What is the NIS2 Directive?

The NIS2 directive (Network and Information Security Directive) imposes stringent cybersecurity requirements on companies in the EU. This means new requirements for a large number of companies, encompassing both organizational and technical adjustments. Read more about the NIS2 Directive here and the implementations of the requirements.

What is a NIS2 statement?

A NIS2 statement is based on all the requirements of the NIS2 directive and ensures that a company obtaining the statement meets the directive's areas.

  • Risk analysis and information system security,
  • incident management,
  • business continuity,
  • supply chain security,
  • procurement, development, and maintenance of network and information systems,
  • effectiveness of cybersecurity risk management measures,
  • cyber hygiene practices and cybersecurity training,
  • encryption,
  • employee security and asset management, and
  • incident reporting.


hvad er nis2?

NIS2 Statement Process

GAP analysis

The GAP analysis is the first step in the process. It is used to assess whether the company is ready for a statement. The GAP analysis, developed by our experts in information security and law, aims to identify any weaknesses that need to be improved beforehand.

The analysis evaluates the IT infrastructure, network security, access control systems, and internal procedures for handling security breaches. The results of the GAP analysis provide a clear indication of where the company stands concerning the NIS2 directive.

NIS2 Statement

After completing the GAP analysis, the work on the statement begins. Our experts prepare a detailed statement confirming the company's implementation of the necessary security measures. This is based on the documentation that is collected and assessed.

The statement is based on the same fundamental principles as ISAE3402 and ISAE3000, but the NIS2 statement is tailored to the specific requirements of the NIS2 directive. This statement confirms that the company complies with the areas covered by the NIS2 statement.


Preparation and Planning

The first phase involves a comprehensive review of the company's current compliance with the areas covered by the NIS2 statement. This is done by completing and subsequently reviewing the GAP analysis. Based on this, it can be assessed whether the company is ready for a statement. 


Implementation of Improvements

After completing and reviewing the GAP analysis, it is assessed whether the company is ready for a statement. If deficiencies or weaknesses are identified, the company can improve these before obtaining the statement. Once the company is deemed ready for a statement, the process of collecting and assessing documentation begins.


Final Audit and Statement

In the final phase, a comprehensive assessment of all implemented measures is conducted. Our experts review documentation and conduct interviews with key personnel to ensure all requirements are met. Once the assessment is completed, the final NIS2 statement is prepared.

Benefits of the NIS2 Statement

Improved supplier management

For many companies, supplier management is a critical component of their risk management strategy, including ensuring that their suppliers have preventive measures in place. This is because weak links in a supply chain can pose significant security risks to the other parties involved.

With a NIS2 statement, you as a supplier can document to your customers that you meet the requirements of the NIS2 directive. In addition to strengthening the security of the entire supply chain, it also creates a competitive advantage to be able to present a statement on your company's resilience.

Contact us today

Increased credibility and customer perception

Having a NIS2 statement demonstrates the company's dedication to cybersecurity. This increases credibility among customers and partners, which is especially important at a time when data breaches and cyberattacks are on the rise.

A NIS2 statement signals that the company protects customers' data according to the highest standards. This can improve relationships with existing customers and attract new customers who demand security and reliability. It is especially relevant for companies directly subject to NIS2 requirements, as they must have clear supplier management. Therefore, being able to present a NIS2 statement as a company is expected to be an advantage.

Enhanced security

When a company has obtained a NIS2 statement, it means that the company has demonstrated a comprehensive level of information security. This ensures that multiple aspects of the company's IT infrastructure are protected against potential threats.

The NIS2 statement covers appropriate security measures, from access control and network security to crisis management and contingency plans, among others. With a NIS2 statement, the company can demonstrate its ability to effectively manage and mitigate cyber threats, thereby increasing the company's resilience against cyberattacks.


Documentation to customers

A NIS2 statement from Leave a Mark makes it easy to prove to current and potential customers that the company has implemented appropriate security measures.


Improved security

By following the NIS2 directive's requirements, the company significantly improves its cybersecurity. This reduces the risk of cyberattacks and data breaches, protecting both the company and its customers.


Competitive Advantage

Having a NIS2 statement demonstrates the company's commitment to security to customers, partners, and investors. It can enhance the company's reputation and provide a competitive advantage in the market.

Adaptability and Continuous Improvement

Leave a Mark Consulting Group not only offers NIS2 statements but also ongoing support and counseling to ensure that your company remains compliant with the latest requirements and standards in cybersecurity.

We work closely with our clients to identify new threats and develop strategies that protect against future security risks. Our expert team is always updated with the latest trends and technologies in cybersecurity, ensuring that your company is always at the forefront of security challenges.

kontinuerlig forbedring

Contact us today

A NIS2 statement from Leave a Mark proves that your company complies with cybersecurity requirements in a cost-effective manner.

Our process includes a thorough GAP analysis and a final statement, ensuring that all security measures are implemented correctly.

If Leave a Mark has implemented NIS2 for a company, we do not perform the NIS2 statement, as we would be biased in such a case. In such instances, a third party will perform the statement.

+45 535 27000 konsulent@leaveamarkgroup.com