Quick NIS2 Check

Result generated instantly –

Quick NIS2 Check

ATTENTION!

This tool provides an indicative assessment of the maturity level achieved and does not replace a formal NIS2 compliance verification. The system processes the result only if all answers have been provided. If information is not available, select "0 – Not present".

If you want an in-depth assessment or an adaptation plan, contact us for dedicated consulting.

Privacy notes: Responses are not stored in any way. Processing runs in real time and results are generated and displayed on the page, without sending data to third-party services.

For each section, select the level that most accurately represents your situation.

Governance & Policy

Are security roles and responsibilities defined and approved?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Evidence examples: signed org chart, approved security policies, delegations of responsibility.

Asset & Config Management

Do you have an updated inventory of hardware, software and services with a contact person for each?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: CMDB or asset list with owner, environment (prod/test), version and status.

Risk Management

Do you conduct periodic risk assessment with clear criteria and track decisions?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: documented methodology, updated risk register, approved acceptances/mitigations.

Vulnerability & Patch

Do you manage vulnerabilities and patches with defined priorities and timelines (SLAs)?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: use CVSS/KEV for priority, planned patch windows, remediation and aging reports.

Identity & Access (IAM)

Do you apply least privilege and MFA for critical accounts and remote/SaaS access?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: RBAC, MFA for admin/VPN/mail/SSO, periodic access review.

Network & Segmentation

Is the network segmented and are exposed services protected?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: VLAN/SDN, L3/L7 firewalls, WAF or reverse proxy for public applications.

Logging & Monitoring

Do you collect logs centrally with useful alerts and defined retention times?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: SIEM/ELK, alerts on critical events (anomalous logins, escalation), documented retention.

Incident Response

Do you have tested incident response plans and updated emergency contacts/roles?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: runbook/playbook, tabletop exercises, 24/7 contact list, escalation flows.

Business Continuity & Backup

Do backups follow the 3-2-1 rule, are they tested and do you have defined RPO/RTO?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: periodic restore tests, outcome reports, approved RPO/RTO objectives.

Supply Chain & Contracts

Do you assess suppliers and do contracts include security clauses?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: initial and periodic questionnaires/assessments, minimum requirements, security SLAs, incident notification obligation.

Awareness & Training

Do you periodically train staff and manage security onboarding?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: annual training plan, attendance certificates, phishing simulation campaigns, onboarding material.

Compliance & Audit

Do you conduct internal audits and track corrective actions to closure?

0 – Not present 1 – Partial / ad hoc 2 – Defined and applied 3 – Measured and improved

Examples: audit program, non-conformance register, action plans with responsible persons and deadlines.