{"id":2376,"date":"2025-07-14T11:14:37","date_gmt":"2025-07-14T11:14:37","guid":{"rendered":"https:\/\/magicstone.nl\/en\/?page_id=2376"},"modified":"2026-07-08T08:02:21","modified_gmt":"2026-07-08T08:02:21","slug":"nis2-compliance-checklist","status":"publish","type":"page","link":"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/","title":{"rendered":"NIS2 Checklist"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"2376\" class=\"elementor elementor-2376\" data-elementor-post-type=\"page\">\n\t\t\t\t<section class=\"elementor-element elementor-element-1956858 e-con-full e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no wpr-column-slider-no wpr-equal-height-no e-con e-parent\" data-id=\"1956858\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c4d52bf elementor-widget elementor-widget-html\" data-id=\"c4d52bf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<!-- NIS2 Compliance Checklist | Magic Stone Cyber Security -->\r\n\r\n<section class=\"ms-service-page\">\r\n\r\n  <style>\r\n    .ms-service-page { width:100%; font-family:inherit; color:#1f2933; line-height:1.65; }\r\n    .ms-service-page * { box-sizing:border-box; }\r\n    .ms-hero { width:100%; background:linear-gradient(135deg,#0f172a 0%,#1f2937 100%); color:#fff; padding:70px 6%; margin-bottom:45px; }\r\n    .ms-hero h1 { max-width:1120px; font-size:42px; line-height:1.15; margin:0 auto 20px; color:#fff; }\r\n    .ms-hero p { max-width:1120px; font-size:19px; margin:0 auto 28px; color:#e5e7eb; }\r\n    .ms-hero .ms-btn-wrap { max-width:1120px; margin:0 auto; }\r\n    .ms-content { width:100%; max-width:1120px; margin:0 auto; padding:0 20px 55px; }\r\n    .ms-highlight { color:#57A200; font-weight:700; }\r\n    .ms-btn { display:inline-block; background:#57A200; color:#fff!important; padding:14px 26px; border-radius:8px; text-decoration:none; font-weight:700; margin-top:10px; }\r\n    .ms-btn:hover { background:#468500; color:#fff!important; }\r\n    .ms-btn-secondary { display:inline-block; background:transparent; color:#57A200!important; border:2px solid #57A200; padding:12px 24px; border-radius:8px; text-decoration:none; font-weight:700; margin-top:10px; margin-left:10px; }\r\n    .ms-btn-secondary:hover { background:#57A200; color:#fff!important; }\r\n    .ms-btn-dl { display:inline-flex; align-items:center; gap:10px; background:#173154; color:#fff!important; padding:14px 26px; border-radius:8px; text-decoration:none; font-weight:700; margin-top:10px; margin-left:10px; font-size:16px; transition:background .2s; }\r\n    .ms-btn-dl:hover { background:#0f2440; color:#fff!important; }\r\n    .ms-btn-dl svg { flex-shrink:0; }\r\n    .ms-section { margin-bottom:48px; }\r\n    .ms-section h2 { font-size:30px; margin-bottom:8px; color:#111827; }\r\n    .ms-section .ms-section-intro { font-size:16px; color:#6b7280; margin-bottom:22px; }\r\n    .ms-grid-2 { display:grid; grid-template-columns:repeat(2,1fr); gap:20px; margin-top:25px; }\r\n    .ms-checklist-card { background:#fff; border:1px solid #e5e7eb; border-top:4px solid #57A200; border-radius:14px; padding:22px 24px; box-shadow:0 4px 16px rgba(0,0,0,.04); }\r\n    .ms-checklist-card .ms-card-num { display:inline-flex; align-items:center; justify-content:center; width:26px; height:26px; background:#0f172a; color:#57A200; border-radius:6px; font-size:12px; font-weight:800; margin-bottom:10px; flex-shrink:0; }\r\n    .ms-checklist-card h3 { margin:0 0 5px; font-size:17px; color:#111827; }\r\n    .ms-checklist-card .ms-card-intro { font-size:13.5px; color:#6b7280; margin-bottom:12px; line-height:1.5; }\r\n    .ms-checklist { list-style:none; padding:0; margin:0; }\r\n    .ms-checklist li { display:flex; gap:9px; align-items:flex-start; padding:6px 0; border-bottom:1px solid #f3f4f6; font-size:14px; color:#374151; line-height:1.5; }\r\n    .ms-checklist li:last-child { border-bottom:none; }\r\n    .ms-checklist li::before { content:\"\\2610\"; font-size:16px; color:#57A200; flex-shrink:0; margin-top:1px; }\r\n    .ms-strip { background:#f3f8ef; border-left:5px solid #57A200; padding:28px; border-radius:14px; margin:40px 0; }\r\n    .ms-warning-strip { background:#fff7ed; border-left:5px solid #f97316; padding:24px 28px; border-radius:14px; margin:0 0 36px; }\r\n    .ms-download-strip { background:#0f172a; border-radius:14px; padding:28px 32px; margin:40px 0; display:flex; align-items:center; justify-content:space-between; gap:24px; flex-wrap:wrap; }\r\n    .ms-download-strip h3 { color:#fff; font-size:20px; margin:0 0 6px; }\r\n    .ms-download-strip p { color:#94a3b8; font-size:15px; margin:0; }\r\n    .ms-download-btn { display:inline-flex; align-items:center; gap:10px; background:#57A200; color:#fff!important; padding:14px 24px; border-radius:8px; text-decoration:none; font-weight:700; font-size:15px; white-space:nowrap; transition:background .2s; flex-shrink:0; }\r\n    .ms-download-btn:hover { background:#468500; }\r\n    .ms-cta { background:#111827; color:#fff; border-radius:18px; padding:45px 35px; text-align:center; margin-top:50px; }\r\n    .ms-cta h2 { color:#fff; font-size:32px; margin-bottom:15px; }\r\n    .ms-cta p { color:#e5e7eb; max-width:780px; margin:0 auto 22px; font-size:18px; }\r\n    .ms-links a { color:#57A200; font-weight:700; text-decoration:none; }\r\n    .ms-links a:hover { text-decoration:underline; }\r\n    .ms-list { padding-left:22px; }\r\n    .ms-list li { margin-bottom:10px; }\r\n    .ms-art21-note { font-size:13px; color:#9ca3af; margin-top:6px; font-style:italic; }\r\n    @media(max-width:900px) {\r\n      .ms-grid-2 { grid-template-columns:1fr; }\r\n      .ms-hero { padding:50px 24px; }\r\n      .ms-hero h1 { font-size:34px; }\r\n      .ms-btn-secondary, .ms-btn-dl { margin-left:0; display:block; text-align:center; }\r\n      .ms-download-strip { flex-direction:column; }\r\n    }\r\n  <\/style>\r\n\r\n  <div class=\"ms-hero\">\r\n    <h1>NIS2 Compliance Checklist<\/h1>\r\n    <p>A practical checklist covering all ten areas of NIS2 Article 21 compliance. Use this to identify gaps, prioritise actions, and build a roadmap to compliance readiness.