4-day Implementation Roadmap for NIS-2

During Implementation our compliance experts make use of the Compleye Online Platform, with build-in features to automate admin processes and provide templates for all assessments and policies& procedures. Below an overview of topics we will address, activities we will train and support you with, how evidence will be stored on the platform and what templates we will provide. 

End result will be your NIS-2 project management tool, that will support you with the maintenance of your security system. We will provide you with a NIS-2 statement to be shared with your customers. 

Day 1 - Scope, Legal & Supplier Management

Topic

to Do

Platform

Template

Scope, X-ray

Design X-ray with Compleye Expert, become aware of your risk components. 

Dashboard

X-ray & IT Infrastructure

Supplier Management

Adopt Supplier Management Procedure, add all your suppliers, adopt supplier selection checklist and off boarding supplier checklist. Classify your supplier with risk profiles.  Add OPC’s to control suppliers, perform supplier assessment.

Supplier Overview

Supplier Assessment

Supplier Management Procedure

Supplier Checklists

Assessment

Perform GDPR Assessment and assign a yearly control

GDPR Assessment

GDPR Assessment 

Compliance 

Add team members, add ambition, adopt documentation and versioning method, adopt improvements method. 

People@

ISMS Objective

Improvements

Policies & Procedures

Legal

List legal requirements, list template contracts

Interested Parties & Legal Requirements, Contracts overview

Day 2- IT Security Policies & Security Assessment

Topic

To Do

Platform

Template

IT Security Policies

Adopt policies:

Information Security Policy
Backup Policy
Incident Management Procedure
Access Management Policy
Cryptography Policy

Policies & Procedures

for all policies

Security Control

Adopt security controls for:

Backup restore tests
Preventive Actions
Access Management Controls

define Security Metrics

OPC
Security Metrics definitions

for all controls

Assessment

perform Information Security Risk Assessment (ISRA)

Upload findings and add improvements

ISRA

Improvements

Assessment Template

Day 3- HR and Security

Topic

To Do

Platform

Template

Policies

Adopt security Policies:

HR Policy & Code of Conduct
Workspace & Equipment Policy

Policies & Procedures

for all policies

Roles & Responsibilities

Adopt role descriptions:

Security Officer
Privacy Officer
Compliance Officer

HR & Organisation

for all role descriptions

Training

Prepare security awareness training.

Training

slides for your 1st training

Controls

Adopt controls:

Screening check for new staff
Add and control assets 
Acceptable use of assets
Review resources
Awareness training
(incl. new staff)

OPC

for all controls

Day 4- Crisis Management & Reporting

Topic

To Do

Platform

Template

Assessment

Perform Crisis Management Plan – Disaster Recovery Plan (DRP) 

Perform Business Continuity Plan (BCP)

DRP

BCP

OPC

Templates for DRP and BCPC

NIS-2 Maintenance

Adopt Change Management Policy

Organise Security meetings

Adopt OPC for effectiveness check

Management Report

Policies & Procedures

Security Meetings

OPC

Management Review

for policy & OPC

Agenda Security Meetings

Management Review report

Internal Audit 

How to use the NIS-2 Audit View

NIS-2 Audit View

we provide a NIS-2 statement

Additional Service: NIS-2 Verification

NIS-2 Verification is the Internal Audit process that will perform an internal auditor, usually performed after 3 months of implementation. We check if all improvements defined are implemented an if organisation maintain the NIS-2 security system. Online research, investigation meeting and management reporting will be part of this service. A NIS-2 verification report and statement will be provided, including an (online) NIS-2 stamp.