Directive 2022/2555 of the European Parliament and the Council (NIS2) brings specific cybersecurity-related legal requirements and liabilities to a broad set of industries and entities. Unlike many legal acts, it is very specific in naming processes and capabilities to be maintained by entities covered and we strongly believe that by doing so, 2022/2555 will go down in history as one of the most impactful legal acts.

Our NIS2 compliance managed services are designed to support customers at every step towards implementing and maintaining compliance – from scope discovery to operations.


  • Gain insights into all your data, regardless of its location.
  • Empower your team with a unified security solution.
  • Improve security posture and protect your organization’s most valuable assets with collective intelligence.


NIS2 compliance managed services enable enterprises to
implement all key capabilities and processes required by NIS2 by
implementing a continuous cyber security posture improvement

  • Vendor neutral, aligned to CISA maturity model, and focused
    on NIS2 compliance
  • Provides clear metrics to communicate cybersecurity posture
    to stakeholders
  • Implements NIS2 risk-based approach, personalizing target
    protection profile for each customer
  • Encompasses tools, but also processes and procedures
  • Supports customer throughout the lifecycle – from discovery
    to operations

Even though NIS2 will be followed by many specific implementing
acts in the coming years, we advise customers to start assessment
and planning immediately. Not only certain compliance areas might
take a long time to complete (e.g. supply chain security), but also
cyber hygiene practices referred to by NIS2 will provide an
immediate boost for your security posture.

NIS2 – timeline

Sectors Affected By The NIS2 Directive

The NIS2 directive expands coverage from the original 7 sectors under the NIS directive, adding 8 more for a total of 15 sectors.


Affects firms with 50+ employees, or an annual turnover of €10M




Provides assessment of existing cybersecurity posture, mapped to NIS2 requirements, and boosts employee cybersecurity awareness.

What is included:

  • Assessment of the current state across cyber hygiene practices and Zero Trust pillars
  • Definition of risk-based, personalized target maturity state
  • Easiest-to-achieve actionable suggestions for improvement, focusing on NIS2 cyber hygiene requirements

Key deliverables:

  • Executive summary, quantifying existing cyber posture state
  • Recommended actions – key improvements for immediate attention
  • Roadmap/Strategy to create improved security level
  • Detailed description of each Zero Trust pillar and recommendations for each (over 20 components, including all cyber hygiene practices from NIS2)
  • Summary and severity assessment according to NIS2 Article 21 (Cybersecurity riskmanagement measures”)
  • Vulnerability assessment report from Nessus Professional

Price: starting from 6500 EUR

Duration: approx. 1 month

Ready to secure your business?



Implementation of easiest-to-achieve by Squalio experts based on Assess phase findings. Focuses on cyber hygiene practices and employee awareness as required by NIS2.

What is included:

  • Implementation of easiest-to-achieve suggestions by Squalio experts based on Assess phase findings
  • Focuses on tools, processes, and procedures to achieve NIS2 required profile for cyber hygiene practices

Key deliverables:

  • Improvements in cybersecurity risk management measures and policies
  • Software and device configuration and update management
  • Network segmentation
  • Multi-factor authentication
  • Identity and access management
  • Cybersecurity awareness improvement program
  • Incident detection and management (SIEM/SOAR/MDR), etc.

Price: depending on Assess phase findings
Duration: approx. 1-3 months


Continuous, customized cybersecurity posture improvement and measurement process, based on Assess and Align outputs and mapped to NIS2 requirements.

What is included:

  • Continuous improvement of cybersecurity posture according to Assess and Align outcomes.
  • Available as a fully managed service (we run specific processes for
    customers) or as internal team augmentation.

Key deliverables:

Depending on Assess, Align phase outputs and selected Advance profile, may include:

  • 24/7 outsourced detection, containment, and resolution of cybersecurity incidents
  • Desktop management with Intune – patching, updating, policy enforcement
  • Packaged Secure Score optimization – quantify your posture and improve it
  • Azure Active Directory / Microsoft 365 managed services
  • Employee cybersecurity awareness improvement program (

Price: depending on the scope
Duration: long-term engagement, usually 1 year or longer

Ready to secure your business?