<\/p>\r\n    <div class=\"ms-btn-wrap\">\r\n      <a href=\"https:\/\/tidycal.com\/raviv\/45-minute-meeting\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"ms-btn\">Book a NIS2 Assessment<\/a>\r\n      <a href=\"https:\/\/magicstone.nl\/en\/wp-content\/uploads\/2026\/06\/MagicStone_NIS2_Workbook.pdf\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"ms-btn-dl\">\r\n        <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\"><path d=\"M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4\"\/><polyline points=\"7 10 12 15 17 10\"\/><line x1=\"12\" y1=\"15\" x2=\"12\" y2=\"3\"\/><\/svg>\r\n        Download Workbook 2026\r\n      <\/a>\r\n    <\/div>\r\n  <\/div>\r\n\r\n  <div class=\"ms-content\">\r\n\r\n    <div class=\"ms-warning-strip\">\r\n      <strong>This checklist does not replace a formal NIS2 assessment.<\/strong><br><br>\r\n      It is designed to help you understand the scope of NIS2 obligations and identify gaps before a formal assessment. For documented compliance evidence, a structured <a href=\"https:\/\/magicstone.nl\/en\/nis2-assessment\/\" style=\"color:#e8863a;font-weight:700;\">NIS2 Assessment<\/a> provides the gap analysis, remediation roadmap, and readiness validation that regulators require.\r\n    <\/div>\r\n\r\n    <div class=\"ms-section\">\r\n      <h2>The NIS2 Compliance Checklist<\/h2>\r\n      <p class=\"ms-section-intro\">NIS2 Article 21 defines ten mandatory risk-management measures. This checklist covers all ten, organised into practical areas. Work through each section and note where gaps exist \u2014 each gap is a compliance risk.<\/p>\r\n\r\n      <div class=\"ms-grid-2\">\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">1<\/div>\r\n          <h3>Governance &amp; Accountability<\/h3>\r\n          <p class=\"ms-card-intro\">Clear cybersecurity ownership and executive accountability across the organisation.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Cybersecurity roles formally assigned<\/li>\r\n            <li>Board approves cybersecurity strategy<\/li>\r\n            <li>Executive accountability documented<\/li>\r\n            <li>Cyber budget reviewed annually<\/li>\r\n          <\/ul>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">2<\/div>\r\n          <h3>Cyber Risk Management<\/h3>\r\n          <p class=\"ms-card-intro\">Identify operational cyber risks across infrastructure, users, and suppliers.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Formal risk assessment process in place<\/li>\r\n            <li>Risk register maintained and reviewed<\/li>\r\n            <li>Threat landscape assessed regularly<\/li>\r\n            <li>Risks reviewed after significant changes<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(a)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">3<\/div>\r\n          <h3>Technical Security Controls<\/h3>\r\n          <p class=\"ms-card-intro\">Implement appropriate technical and operational security measures.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Multi-factor authentication enforced<\/li>\r\n            <li>Endpoint and email security deployed<\/li>\r\n            <li>Data encryption in place (at rest and in transit)<\/li>\r\n            <li>Patch management process followed<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(g)(h)(i)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">4<\/div>\r\n          <h3>Network Security<\/h3>\r\n          <p class=\"ms-card-intro\">Secure network and information systems against unauthorised access and disruption.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Network segmentation implemented<\/li>\r\n            <li>Firewall and perimeter controls in place<\/li>\r\n            <li>Network traffic monitored and logged<\/li>\r\n            <li>Intrusion detection\/prevention deployed<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(h)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">5<\/div>\r\n          <h3>Third-Party Risk Management<\/h3>\r\n          <p class=\"ms-card-intro\">Continuously monitor supplier cyber exposure, compliance posture, and operational risk.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Critical suppliers identified and documented<\/li>\r\n            <li>Supplier security assessments conducted<\/li>\r\n            <li>Contractual security requirements in place<\/li>\r\n            <li>Supply chain risk register maintained<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(d)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">6<\/div>\r\n          <h3>Incident Response &amp; Reporting<\/h3>\r\n          <p class=\"ms-card-intro\">Prepare for cyber incidents with clear response processes and operational coordination.