Free NIS-2 checklist:
Self assessment for compliance and maturity level

The NIS‑2 self-assessment tool is a practical analysis tool that allows companies to quickly and systematically evaluate their current level of implementation of the NIS‑2 directive.
It is based on a scientific study conducted in collaboration with a Bavarian university (as part of a bachelor’s thesis) and is specifically designed for small and medium-sized enterprises.
The tool helps you:

• Understand your NIS‑2 obligations
• Determine your company’s maturity level
• Identify gaps between implementation (practice) and documentation (evidence)

The evaluation is presented using a traffic light system and provides a clear management summary – ideal for prioritizing actions or requesting budget approval from management.
Technical requirement: Only Microsoft Excel is needed; no installation of external software.

It was specifically developed for information security officers (ISOs), IT managers and managing directors in small and medium-sized enterprises. It is ideal for anyone who wants to quickly and pragmatically determine their NIS‑2 status without deep legal knowledge.

Plan for the first run to take approximately 45-120 minutes - depending on prior knowledge and the level of documentation. The advantage: the tool saves your entries, so subsequent reviews and updates can be completed in just a few minutes.

It is best to have access to your organizational charts (responsibilities), existing IT policies, and emergency plans. If something is not available: no problem - the tool automatically flags it as an action item.

No. The tool is an internal gap analysis for preparation. It clearly shows you where you stand, helping you avoid unpleasant surprises in a real audit. It provides the roadmap but does not replace an assessment by a third party.

Nothing. The tool runs locally on your computer. No data is transmitted to us or third parties. You retain full control.

Of course, you can contact us at any time if you have questions! However, if the inquiry requires significant consulting effort, it will need to be handled as a separate consulting project.

The dashboard shows you what is missing in your company. Use the HvS services linked in the tool to efficiently close these gaps instead of starting from scratch.

Yes. The tool identifies the specific NIS‑2 gaps (e.g., strict 24-hour reporting deadlines, personal liability) that are often not explicitly covered in standard certifications.

Many companies are technically secure (firewalls, backups), but documentation is lacking. In our study, this proved to be the biggest hurdle for SMEs. The tool deliberately separates these two levels. This way, you can immediately see whether you are truly at risk - or if you just need to complete your “homework” on paperwork to be audit-ready.

Definitely. In our expert interviews, this was the greatest benefit of the tool. The graphical evaluation (traffic light system) serves as an ideal argumentation aid (“management summary”) to visually show management where urgent action is needed to minimize personal liability.

Yes, based on the principle of “help for self-help.” Depending on your maturity level, we offer tailored solutions - from a template package to get started to an incident response retainer for ongoing operations.