NIS2 Gap Analysis [Free Tool]

Find out your level of compliance with NIS 2

Instructions: The questions below cover all relevant NIS2 requirements - by filling out the answers, this tool will automatically calculate your company's level of compliance with this EU directive.

When answering questions, the following scale needs to be used: 
  • 1 — Not implemented: No process or activity implemented, or little/no evidence of any systematic achievement
  • 2 — Planned: Activity or process is planned but is not implemented, or the implementation just started
  • 3 — In progress: Activity or process is partially implemented, so that its full effects cannot be expected
  • 4 — Mostly implemented: Activity or process is fully or mostly implemented, documented, and relevant people are trained, but monitoring, measurement, and improvement are not systematic
  • 5 — Optimized: Activity or process is fully implemented, documented, and is continuously supervised, measured, and improved; relevant people are trained

Tip
Use the following document to comply with this requirement: Risk Treatment Plan

Tip
Use the following documents to comply with this requirement: Measurement Report + Internal Audit Report + Management Review Minutes

Tip
Use the following documents to comply with this requirement: Training and Awareness Plan.

Tip
Use the following documents to comply with this requirement: Risk Treatment Table + Risk Treatment Plan + various policies and procedures mentioned below.

Tip
Use the following documents to comply with this requirement: Risk Assessment Methodology + Risk Assessment Table.

Tip
Use the following documents to comply with this requirement: Risk Assessment Methodology.

Tip
Use the following documents to comply with this requirement: Policy on Information System Security.

Tip
Use the following documents to comply with this requirement: Incident Management Procedure + Incident Log.

Tip
Use the following documents to comply with this requirement: Business Continuity Plan.

Tip
Use the following documents to comply with this requirement: Backup Policy.

Tip
Use the following documents to comply with this requirement: Disaster Recovery Plan.

Tip
Use the following documents to comply with this requirement: Crisis Management Plan.

Tip
Use the following documents to comply with this requirement: Supplier Security Policy + Security Clauses for Suppliers and Partners + Confidentiality Statement.

Tip
Use the following documents to comply with this requirement: Secure Development Policy + Specification of Information System Requirements.

Tip

Tip
Use the following documents to comply with this requirement: IT Security Policy.

Tip
Use the following documents to comply with this requirement: Training and Awareness Plan.

Tip
Use the following documents to comply with this requirement: Policy on the Use of Encryption.

Tip
Use the following documents to comply with this requirement: Security Policy for Human Resources.

Tip
Use the following documents to comply with this requirement: Access Control Policy.

Tip
Use the following documents to comply with this requirement: Asset Management Procedure + Inventory of Assets.

Tip
Use the following documents to comply with this requirement: Authentication Policy.

Tip
Use the following documents to comply with this requirement: Information Transfer Policy + Secure Communication Policy.

Tip
Use the following documents to comply with this requirement: Secure Communication Policy.

Tip
Use the following documents to comply with this requirement: Supplier Security Policy + Risk Assessment and Treatment Report.

Tip
Use the following documents to comply with this requirement: Procedure for Corrective Action + Corrective Action Form.

Tip
Use the following documents to comply with this requirement: Significant Incident Notification for CSIRT/Competent Authority.

Tip
Use the following documents to comply with this requirement: Significant Incident Notification for Recipients of Services.

Tip
Use the following documents to comply with this requirement: Significant Incident Notification for Recipients of Services.

Tip
Use the following documents to comply with this requirement: Significant Incident Early Warning.

Tip
Use the following documents to comply with this requirement: Significant Incident Notification for CSIRT/Competent Authority.

Tip
Use the following documents to comply with this requirement: Significant Incident Intermediate Report.

Tip
Use the following documents to comply with this requirement: Significant Incident Final Report.

Tip
Use the following documents to comply with this requirement: Significant Incident Progress Report.
NIS2 Gap Analysis Result:
Here's the percentage of your compliance with NIS2:
%

[The results will be sent to entered e-mail address]


For more information on what personal data we collect, why we need it, what we do with it, how long we keep it, and what your rights are, see this Privacy Notice.