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Incident response plan documented and tested<\/li>\r\n            <li>24-hour early warning capability in place<\/li>\r\n            <li>72-hour full notification process defined<\/li>\r\n            <li>Post-incident review process established<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(b)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">7<\/div>\r\n          <h3>Security Awareness &amp; Training<\/h3>\r\n          <p class=\"ms-card-intro\">Strengthen employee awareness to reduce phishing, ransomware, and human-driven cyber risk.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Continuous cybersecurity awareness training delivered<\/li>\r\n            <li>Phishing simulation programme in place<\/li>\r\n            <li>Board and management training delivered<\/li>\r\n            <li>Training completion records maintained<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(g)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">8<\/div>\r\n          <h3>Vulnerability Handling &amp; Disclosure<\/h3>\r\n          <p class=\"ms-card-intro\">Identify, manage, and disclose vulnerabilities in systems and software.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Vulnerability scanning performed regularly<\/li>\r\n            <li>Patch prioritisation process in place<\/li>\r\n            <li>Penetration testing conducted annually<\/li>\r\n            <li>Responsible disclosure policy published<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(e)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">9<\/div>\r\n          <h3>Business Continuity &amp; Recovery<\/h3>\r\n          <p class=\"ms-card-intro\">Maintain operational resilience and recover critical systems during disruption.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Business continuity plan documented and tested<\/li>\r\n            <li>Backups isolated, tested, and ransomware-proof<\/li>\r\n            <li>Recovery time and point objectives defined<\/li>\r\n            <li>Crisis communication plan documented<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(c)<\/p>\r\n        <\/div>\r\n\r\n        <div class=\"ms-checklist-card\">\r\n          <div class=\"ms-card-num\">10<\/div>\r\n          <h3>Audit &amp; Compliance Evidence<\/h3>\r\n          <p class=\"ms-card-intro\">Maintain ongoing visibility, monitoring, and documented compliance readiness.<\/p>\r\n          <ul class=\"ms-checklist\">\r\n            <li>Continuous monitoring in place<\/li>\r\n            <li>Audit evidence and compliance records maintained<\/li>\r\n            <li>Control testing performed regularly<\/li>\r\n            <li>Management reporting completed<\/li>\r\n          <\/ul>\r\n          <p class=\"ms-art21-note\">\u2192 Article 21(2)(f)(j)<\/p>\r\n        <\/div>\r\n\r\n      <\/div>\r\n    <\/div>\r\n\r\n    <!-- Download strip -->\r\n    <div class=\"ms-download-strip\">\r\n      <div>\r\n        <h3>&#128203; NIS2 Compliance Checklist &amp; Readiness Workbook 2026<\/h3>\r\n        <p>Download the full workbook \u2014 all ten sections with Yes \/ Partial \/ No scoring, organisation details, and a scoring guide. Print it, fill it in, share it with your board.<\/p>\r\n      <\/div>\r\n      <a href=\"https:\/\/magicstone.nl\/en\/wp-content\/uploads\/2026\/06\/MagicStone_NIS2_Workbook.pdf\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"ms-download-btn\">\r\n        <svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\"><path d=\"M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4\"\/><polyline points=\"7 10 12 15 17 10\"\/><line x1=\"12\" y1=\"15\" x2=\"12\" y2=\"3\"\/><\/svg>\r\n        Download Workbook (PDF)\r\n      <\/a>\r\n    <\/div>\r\n\r\n    <div class=\"ms-strip\">\r\n      <strong>Gaps found? Here is what to do next.<\/strong><br><br>\r\n      A structured <a href=\"https:\/\/magicstone.nl\/en\/nis2-assessment\/\" style=\"color:#57A200;font-weight:700;\">NIS2 Assessment<\/a> turns your checklist gaps into a formal gap report, prioritised remediation roadmap, and compliance validation. Magic Stone manages the technical controls. GRSee leads the compliance assessment and governance framework.\r\n      <br><br>\r\n      <span class=\"ms-links\"><a href=\"https:\/\/magicstone.nl\/en\/nis2-assessment\/\">Start your NIS2 Assessment &rarr;<\/a><\/span>\r\n    <\/div>\r\n\r\n    <div class=\"ms-section ms-links\">\r\n      <h2>Related<\/h2>\r\n      <ul class=\"ms-list\">\r\n        <li><a href=\"https:\/\/magicstone.nl\/en\/what-is-nis2\/\">What is NIS2? \u2014 Plain Language Guide<\/a><\/li>\r\n        <li><a href=\"https:\/\/magicstone.nl\/en\/nis2-assessment\/\">NIS2 Assessment \u2014 Gap Analysis &amp; Compliance Roadmap<\/a><\/li>\r\n        <li><a href=\"https:\/\/magicstone.nl\/en\/nis2-third-party-risk-management\/\">NIS2 &amp; Third-Party Risk Management<\/a><\/li>\r\n        <li><a href=\"https:\/\/magicstone.nl\/en\/dora-compliance-made-simple\/\">DORA Compliance<\/a><\/li>\r\n        <li><a href=\"https:\/\/magicstone.nl\/en\/services\/ransomware-protection\/\">Ransomware Protection<\/a><\/li>\r\n        <li><a href=\"https:\/\/magicstone.nl\/en\/services\/supply-chain-risk\/\">Supply Chain Risk Management<\/a><\/li>\r\n      <\/ul>\r\n    <\/div>\r\n\r\n    <div class=\"ms-cta\">\r\n      <h2>Gaps Found? Let's Build Your Compliance Roadmap.