Word NIS2-compliant

NIS2 Assessments

  • Does your organisation need to comply with the NIS2 law?
  • What do you need to do to be NIS2-compliant?
  • Our experts help you get started
Ask us your questions about NIS2

We help you achieve NIS2 compliance

With the NIS2 legislation, Europe aims to increase the cyber resilience of European companies and organisations. This is logical, as the number of digital attacks on businesses and (government) institutions is increasing year by year. On 18 October 2024, Belgium became the first country to transpose the European NIS2 directive into a national "law establishing a framework for the cybersecurity of network and information systems of general interest for public safety."

Does your organisation fall under the legislation? Our Governance, Risk & Compliance experts can help you take the necessary measures to comply.

Who must comply with NIS2?

The NIS2 law expands the number of sectors and organisations required to comply with strict cybersecurity standards compared to the previous NIS1 law. Under this law, 18 critical sectors are now covered, including energy, healthcare, digital infrastructure, as well as new sectors such as postal and courier services, wastewater treatment, and the chemical industry. In addition to the existing obligations for 'essential' companies, 'important' entities, such as smaller companies (within certain sectors) with more than 50 employees or an annual turnover exceeding 10 million euros, must also comply with these rules.

The CCB clearly lays out all the details about NIS2

What does the law entail?

For all these companies, the NIS2 law brings many new obligations and responsibilities.

  • Companies must draw up a detailed action plan. This includes implementing adequate cybersecurity measures, preparing incident response plans, and training staff. Regular audits and updates of these plans are also essential to keep your security up-to-date.
  • The management of an organisation falling under NIS2 can be held liable if the requirements are not met and an incident occurs.
  • There is also a reporting obligation for 'significant incidents'. An initial warning must be submitted to the Centre for Cybersecurity Belgium within 24 hours of discovering the incident. A full detailed report must be submitted within 72 hours. A final report must be submitted after 1 month, even if the incident has not yet been fully resolved.

    As a reference framework for these obligations, the law refers to the Cyber Fundamentals Framework of the Centre for Cybersecurity Belgium. It is also the body responsible for the conformity assessment.
Your path to NIS2 compliance

Security Roadmap Assessment & Guidance

With our Security Roadmap Assessment, we help your organisation define and implement the necessary actions to comply with the NIS2 directive. Based on the assessment, we create a long-term action plan using a relevant framework. We justify all choices and priorities and provide a clear report for technical managers, enabling you to report on the status of your cybersecurity within your organisation. The assessment is conducted in the form of a workshop involving two parties: on one hand the management team, the risk manager or the CEO, and on the other hand the IT team or IT manager.

In the next step, we are happy to support you in implementing your cybersecurity roadmap, providing advice and guidance for the execution of the various projects. Finally, we help you monitor progress through monthly check-ins as part of our Improve & Accelerate service.

You can expect the following from a Security Roadmap Assessment: 

  • A working document with all relevant checks from the CyberFundamentals Framework and how they are currently executed, including action points to become compliant. The document also includes a reporting dashboard that allows you to track and report the progress of the action plan and the impact of each step on compliance.
  • A high-level Data Flow diagram also provides non-technical people with insight into the information flows throughout your organisation and where the risks are located.

Need a cybersecurity platform?

The number of cyberattacks and legislation only increase the need for cybersecurity. That is why many organisations choose an integrated cybersecurity platform. Discover its advantages in our white paper.

Download our whitepaper

Complying with the NIS2 Directive together

Do you want to know if your organisation falls under the NIS2 legislation? Or are you looking for a partner who can guide you towards NIS2 compliance? Get in touch with our security team.

info [at] savaco.com
+32 56 26 03 61