Mobox.®
Mobox/Services/Cybersecurity/NIS2 Compliance

02 / NIS2-COMPLIANCE

Cybersecurity

NIS2 ComplianceCybersecurityFrom gap analysis to attestation: a pragmatic path.

From gap analysis to attestation: a pragmatic path.

We support essential and important entities along the NIS2 path: gap analysis, risk management, technical and organisational measures, incident handling, supply chain, audit. Documentation ready for ACN.

10

Art. 21 requirements covered

−6 mos

Average time-to-compliance

100%

Audit-ready documentation

§ A

Overview

The NIS2 directive (transposed in Italy as Legislative Decree 138/2024) imposes substantial obligations on governance, risk management, supply chain security, incident handling and notification. Penalties up to 2% of global revenue and personal liability for executives.

Our approach is pragmatic: start from a gap analysis on the 10 points of art. 21, prioritise interventions by risk, build a documented and auditable management system, train people. No useless paperwork.

§ B

What's included

  • Self-assessment of applicability (essential, important, out of scope)
  • Gap analysis on the 10 requirements of art. 21
  • Methodological risk assessment (ISO 27005)
  • Definition of policies, procedures, controls
  • Technical security measures (MFA, encryption, backup, segmentation)
  • Incident management plan and ACN notification process
  • Vendor risk management and supply-chain contracts
  • Top-management and employee training

§ C

Deliverables

What you get at the end — or along the way — of an engagement on NIS2 Compliance.

  1. D/01Applicability statement
  2. D/02Risk register and treatment plan
  3. D/03Complete policy and procedure set
  4. D/04Incident response plan
  5. D/05Awareness programme
  6. D/06Internal audit and compliance report

§ D

Use cases

Essential entities

Energy, transport, banking, healthcare, digital infrastructure with full obligations.

Important entities

Manufacturing, food, chemicals, postal and other sectors with simplified obligations.

Critical suppliers

Companies not in direct scope but supplying essential entities.

Multinational groups

Alignment between Italian requirements and other EU member states.

§ E

Our process

01

Scoping

Applicability, perimeter, in-scope entities and suppliers.
02

Gap analysis

Comparison of existing controls vs requirements, prioritisation.
03

Remediation plan

Roadmap of technical, organisational and documentary interventions.
04

Implementation

Execution of controls with your team, continuous support.
05

Audit & maintenance

Internal audit, management review, ongoing maintenance.

§ F

Technologies

ISO 27001 / 27002ISO 27005 · ENISA Risk MgmtNIST CSFCIS Controls v8GDPR · DORA (banking)Tools: Drata · Vanta · Eramba

Indicative stack. We adapt choices to your context, internal skills and existing constraints.

§ G

Frequently asked questions

Q/01Am I in scope for NIS2?+

We determine this in 1–2 hours with an applicability workshop based on sector, size and supply-chain role.

Q/02How much does compliance cost?+

A gap analysis costs €8–15k. Full remediation ranges from €30k to over €200k depending on complexity and starting point.

Q/03Do you have technical skills or only documentary?+

Both. We directly implement technical controls (MFA, EDR, backup, segmentation) as well as governance.

Other capabilities — Cybersecurity

Penetration Testing

We attack your systems before someone else does.

24/7 SOC

Eyes on your logs, always. Response in minutes, not hours.

Incident Response

When it happens, we get you back on your feet fast.

Next step

Let's talk about nis2 compliance.

A 30-minute call to understand your context and whether we can really help. No commitment.

Get started All services