<\/h2>\r\n      <p>Book a NIS2 scoping call with Magic Stone. We'll review your checklist findings, identify your biggest compliance risks, and show you what a structured remediation roadmap looks like.<\/p>\r\n      <a href=\"https:\/\/tidycal.com\/raviv\/45-minute-meeting\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"ms-btn\">Book a NIS2 Assessment<\/a>\r\n    <\/div>\r\n\r\n  <\/div>\r\n<\/section>\r\n\r\n<script type=\"application\/ld+json\">\r\n{\r\n  \"@context\": \"https:\/\/schema.org\",\r\n  \"@type\": \"HowTo\",\r\n  \"name\": \"NIS2 Compliance Checklist\",\r\n  \"description\": \"A practical checklist covering all ten areas of NIS2 Article 21 compliance \u2014 governance, risk management, technical controls, network security, supply chain, incident response, awareness training, vulnerability handling, business continuity, and audit evidence.\",\r\n  \"step\": [\r\n    {\"@type\":\"HowToStep\",\"name\":\"Governance & Accountability\",\"text\":\"Cybersecurity roles formally assigned, board approves strategy, executive accountability documented, cyber budget reviewed.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Cyber Risk Management\",\"text\":\"Formal risk assessment process in place, risk register maintained, threat landscape assessed, risks reviewed after changes.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Technical Security Controls\",\"text\":\"MFA enforced, endpoint and email security deployed, data encrypted, patch management followed.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Network Security\",\"text\":\"Network segmentation implemented, firewall controls in place, traffic monitored, intrusion detection deployed.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Third-Party Risk Management\",\"text\":\"Critical suppliers documented, security assessments conducted, contractual requirements in place, supply chain risk register maintained.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Incident Response & Reporting\",\"text\":\"Incident response plan tested, 24-hour early warning capability, 72-hour notification process defined, post-incident review established.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Security Awareness & Training\",\"text\":\"Continuous awareness training delivered, phishing simulations in place, board training delivered, completion records maintained.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Vulnerability Handling & Disclosure\",\"text\":\"Vulnerability scanning performed, patch prioritisation in place, penetration testing conducted annually, disclosure policy published.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Business Continuity & Recovery\",\"text\":\"BCP documented and tested, backups isolated and ransomware-proof, RTO\/RPO defined, crisis communication plan documented.\"},\r\n    {\"@type\":\"HowToStep\",\"name\":\"Audit & Compliance Evidence\",\"text\":\"Continuous monitoring in place, audit evidence maintained, control testing performed, management reporting completed.\"}\r\n  ]\r\n}\r\n<\/script>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6085166 elementor-widget elementor-widget-spacer\" data-id=\"6085166\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e063d20 elementor-widget elementor-widget-menu-anchor\" data-id=\"e063d20\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"menu-anchor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-menu-anchor\" id=\"faq\"><\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<section class=\"elementor-element elementor-element-6cf5df5 scale e-con-full e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no wpr-column-slider-no wpr-equal-height-no e-con e-child\" data-id=\"6cf5df5\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;gradient&quot;}\">\n\t\t<div class=\"elementor-element elementor-element-8a289e8 e-con-full e-flex wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no wpr-column-slider-no wpr-equal-height-no e-con e-child\" data-id=\"8a289e8\" data-element_type=\"container\" data-e-type=\"container\">\n\t\t\t\t<div class=\"elementor-element elementor-element-77ec02c elementor-widget__width-inherit elementor-widget elementor-widget-text-editor\" data-id=\"77ec02c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Frequently Asked Questions<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-06b70da elementor-widget__width-inherit elementor-invisible elementor-widget elementor-widget-heading\" data-id=\"06b70da\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInUp&quot;}\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Frequently Asked Questions About the NIS2 Compliance Checklist<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-97270d8 elementor-widget__width-inherit elementor-widget elementor-widget-text-editor\" data-id=\"97270d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Answers to common questions about the NIS2 compliance checklist, cyber resilience, supplier risk, operational security, and AI-powered cybersecurity.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085679 wpr-advanced-accordion-icon-no-box elementor-widget-mobile__width-initial elementor-widget__width-initial elementor-widget elementor-widget-wpr-advanced-accordion\" data-id=\"8085679\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;active_item&quot;:1}\" data-widget_type=\"wpr-advanced-accordion.