NIS2 Test

A company may be required to comply with cybersecurity legislation based on the NIS2 Directive if it operates in certain sectors, meets specific size or supply chain criteria, or is nationally designated as a critical entity.

 

How well is your company meeting the NIS2 requirements? Take the test and find out!


Simple Yes , No or I don’t know


In addition to the NIS2 test, you can also take the GDPR test. Choose the test you want,

answer the questions, and receive a report by email.

NIS2 Test

Choose this option if you want to quickly get an overview of your company’s information security status. 

Answer the questions and receive a report by email.

Start here

GDPR Test

Choose this option if you want to quickly get an overview of your company’s data protection status.

Answer the questions and receive a report by email.

Start here

Powered by

D-Fence

What is NIS2?

NIS2 is a European Union cybersecurity directive that obliges certain types of companies operating in defined sectors, and potentially their supply chains, to ensure the security and resilience of their operations. The directive introduced an obligation for companies to identify and manage cyber risks, implement baseline security measures, and report significant cybersecurity incidents to the authorities.

Its objective is to strengthen the reliability of the EU’s digital society as a whole and to harmonize cybersecurity requirements across Member States.


NIS2 – key obligations in a nutshell

Operational risk assessment: the company must identify cyber and information security risks affecting its operations.

Documentation and continuous monitoring: identified risks and the related mitigation measures must be documented and kept up to date.

Consideration of stakeholder requirements: risks related to customers, suppliers, and other partners must also be assessed.

Baseline security practices: for example, strong password policies, access control, and regular software updates.

Rapid incident notification: significant cybersecurity incidents must be reported to the authorities and to affected stakeholders within the required timeframes.

Recovery: the organization must have clear steps in place for recovering from incidents.


Is NIS2 the same as ISO 27001?

NIS2 and ISO/IEC 27001 are often mentioned together, even though they are not the same thing.

NIS2 is an EU-issued regulatory directive that sets obligations for certain sectors to ensure cybersecurity.

ISO/IEC 27001, on the other hand, is a framework for an information security management system published by the International Organization for Standardization.

These two are often considered side by side because an ISO 27001-compliant management system largely covers the requirements of NIS2 as well. A certified ISO 27001 system can therefore make it easier for an organization to demonstrate its NIS2 compliance to external parties.

However, it is important to note that NIS2 does not require ISO 27001 certification. The directive does not reference the standard, and its requirements can also be met without separate certification. Certification may nevertheless be a useful way to demonstrate compliance to external stakeholders.


Information security level assessment, the “NIS2 test”

This assessment service helps a company understand its current level of information security in line with the NIS2 requirements framework. It highlights areas for development as well as the measures needed to improve information security, demonstrate compliance, and meet NIS2 requirements.