NIS2 implementation tool

Automate risk analysis and create action plans in accordance with the NIS2 directive.

Arrange a demo

How to implement NIS2?
7 simple steps with support from RIG NIS

Follow a proven NIS2 implementation plan using the RIG NIS tool. It serves as the hub for managing your organization’s NIS2 compliance and security. It will help you carry out the process in 7 steps, most of which will be completed directly within RIG.

Risk assessment and planning

In RIG NIS, you perform automated analysis, assessment, and action planning. You will assess risks within a financial institution and develop an action plan in the event of a risk occurrence, which will enable you to effectively implement NIS2 and launch the Deming cycle (PDCA).

Supply chain vendor surveying

RIG NIS sends completed questionnaires to suppliers. During the risk assessment process, it is possible to begin collecting questionnaires from suppliers and reviewing contracts with them.

Supply chain vendor agreements

You register every document in RIG NIS. In this step, you prepare draft amendments to contracts and negotiate them.

Supply chain vendor registry

In RIG NIS, you prepare a registry of supplier information for reporting to CSIRT.

Plan execution

Now that you’ve prepared your plans, it’s time to put them into action, including implementing the necessary security measures, conducting the appropriate penetration tests, and providing training.

Documentation

You create documentation in the RIG NIS archive. Thanks to pre-prepared plans, you have a strategy and plans tailored to the organization’s needs, which enables their effective implementation.

Gap analysis

You verify compliance based on established processes, specifically by implementing repeatable tasks required by the NIS2 Directive.

One product – All NIS2 areas

Ensure NIS2 compliance by leveraging the capabilities of RIG NIS.
This comprehensive tool supports organizations in meeting the requirements of the NIS2 Directive by helping to streamline activities related to the NIS2 pillars. RIG integrates risk management, incident response, access control, and business continuity processes—all in one place. You can fulfill most of your NIS2 obligations directly within the system, without the need to use multiple disparate tools.

Reporting in accordance with the NIS2 Directive in the RIG NIS application

RED INTO GREEN enables compliance with all KNF reporting requirements and supports management reporting to streamline compliance with the DORA regulation.

Supply chain vendor information registry

It contains information on all ICT providers supporting critical or essential functions. Reports: SPR-PF-19 and SPR-PF-20 – pertain to planned contractual arrangements with ICT providers.

Incident registry

Reporting serious ICT incidents and significant cyber threats.

Internal audit

Documentation of ICT business continuity test results.

External audit

Documentation for supervisory, investigative, and audit purposes.

Reporting to the management board

Regular reports on risk status, NIS2 compliance, incident status, and corrective actions.
Tailor them to the board’s decision-making needs. Use dashboards to help board members fulfill their personal accountability for DORA compliance.

Product

RIG NIS

If you’d like to learn more about the products included in the package, details regarding NIS2 implementation, or have any other questions, please sign up!

Book a demo

Learn about consistent risk management in compliance with NIS2

on’s cyber security information in one tool, but from multiple angles – information security, business continuity and data protection.



Manage dynamically through assessment, planning and analysis to effectively implement the requirements of the NIS2 Directive. In doing so, you will ensure a consistent approach to ICT risk management, in line with the principles required by the NIS2 Directive.

Book a demo

How to implement and maintain compliance
using the RIG NIS tool?

RIG NIS helps you comply with each of the mandatory pillars of the directive.
You can fully address all 4 areas of responsibility within the tool and streamline the remaining 2.

Risk management

In RIG, you perform all tasks using automation:

  • Process mapping
  • Asset inventory
  • Risk assessment and analysis
  • Risk management

Supply chain vendors

Use the prepared surveys and records to complete the tasks:

  • Supplier Qualification
  • Supplier Registry
  • Supplier Risk Assessment

Major incident reporting

Use the prepared records and carry out the following activities:

  • Incident logging
  • Classification
  • Reporting (this is automated in RIG).

Information sharing

Share information and provide evidence of compliance with this requirement in RIG.

  • Monthly live online risk management training sessions at RIG for all users, plus ongoing access to recordings of past sessions.
  • Q&A for users.

Digital operational resilience testing

By integrating RIG with penetration testing tools, you can link penetration test data with vulnerabilities. This allows you to fulfill your obligations to:

  • Penetration testing
  • Vulnerability scanning.

You get a detailed risk assessment.

NIS2 reporting to CSIRT

Generate in RIG:

  • Analytical reports
  • Workflow – track progress.

Documentation

Create a contract registry in the designated area within RIG. Additionally, the RIG document archive can store:

  • Digital resilience strategy
  • Strategy regarding risks posed by external suppliers in the supply chain
  • All policies and procedures.
See how each pillar of NIS2 can be managed in RIG NIS2
Book a demo