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\n            <div class=\"wpr-advanced-accordion\" data-accordion-type=\"accordion\" data-active-index=\"1\" data-accordion-trigger=\"click\" data-interaction-speed=\"0.4\">\n\n\t\t\t\n                \n\t\t\t\t\t<div class=\"wpr-accordion-item-wrap\">\n\t\t\t\t\t\t<button class=\"wpr-acc-button\">\n\t\t\t\t\t\t\t<span class=\"wpr-acc-item-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-title-icon\">\n\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\n\t\t\t\t\t\t\t\t<span class=\"wpr-acc-title-text\">Does NIS2 apply to my organization?<\/span>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-close\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-plus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H272V64c0-17.67-14.33-32-32-32h-32c-17.67 0-32 14.33-32 32v144H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h144v144c0 17.67 14.33 32 32 32h32c17.67 0 32-14.33 32-32V304h144c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-open\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-minus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h384c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t<\/button>\n\n\t\t\t\t\t\t<div class=\"wpr-acc-panel\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wpr-acc-panel-content\"><p>NIS2 applies to many organizations operating in sectors such as healthcare, manufacturing, energy, transport, digital infrastructure, logistics, managed services, and other critical industries. Even organizations that are not directly regulated may still face cybersecurity and supplier risk requirements through customers and supply chain relationships.<\/p><\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n                    <\/div>\n\n                \n\t\t\t\t\t<div class=\"wpr-accordion-item-wrap\">\n\t\t\t\t\t\t<button class=\"wpr-acc-button\">\n\t\t\t\t\t\t\t<span class=\"wpr-acc-item-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-title-icon\">\n\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\n\t\t\t\t\t\t\t\t<span class=\"wpr-acc-title-text\">How does AI-powered cybersecurity support NIS2 readiness?<\/span>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-close\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-plus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H272V64c0-17.67-14.33-32-32-32h-32c-17.67 0-32 14.33-32 32v144H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h144v144c0 17.67 14.33 32 32 32h32c17.67 0 32-14.33 32-32V304h144c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-open\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-minus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h384c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t<\/button>\n\n\t\t\t\t\t\t<div class=\"wpr-acc-panel\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wpr-acc-panel-content\"><p>AI-powered cybersecurity helps organizations automate repetitive security tasks, improve visibility into supplier risks, detect threats faster, and strengthen operational resilience. This supports organizations in improving cyber readiness without significantly increasing operational workload.<\/p><\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n                    <\/div>\n\n                \n\t\t\t\t\t<div class=\"wpr-accordion-item-wrap\">\n\t\t\t\t\t\t<button class=\"wpr-acc-button\">\n\t\t\t\t\t\t\t<span class=\"wpr-acc-item-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-title-icon\">\n\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\n\t\t\t\t\t\t\t\t<span class=\"wpr-acc-title-text\">Why is Third-Party Risk Management important under NIS2?<\/span>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-close\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-plus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H272V64c0-17.67-14.33-32-32-32h-32c-17.67 0-32 14.33-32 32v144H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h144v144c0 17.67 14.33 32 32 32h32c17.67 0 32-14.33 32-32V304h144c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-open\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-minus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h384c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t<\/button>\n\n\t\t\t\t\t\t<div class=\"wpr-acc-panel\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wpr-acc-panel-content\"><p>NIS2 places strong emphasis on supplier and supply chain security because cyber incidents increasingly originate through third parties, software providers, cloud services, and external operational dependencies. Organizations must improve visibility into supplier risks and continuously monitor external exposure.<\/p><\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n                    <\/div>\n\n                \n\t\t\t\t\t<div class=\"wpr-accordion-item-wrap\">\n\t\t\t\t\t\t<button class=\"wpr-acc-button\">\n\t\t\t\t\t\t\t<span class=\"wpr-acc-item-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-title-icon\">\n\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\n\t\t\t\t\t\t\t\t<span class=\"wpr-acc-title-text\">How can organizations improve cyber resilience under NIS2?