monitoring, recovery tests and procedure updates have to keep happening.

Not sure if NIS2 applies to you or what you need?

Free consultation — we'll check the scope and show you where to start.

Free consultation