NIS2 readiness check
How NIS2-ready are you?
Ten questions across scope, risk-management measures, incident reporting, supply chain and governance. You'll get a banded result on screen and a tailored report by email.
1. Have you confirmed whether you're in scope, and your classification (essential vs important entity)?
Art. 2–32. Have you formally adopted risk-management measures appropriate to your risk?
Art. 213. Is there a defined incident-handling process?
Art. 21(2)(b)4. Do you have business continuity, backup and crisis-management arrangements?
Art. 21(2)(c)5. Have you addressed supply-chain security, including security in supplier relationships?
Art. 21(2)(d)6. Are you ready to meet staged incident reporting — 24-hour early warning, 72-hour notification, 1-month final report?
Art. 237. Do you have vulnerability handling/disclosure and basic cyber-hygiene practices?
Art. 21(2)(e),(g)8. Do you have policies on cryptography and, where appropriate, encryption?
Art. 21(2)(h)9. Does your management body approve, oversee and receive training on cybersecurity risk?
Art. 2010. Are access control and multi-factor authentication implemented for relevant systems?
Art. 21(2)(j)
This is an indicative self-assessment, not a formal gap analysis, audit, or legal/compliance advice.