<\/span>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-close\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-plus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H272V64c0-17.67-14.33-32-32-32h-32c-17.67 0-32 14.33-32 32v144H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h144v144c0 17.67 14.33 32 32 32h32c17.67 0 32-14.33 32-32V304h144c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-open\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-minus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h384c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t<\/button>\n\n\t\t\t\t\t\t<div class=\"wpr-acc-panel\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wpr-acc-panel-content\"><div class=\"\" data-turn-id-container=\"0d6c897d-1a7a-4d9c-b991-0840cc6d38f6\" data-is-intersecting=\"true\"><p data-start=\"0\" data-end=\"321\">Organizations can strengthen cyber resilience by improving supplier oversight, implementing continuous monitoring, strengthening ransomware protection, improving incident response readiness, increasing visibility into operational risks, and adopting modern cybersecurity solutions aligned with evolving compliance requirements.<\/p><\/div><\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n                    <\/div>\n\n                \n\t\t\t\t\t<div class=\"wpr-accordion-item-wrap\">\n\t\t\t\t\t\t<button class=\"wpr-acc-button\">\n\t\t\t\t\t\t\t<span class=\"wpr-acc-item-title\">\n\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-title-icon\">\n\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\n\t\t\t\t\t\t\t\t<span class=\"wpr-acc-title-text\">As a business manager, what should be included in my NIS2 checklist?<\/span>\n\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-close\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-plus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H272V64c0-17.67-14.33-32-32-32h-32c-17.67 0-32 14.33-32 32v144H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h144v144c0 17.67 14.33 32 32 32h32c17.67 0 32-14.33 32-32V304h144c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t<span class=\"wpr-toggle-icon wpr-ti-open\"><svg aria-hidden=\"true\" class=\"e-font-icon-svg e-fas-minus\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M416 208H32c-17.67 0-32 14.33-32 32v32c0 17.67 14.33 32 32 32h384c17.67 0 32-14.33 32-32v-32c0-17.67-14.33-32-32-32z\"><\/path><\/svg><\/span>\n\t\t\t\t\t\t\t\t\t<\/button>\n\n\t\t\t\t\t\t<div class=\"wpr-acc-panel\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"wpr-acc-panel-content\"><div class=\"\" data-turn-id-container=\"d7ec446e-4554-481c-9c6d-a9f6585287f4\" data-is-intersecting=\"true\">Business managers should ensure their organization has visibility into cyber risks, supplier dependencies, incident response readiness, ransomware protection, access management, backup and recovery capabilities, employee awareness, and operational resilience. NIS2 also requires stronger governance, accountability, and continuous oversight of cybersecurity and third-party risks.<\/div><\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n                    <\/div>\n\n                            <\/div>\n        \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-3dae5fa elementor-widget elementor-widget-spacer\" data-id=\"3dae5fa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>NIS2 Compliance Checklist A practical checklist covering all ten areas of NIS2 Article 21 compliance. Use this to identify gaps, prioritise actions, and build a roadmap to compliance readiness. Book a NIS2 Assessment Download Workbook 2026 This checklist does not replace a formal NIS2 assessment. It is designed to help you understand the scope of NIS2 obligations and identify gaps before a formal assessment. For documented compliance evidence, a structured NIS2 Assessment provides the gap analysis, remediation roadmap, and readiness validation that regulators require. The NIS2 Compliance Checklist NIS2 Article 21 defines ten mandatory risk-management measures. This checklist covers all ten, organised into practical areas. Work through each section and note where gaps exist \u2014 each gap is a compliance risk. 1 Governance &amp; Accountability Clear cybersecurity ownership and executive accountability across the organisation. Cybersecurity roles formally assigned Board approves cybersecurity strategy Executive accountability documented Cyber budget reviewed annually 2 Cyber Risk Management Identify operational cyber risks across infrastructure, users, and suppliers. Formal risk assessment process in place Risk register maintained and reviewed Threat landscape assessed regularly Risks reviewed after significant changes \u2192 Article 21(2)(a) 3 Technical Security Controls Implement appropriate technical and operational security measures. Multi-factor authentication enforced Endpoint and email security deployed Data encryption in place (at rest and in transit) Patch management process followed \u2192 Article 21(2)(g)(h)(i) 4 Network Security Secure network and information systems against unauthorised access and disruption. Network segmentation implemented Firewall and perimeter controls in place Network traffic monitored and logged Intrusion detection\/prevention deployed \u2192 Article 21(2)(h) 5 Third-Party Risk Management Continuously monitor supplier cyber