NIS2 Readiness Assessment
NIS2 Directive readiness assessment for UK/EU SMEs — Annex I/II classification, gap audit, 14-day remediation plan. £499 one-off, no quote, no consultant day rate.
📋 NIS2 READINESS — HOW PREPARED ARE YOU TODAY?
NIS2 has been enforceable since October 2024. National implementations are in force across the EU. The UK CS&R Bill creates parallel obligations. If you have not started NIS2 compliance, you are already behind. If you have started, do you know how far you have to go? This assessment gives you a clear, quantified answer.
NIS2 Readiness Assessment — Your Current Posture Scored and Mapped
A comprehensive readiness assessment across all 10 NIS2 Article 21 measures — producing a quantified readiness score, a gap-by-gap remediation plan, and a realistic timeline to compliance based on your current starting point.
- 100-Point Readiness Score: Quantified assessment of your NIS2 readiness — comparable over time and across frameworks
- 10-Measure Breakdown: Individual score for each Article 21 measure with specific evidence gaps identified
- Board Readiness (Art. 20): Is your management body meeting NIS2 governance requirements? Personal liability assessment
- Incident Response Readiness: Can you meet the 24-hour notification deadline? Process assessment with improvement plan
- Supply Chain Readiness: Art. 21(d) supply chain security — the most common critical gap across all assessments
- Remediation Roadmap: Prioritised actions with effort estimation — realistic timeline based on your resources
- Framework Credit: What you have already done for ISO 27001, Cyber Essentials, or DSPT that counts toward NIS2
- Budget Estimation: What NIS2 compliance will cost for your specific gap profile — no surprises
💷 THE MATHS
£199 one-time. NIS2 readiness assessment by consultancy: £5,000–15,000. Maximum NIS2 fine: €10M or 2% of global turnover. This assessment tells you exactly where you stand — and exactly what it will take to get compliant.
📦 Delivery & deliverables
- Turnaround: assessment delivery within 36 business hours after intake completion. Multi-jurisdiction packages: up to 5 business days.
- Sample output: a redacted sample deliverable (report + appendices) is available on request — email [email protected] with the product name.
- Revision & satisfaction: one round of revisions included; if the deliverable does not meet the agreed brief, full money-back refund within the 14-day window.
NIS2 Annex I Maturity Scoring (All 10 Measures)
This assessment scores your maturity across every NIS2 Annex I cybersecurity risk-management measure and produces a regulator-ready evidence pack:
- (a) Risk analysis + security policy — Maturity 0-5 score on risk methodology, register completeness, policy review cadence
- (c) Business continuity + crisis management — Maturity scoring on BCP existence, DR test cadence, RTO/RPO definition, crisis comms readiness
- (e) Network + system security — Maturity scoring on patch management, secure configuration baselines, vulnerability management cadence
- (g) Cyber hygiene + training — Maturity scoring on awareness programme, training completion rates, phishing simulation results
- (h) Cryptography + encryption — Maturity scoring on encryption standards, key management, TLS version compliance, at-rest encryption coverage
- (i) Human resources + access control — Maturity scoring on RBAC, joiner/mover/leaver process, access reviews, privileged access management
- (j) Multi-factor + emergency comms — Maturity scoring on MFA enforcement scope, crisis comm tree freshness, out-of-band contact register
Article 23 reporting readiness: 72-hour formal notification readiness assessment — can your team produce the formal report within the window with current data, templates, and contact lists? Includes a "dry run" exercise template that times your team's response on a tabletop scenario and identifies bottlenecks.
What's included
- Maturity-scored NIS2 assessment
- Evidence review and scoring
- Regulator-ready evidence pack
- Article 21 control mapping
- Board presentation template
- Maturity 0-5 scoring across all NIS2 Annex I measures (a/c/e/g/h/i/j)
- Article 23 72-hour formal notification readiness assessment + tabletop dry-run
- MFA enforcement scope maturity scoring (per-system, per-role breakdown)
- Encryption + key management maturity scoring (TLS versions, at-rest coverage)
- Access control + privileged access maturity scoring (RBAC, JML, access reviews)
Not sure if this is the right fit?
Talk to our AI advisor — explain your context and we'll recommend the right product from our 160+ catalogue, including alternative tiers and bundles.
🔒 Data processing & privacy
Your data is processed in EU/UK. AI generation runs via Anthropic Claude (EU region). Your data is not used to train models. See the Sub-Processors list and Privacy Policy.
✅ 14-day money-back guarantee
Not satisfied? Request a full refund within 14 days of purchase. See the Refund Policy for details and limits.
💬 Support — 24h response SLA
Reach us at [email protected]. Response within 24 business hours. Critical issues: 4 hours. Channels: email + Help Centre.
🏠 Customer dashboard
After purchase, access your dashboard at /portal/compliance. Manage subscriptions, download reports, export data at any time.
⚠️ Important — For Information Only, Not Regulatory Advice
This product is provided for information and compliance documentation purposes only. It is not regulatory advice, legal interpretation, or a substitute for direct regulator engagement. SummitBridge Horizon Ltd is not a regulator and does not file notifications, breach reports, or registrations with any regulator (including ICO, NCSC, ENISA, BSI, HMRC, FCA, NCA) on your behalf. For specific regulator interpretations, audit outcomes, or legal exposure, you must consult a qualified professional and/or the relevant regulator directly.
SummitBridge Horizon Ltd · Companies House 16419201 · ICO ZC112810 · Registered in England & Wales