Graham Miranda logo
Graham MirandaNetwork
NIS2 · Graham Miranda Network

NIS2 directive readiness

Pragmatic NIS2 preparation for medium-sized German businesses falling within the directive scope — gap assessment, risk management, supplier oversight, incident-reporting process. Designed for businesses that need to be ready without inventing an entire compliance department.

Dienst openen ↗Contact
NIS2 readiness · NIS2 Mittelstand · NIS2 BSI · NIS2 directive Germany
NIS2 directive readiness Graham Miranda service overview
IT consulting overview
IT consulting overview
Infrastructure overview
Infrastructure overview
Managed operations dashboard
Managed operations dashboard
Overzicht

Wat deze pagina behandelt

Pragmatic NIS2 preparation for medium-sized German businesses falling into scope — gap assessment, risk management, supplier oversight and incident-reporting process.

  • Scope confirmation: are you actually in NIS2 scope (size + sector)?
  • Gap assessment against NIS2 obligations and BSI guidance
  • Risk management framework appropriate to your size
  • Supplier/supply-chain oversight process
  • Incident-reporting workflow within statutory timeframes
Hoe we werken

Hoe we werken

Een transparant samenwerkingsmodel met heldere mijlpalen.

01

Scope check

First step: confirm whether your business is actually in NIS2 scope. Some businesses worry without basis; others miss obligations.

02

Gap assessment

Written gap report against the obligations: risk management, governance, incident handling, supply chain, awareness.

03

Lift & document

Build out the missing pieces over 8–16 weeks: policies, risk register, supplier oversight, incident playbook, evidence pack.

Verwachte resultaten

Verwachte resultaten

Praktische, eerlijke verwachtingen — geen overdreven beloftes.

Clear scope

You know whether NIS2 applies to you — without ambiguity.

Defensible posture

Documented framework appropriate to your size.

Practiced incident process

Reporting flow tested at tabletop level.

Supplier oversight

Documented process for third-party risk.

Network depth

Gerelateerde netwerkpagina’s

Specialistische pagina’s versterken het ecosysteem en leiden bezoekers naar de juiste dienst.

Graham Miranda company gatewayGerman IT services for modern businessesDigital infrastructure built for clarity and scaleWeb hosting, domains, servers and emaileSIM services and international digital connectivitySEO consulting and search-ready web architecture
FAQ

Veelgestelde vragen

Beknopte antwoorden voor bezoekers die Graham Miranda-diensten vergelijken.

Are we actually in NIS2 scope?

NIS2 covers essential and important entities above certain size and in specific sectors. We do the scope check first; many German SMEs assume they are in scope but are not — and vice versa.

Is this German NIS2-UmsuCG or EU NIS2 directive?

We work to the German transposition (NIS2-Umsetzungs- und Cybersicherheitsstärkungsgesetz, NIS2UmsuCG). EU NIS2 underpins it. Implementation status is tracked.

Do you certify us?

No — NIS2 is not certification-based in the same way as ISO 27001. We help you build a defensible posture for regulator review.

Is this enough for a regulator?

We aim for a "demonstrably reasonable" posture appropriate to your size. Worst-case audit defence requires legal counsel; we provide the operational layer.

What about NIS2 + DORA?

For financial-sector entities, DORA may apply alongside or instead. We coordinate on overlap; specialised financial-sector compliance partners brought in for DORA-specific work.

How long does readiness take?

Typical: 3-6 months for an SME starting from a baseline IT setup. Compresses where existing ISO/BSI maturity is present.

Volgende stap

NIS2 directive readiness

Pragmatic NIS2 preparation for medium-sized German businesses falling into scope — gap assessment, risk management, supplier oversight and incident-reporting process.

Dienst openen ↗Graham Miranda Network