exposure, compliance posture, and operational risk. Critical suppliers identified and documented Supplier security assessments conducted Contractual security requirements in place Supply chain risk register maintained \u2192 Article 21(2)(d) 6 Incident Response &amp; Reporting Prepare for cyber incidents with clear response processes and operational coordination. Incident response plan documented and tested 24-hour early warning capability in place 72-hour full notification process defined Post-incident review process established \u2192 Article 21(2)(b) 7 Security Awareness &amp; Training Strengthen employee awareness to reduce phishing, ransomware, and human-driven cyber risk. Continuous cybersecurity awareness training delivered Phishing simulation programme in place Board and management training delivered Training completion records maintained \u2192 Article 21(2)(g) 8 Vulnerability Handling &amp; Disclosure Identify, manage, and disclose vulnerabilities in systems and software. Vulnerability scanning performed regularly Patch prioritisation process in place Penetration testing conducted annually Responsible disclosure policy published \u2192 Article 21(2)(e) 9 Business Continuity &amp; Recovery Maintain operational resilience and recover critical systems during disruption. Business continuity plan documented and tested Backups isolated, tested, and ransomware-proof Recovery time and point objectives defined Crisis communication plan documented \u2192 Article 21(2)(c) 10 Audit &amp; Compliance Evidence Maintain ongoing visibility, monitoring, and documented compliance readiness. Continuous monitoring in place Audit evidence and compliance records maintained Control testing performed regularly Management reporting completed \u2192 Article 21(2)(f)(j) &#128203; NIS2 Compliance Checklist &amp; Readiness Workbook 2026 Download the full workbook \u2014 all ten sections with Yes \/ Partial \/ No scoring, organisation details, and a scoring guide. Print it, fill it in, share it with your board. Download Workbook (PDF) Gaps found? Here is what to do next. A structured NIS2 Assessment turns your checklist gaps into a formal gap report, prioritised remediation roadmap, and compliance validation. Magic Stone manages the technical controls. GRSee leads the compliance assessment and governance framework. Start your NIS2 Assessment &rarr; Related What is NIS2? \u2014 Plain Language Guide NIS2 Assessment \u2014 Gap Analysis &amp; Compliance Roadmap NIS2 &amp; Third-Party Risk Management DORA Compliance Ransomware Protection Supply Chain Risk Management Gaps Found? Let&#8217;s Build Your Compliance Roadmap. Book a NIS2 scoping call with Magic Stone. We&#8217;ll review your checklist findings, identify your biggest compliance risks, and show you what a structured remediation roadmap looks like. Book a NIS2 Assessment Frequently Asked Questions Frequently Asked Questions About the NIS2 Compliance Checklist Answers to common questions about the NIS2 compliance checklist, cyber resilience, supplier risk, operational security, and AI-powered cybersecurity. Does NIS2 apply to my organization? NIS2 applies to many organizations operating in sectors such as healthcare, manufacturing, energy, transport, digital infrastructure, logistics, managed services, and other critical industries. Even organizations that are not directly regulated may still face cybersecurity and supplier risk requirements through customers and supply chain relationships. How does AI-powered cybersecurity support NIS2 readiness? AI-powered cybersecurity helps organizations automate repetitive security tasks, improve visibility into supplier risks, detect threats faster, and strengthen operational resilience. This supports organizations in improving cyber readiness without significantly increasing operational workload. Why is Third-Party Risk Management important under NIS2? NIS2 places strong emphasis on supplier and supply chain security because cyber incidents increasingly originate through third parties, software providers, cloud services, and external operational dependencies. Organizations must improve visibility into supplier risks and continuously monitor external exposure. How can organizations improve cyber resilience under NIS2? Organizations can strengthen cyber resilience by improving supplier oversight, implementing continuous monitoring, strengthening ransomware protection, improving incident response readiness, increasing visibility into operational risks, and adopting modern cybersecurity solutions aligned with evolving compliance requirements. As a business manager, what should be included in my NIS2 checklist? Business managers should ensure their organization has visibility into cyber risks, supplier dependencies, incident response readiness, ransomware protection, access management, backup and recovery capabilities, employee awareness, and operational resilience. NIS2 also requires stronger governance, accountability, and continuous oversight of cybersecurity and third-party risks.<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"elementor_header_footer","meta":{"_acf_changed":false,"site-sidebar-layout":"no-sidebar","site-content-layout":"","ast-site-content-layout":"full-width-container","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-2376","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NIS2 Compliance Checklist | Key Requirements &amp; Steps<\/title>\n<meta name=\"description\" content=\"Download or follow this NIS2 compliance checklist to identify gaps, manage vendor risk, and meet regulatory requirements.