NIS2 · Graham Miranda Network

NIS2 directive readiness

Pragmatic NIS2 preparation for medium-sized German businesses falling within the directive scope — gap assessment, risk management, supplier oversight, incident-reporting process. Designed for businesses that need to be ready without inventing an entire compliance department.

서비스 열기 ↗문의

NIS2 readiness · NIS2 Mittelstand · NIS2 BSI · NIS2 directive Germany

NIS2 directive readiness Graham Miranda service overview

개요

이 페이지에서 다루는 내용

Pragmatic NIS2 preparation for medium-sized German businesses falling into scope — gap assessment, risk management, supplier oversight and incident-reporting process.

Scope confirmation: are you actually in NIS2 scope (size + sector)?
Gap assessment against NIS2 obligations and BSI guidance
Risk management framework appropriate to your size
Supplier/supply-chain oversight process
Incident-reporting workflow within statutory timeframes

진행 방식

명확한 마일스톤을 갖춘 투명한 협업 모델.

Scope check

First step: confirm whether your business is actually in NIS2 scope. Some businesses worry without basis; others miss obligations.

Gap assessment

Written gap report against the obligations: risk management, governance, incident handling, supply chain, awareness.

Lift & document

Build out the missing pieces over 8–16 weeks: policies, risk register, supplier oversight, incident playbook, evidence pack.

기대되는 결과

과장 없는 현실적이고 정직한 기대치.

Clear scope

You know whether NIS2 applies to you — without ambiguity.

Defensible posture

Documented framework appropriate to your size.

Practiced incident process

Reporting flow tested at tabletop level.

Supplier oversight

Documented process for third-party risk.

Network depth

자주 묻는 질문

Graham Miranda 서비스 영역을 비교하는 방문자를 위한 간결한 답변.

Are we actually in NIS2 scope?

NIS2 covers essential and important entities above certain size and in specific sectors. We do the scope check first; many German SMEs assume they are in scope but are not — and vice versa.

Is this German NIS2-UmsuCG or EU NIS2 directive?

We work to the German transposition (NIS2-Umsetzungs- und Cybersicherheitsstärkungsgesetz, NIS2UmsuCG). EU NIS2 underpins it. Implementation status is tracked.

Do you certify us?

No — NIS2 is not certification-based in the same way as ISO 27001. We help you build a defensible posture for regulator review.

Is this enough for a regulator?

We aim for a "demonstrably reasonable" posture appropriate to your size. Worst-case audit defence requires legal counsel; we provide the operational layer.

What about NIS2 + DORA?

For financial-sector entities, DORA may apply alongside or instead. We coordinate on overlap; specialised financial-sector compliance partners brought in for DORA-specific work.

How long does readiness take?

Typical: 3-6 months for an SME starting from a baseline IT setup. Compresses where existing ISO/BSI maturity is present.

다음 단계