Implementing NIS-2 for Your Business

Audits, security implementation, and ongoing monitoring—all in one place. ITH will guide you through the entire process—from assessment to certification.

Check if this applies to you Request a quote

Check if this applies to you Request a quote

What is the NIS-2 Directive?

EU DIRECTIVE 2022/2555

Network and Information Security – Version 2

It replaces the 2016 NIS Directive—with a scope expanded to include new sectors and stricter penalties
Applies to key and important entities, companies with 50 or more employees or annual revenue of €10 million or more
Implemented into Polish law as an amendment to the Act on the National Cybersecurity System

Companies in key sectors must comply with the requirements or face fines of up to €10 million or 2% of their annual turnover.
Do you know if your company is subject to these requirements?

Companies must implement formal risk management procedures, security policies, and business continuity plans (BCP/DRP)

Serious incidents must be reported to the competent authority within 24 hours of detection. ITH SOC will provide this monitoring for you

Managers may be held personally liable for non-compliance—including being barred from holding managerial positions

More than 38,000 entities in Poland

Who is affected by NIS-2?

Digital infrastructure

Transport

Energy

Banking and Finance

Healthcare

ICT Service Management

Digital service providers

Waste management

Postal and courier services

Food production

Public administration

Industrial production

Scientific research

Financial market infrastructure

Outer space

NIS-2 Implementation Model

Four stages, one supplier, full engineering support

Compliance Audit
Assessment of gaps against NIS-2, ISO 27001, and KSC, including a roadmap for corrective actions.

NIS-2 Compliance Audit Report
Identification of Gaps and Non-Compliances
Recommendations for Corrective Actions
Compliance Roadmap

Documentation & Compliance
A complete NIS-2 documentation package, ready for inspection by the supervisory authority.

Consistent NIS-2 documentation package
Formal compliance with regulations
Readiness for implementation and inspection
Security policies and BCP/DRP

Training & Organization
Trained management and staff with proof of completion.

Training for management
Training for staff
Training materials
Training Completion Certificates

Closure & SOC
Closing report, launch of 24/7 monitoring, and formal preparation of the organization.

Confirmation of documentation implementation
Closing audit report
Launch of 24/7/365 SOC
Readiness for supervisory inspection

SIEM + XDR

security monitoring platform

24-hour monitoring

Incident Analysis

Support in responding

Threat detection

SIEM collects logs from:

EDR/XDR systems

Cloud systems

Active Directory

Backup systems

Firewall/IDS/IPS

Windows / Linux servers

Windows/Linux/macOS client stations

Network devices

Reporting

Monthly Report
(incidents, statistics, recommendations)

Quarterly Management Report (Risk Overview)

Reporting to authorities (NIS-2)

The service was designed to:

take the load off internal IT departments

improve the organization's cybersecurity

ensure compliance with the requirements of NIS-2, ISO 27001, and KSC

minimize the risk of downtime and data breaches

“NIS2 isn't a compliance cost—it's an investment in trust, business continuity, and the ability to continue selling”

Niko Balazy, CEO ITH

Read about NIS-2

Support
Maintenance

ITH NOC
Management Center
Infrastructure ITH

+48 22 539 99 99
[email protected]

Open all week, 24 hours a day

Solutions
for you

ITH sales team