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIS2 Compliance Checklist | Key Requirements &amp; Steps\" \/>\n<meta property=\"og:description\" content=\"Download or follow this NIS2 compliance checklist to identify gaps, manage vendor risk, and meet regulatory requirements.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/\" \/>\n<meta property=\"og:site_name\" content=\"Magic Stone\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MagicStoneNL\" \/>\n<meta property=\"article:modified_time\" content=\"2026-07-08T08:02:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@magicstone72\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/nis2-compliance-checklist\\\/\",\"url\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/nis2-compliance-checklist\\\/\",\"name\":\"NIS2 Compliance Checklist | Key Requirements & Steps\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/#website\"},\"datePublished\":\"2025-07-14T11:14:37+00:00\",\"dateModified\":\"2026-07-08T08:02:21+00:00\",\"description\":\"Download or follow this NIS2 compliance checklist to identify gaps, manage vendor risk, and meet regulatory requirements.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/nis2-compliance-checklist\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/magicstone.nl\\\/en\\\/nis2-compliance-checklist\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/nis2-compliance-checklist\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIS2 Checklist\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/\",\"name\":\"Magic Stone\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/#organization\",\"name\":\"Magic Stone\",\"url\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/MS-logo-txt-1024x683.png\",\"contentUrl\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/MS-logo-txt-1024x683.png\",\"width\":1024,\"height\":683,\"caption\":\"Magic Stone\"},\"image\":{\"@id\":\"https:\\\/\\\/magicstone.nl\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/MagicStoneNL\",\"https:\\\/\\\/x.com\\\/magicstone72\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/magicstonecyber\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NIS2 Compliance Checklist | Key Requirements & Steps","description":"Download or follow this NIS2 compliance checklist to identify gaps, manage vendor risk, and meet regulatory requirements.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/","og_locale":"en_US","og_type":"article","og_title":"NIS2 Compliance Checklist | Key Requirements & Steps","og_description":"Download or follow this NIS2 compliance checklist to identify gaps, manage vendor risk, and meet regulatory requirements.","og_url":"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/","og_site_name":"Magic Stone","article_publisher":"https:\/\/www.facebook.com\/MagicStoneNL","article_modified_time":"2026-07-08T08:02:21+00:00","twitter_card":"summary_large_image","twitter_site":"@magicstone72","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/","url":"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/","name":"NIS2 Compliance Checklist | Key Requirements & Steps","isPartOf":{"@id":"https:\/\/magicstone.nl\/en\/#website"},"datePublished":"2025-07-14T11:14:37+00:00","dateModified":"2026-07-08T08:02:21+00:00","description":"Download or follow this NIS2 compliance checklist to identify gaps, manage vendor risk, and meet regulatory requirements.","breadcrumb":{"@id":"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/magicstone.nl\/en\/nis2-compliance-checklist\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/magicstone.nl\/en\/"},{"@type":"ListItem","position":2,"name":"NIS2 Checklist"}]},{"@type":"WebSite","@id":"https:\/\/magicstone.nl\/en\/#website","url":"https:\/\/magicstone.nl\/en\/","name":"Magic Stone","description":"","publisher":{"@id":"https:\/\/magicstone.nl\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/magicstone.nl\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/magicstone.nl\/en\/#organization","name":"Magic Stone","url":"https:\/\/magicstone.nl\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/magicstone.nl\/en\/#\/schema\/logo\/image\/","url":"https:\/\/magicstone.nl\/en\/wp-content\/uploads\/2026\/04\/MS-logo-txt-1024x683.png","contentUrl":"https:\/\/magicstone.nl\/en\/wp-content\/uploads\/2026\/04\/MS-logo-txt-1024x683.png","width":1024,"height":683,"caption":"Magic Stone"},"image":{"@id":"https:\/\/magicstone.nl\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/MagicStoneNL","https:\/\/x.com\/magicstone72","https:\/\/www.linkedin.com\/company\/magicstonecyber"]}]}},"_links":{"self":[{"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/pages\/2376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/comments?post=2376"}],"version-history":[{"count":5,"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/pages\/2376\/revisions"}],"predecessor-version":[{"id":9271,"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/pages\/2376\/revisions\/9271"}],"wp:attachment":[{"href":"https:\/\/magicstone.nl\/en\/wp-json\/wp\/v2\/media?parent=2376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}