NIS2 Compliance Kit
72 ready-to-use documents for the complete NIS2 implementation. Aligned with § 30 BSIG (10 mandatory measure categories) and § 38 BSIG (management training + personal liability). DACH-specific.
All 10 § 30 BSIG mandatory measure categories — covered
Scope & BSI Registration
Scope assessment, sector classification (18 sectors), group structure analysis, DORA/NIS2 demarcation, BSI registration form template.
Governance & § 38 BSIG Liability
Management body resolution, liability briefing (personal internal liability, no waiver for 3 years), training plan, RACI matrix, CISO quarterly report.
Risk Management & ISMS
Information security policy, risk methodology, risk register, risk treatment plan. Compatible with ISO 27001 and BSI Grundschutz.
Incident Response (§ 32 BSIG)
Incident response policy + playbook, 24h early warning, 72h notification, intermediate & final reports, significant incident classification (per EU IR 2024/2690).
Business Continuity & Crisis
BCP, backup & recovery, disaster recovery, crisis management & communication.
Supply Chain Security
Vendor questionnaire, scoring, contract clauses (cybersecurity).
Secure Development & Vulnerability
Secure development policy, vulnerability management, vulnerability disclosure (CVD).
Cyber Hygiene & Training
Cyber hygiene policy, employee training programme, phishing awareness, password & MFA hygiene.
Cryptography & Access
Cryptography policy, IAM, MFA policy, asset inventory, secure communication, emergency communication.
Audit & Evidence
Audit checklist, SoA, evidence inventory, compliance dashboard, audit simulation, pentest RFP, ISO 27001 mapping, BSI Grundschutz mapping.
Choose your tier
Purchase as a business under § 1 KSchG / § 14 BGB. By clicking "Order" you accept our Terms and Privacy Policy.
Basis
Compliance documentation kit
- ✓ 72 editable templates
- ✓ Personalised with your company name
- ✓ Buy once, always up-to-date
- ✓ 60-day money-back guarantee*
- ✓ License for buyer + corporate group (§ 15 AktG)
Plus
Documentation + employee training
- ✓ 72 editable templates
- ✓ Personalised with your company name
- ✓ Buy once, always up-to-date
- ✓ 60-day money-back guarantee*
- ✓ License for buyer + corporate group (§ 15 AktG)
- ✓ E-learning module (employee training)
Komplett
Documentation + training + trainer materials
- ✓ 72 editable templates
- ✓ Personalised with your company name
- ✓ Buy once, always up-to-date
- ✓ 60-day money-back guarantee*
- ✓ License for buyer + corporate group (§ 15 AktG)
- ✓ E-learning module (employee training)
- ✓ Trainer pack (PowerPoint + trainer materials for in-house training)
All documents are pre-filled with your company name and license ID. Download link via email.
Multi-company license for corporate groups
Multiple independent sister companies without group affiliation (§ 15 AktG)? +50% surcharge extends the license to 3 additional companies.
Example: Plus 1,290 EUR × 1.50 = 1,935 EUR. Choose the multi-company license at checkout. Details in our Terms § 6.
Note: Templates are based on current case law and source-verified before delivery. Customisation to your specific company situation and final legal review are recommended. 60-day money-back guarantee* per Terms § 8.
Frequently asked questions
What is included in the kit?
72 editable templates covering the full NIS2 / BSIG cybersecurity scope: ISMS handbook (§ 30 BSIG), risk management framework, incident-response playbook (24h / 72h / 1-month staged report under § 32 BSIG), supply-chain risk register, business continuity plan, encryption / MFA policies, access control matrix, awareness training programme, executive liability evidence pack (§ 38 BSIG).
Can I keep the templates forever?
Yes. After purchase you receive a download link containing all personalised Word templates. The files belong to you completely — you can store, integrate, edit and archive them. No cloud dependency, no per-device license activation, no internet connection required for use.
What does "buy once, always up-to-date" mean?
You receive all updates of the kit as long as the kit is maintained in its current major version. Updates arrive when authorities (BSI, ENISA) publish new guidance, new case law is published, or known follow-up phases of a regulation kick in. If a substantially new regulation supersedes the existing one, a new major version emerges — existing customers receive a 50% discount. Details in Terms § 7.
What does the 60-day money-back guarantee cover?
If a template content is provably legally incorrect (proven by a lawyer's letter or authority statement), we refund the purchase price plus demonstrable consequential costs — up to a maximum of twice the purchase price. Deadline: 60 days from delivery. Details in Terms § 8.
Am I covered by NIS2?
NIS2 covers "essential" (KRITIS, energy, water, transport, finance, health, digital infra) and "important" (B2B IT, postal, waste, chemicals, food, manufacturing, research) sectors. Size thresholds: 50+ employees OR EUR 10M+ turnover for "important", or 250+ / EUR 50M+ for "essential". § 30 BSIG (DE): in force since 06.12.2025. Even sub-threshold companies are often covered as suppliers (Art. 21(2)(d)).
What are the executive liability risks?
§ 38 BSIG: management bodies are personally liable for cybersecurity risk management. They must approve risk-management measures, oversee implementation, and undergo training. Fines: up to EUR 10 million or 2% of worldwide turnover for essential entities, EUR 7 million or 1.4% for important entities.
What about incident reporting deadlines?
Three-stage report under § 32 BSIG / Art. 23 NIS2: 24-hour early warning, 72-hour incident notification with initial assessment, one-month final report with root cause analysis. The kit includes a ready-to-use incident-response playbook and BSI report templates.
Does ISO 27001 cover NIS2?
ISO 27001 covers approximately 80% of Art. 21 NIS2 / § 30 BSIG technical-organisational measures. NIS2-specific requirements beyond ISO 27001: incident reporting workflows, supply-chain risk management (Art. 21(2)(d)), executive training duty (§ 38), the BSI register (§ 33 BSIG). Mapping workbook included.