NIS2 Gap Assessment

What are the gaps between your security controls and the NIS2 requirements? Find out with the NIS2 Gap Assessment.

... > NIS2 > NIS2 Gap Assessment

NIS2 Gap Assessment

Does NIS2 apply to your organization? Then you must comply with this EU directive as of October 2024. Our NIS2 Gap Assessment helps you find the gaps between your current cybersecurity measures and the requirements of NIS2. Using this information you can take action to reach full NIS2 compliance.


Insight into gaps

We analyze your current security controls and determine any gaps with NIS2 requirements.


A clear roadmap

We determine which measures you need and create a clear roadmap you can follow.


Help with implementation

We help you implement the measures you need to reach full NIS2 compliance.

Why the NIS2 Gap Assessment?

To raise the cyber resilience of its member states, the EU has adopted the the Network and Information Security (NIS2) directive. This directive applies to around 150.000 European organizations in important sectors such as transport, government, energy and health.

If NIS2 applies to your organization, you have a number of obligations to consider. For instance, you are required to adopt a risk-based approach and implement appropriate security measures. You are also required to report significant incidents impacting the continuity of essential services to the relevant competent authority within 24 hours. We can help you prepare for compliance to NIS2.

Quote by

Mario Sleegers

NIS2 Consultant


NIS2 can sound daunting, but in fact the requirements of NIS2 aren’t that complicated. However, they do require attention and investment: NIS2 compliance is not a one-off but recurring.

How the NIS2 Gap Assessment works

To assess the security maturity level of your organization and the gaps in your organization when it comes to NIS2 compliance, our experts use a selection of the ISO 27001 standard. This is expanded to incorporate all additional NIS2 requirements not yet covered by default. The outcome is visualized in a graphic like this one:

Image in image block

The visual outcome of a NIS2 Gap Assessment

You will then receive a report with a description of your maturity, the gaps we have identified in regards to NIS2 and concrete recommendations for improvement. With these you can take action to reach full NIS2 compliance.

Depending on the gaps shown, we can help you with implementation. We also offer other cybersecurity services you might need to close certain gaps, as well as Risk Management Services and Supply Chain Security Services.

NIS2 Services

NIS2 Boardroom Training

Article image

NIS2 requires your baord and senior management to follow cybersecurity training. This 1-day training meets these training requirements.

SAFE Awareness Program

Article image

You might need to invest in awareness for the entire organization; we offer a comprehensive awareness program

Crisis and Resilience Services

Article image

NIS2 requires you to test your crisis plans. We can help you with a rabge of services.


Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.

Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.