What is NIS2? Am I affected? Sectors Templates & Pricing Free Guides Contact
NIS2 Complete Toolkit
NIS2 Complete Toolkit - Image 2

NIS2 Complete Toolkit

497,00 

  • 68 editable DOCX + XLSX files
  • Instant download after payment
  • Covers Article 21(2)(a)–(j) in full
  • 1 year of updates included
  • Secured by Stripe

Digital download — once you confirm at checkout, the EU 14-day withdrawal right is waived per Directive 2011/83/EU, Art. 16(m).

SKU: NIS2-TOOLKIT-EN Category:

Description

Every NIS2 Article 21 security measure—documented, cross-referenced, and ready to customise. The Complete Toolkit gives your organisation 68 editable DOCX and XLSX templates mapped to three regulatory sources: the NIS2 Directive, Implementing Regulation CIR 2024/2690 Annex, and ENISA technical guidance—with ISO 27001:2022 cross-references built in. No other template set on the market provides this triple-source mapping across every document.

Art. 21(2)(a)–(j) mapped
CIR 2024/2690 referenced
ISO 27001:2022 cross-referenced
ENISA guidance referenced
UK English
Editable DOCX/XLSX

Why Organisations Are Scrambling to Document NIS2 Compliance

The NIS2 Directive required EU member states to transpose its provisions into national law by 17 October 2024. That deadline has passed, and enforcement frameworks are going live across the EU. Three regulatory realities now face every organisation in scope:

  1. Enforcement is active. National competent authorities can now audit and sanction entities that lack documented security measures. Waiting for “final guidance” is no longer a viable strategy.
  2. Penalties are severe. Under Article 34 of the NIS2 Directive, administrative fines may reach up to €10,000,000 or 2% of total worldwide annual turnover—whichever is higher—subject to national implementing law and supervisory authority discretion.
  3. Board members carry personal liability. Article 20 places management bodies directly responsible for approving and overseeing cybersecurity risk-management measures. Lack of documented governance is not a defensible position.

The gap most organisations face is not technical—it is documentary. Policies, procedures, risk assessments, and audit trails must exist before an auditor arrives. The question is how to produce them accurately and efficiently.

68 Editable Templates Mapped to Three Regulatory Sources

The Complete Toolkit replaces months of policy drafting with a structured documentation set that covers every measure listed in Article 21(2)(a) through (j). Each template follows a consistent 9-section structure—Purpose, Scope, Definitions, RACI matrix, Requirements, Exceptions, Monitoring, References, and Appendix—with pre-filled RACI tables for six organisational roles, red-highlighted placeholders for your organisation-specific data, and 3+ KPIs per document for board reporting.

The 68 documents are organised into 10 functional categories:

1. Management & Planning

5 docs — Welcome Guide, Implementation Guide, Project Launch Pack, Project Plan, Training Plan

2. Risk Management

7 docs — Information Security Policy, Risk Assessment Methodology, Risk Assessment Table, Risk Treatment Table, Residual Risk Acceptance, Risk Report, Risk Treatment Plan

3. Core Security Policies

23 docs — IT Security, Clear Desk, Mobile/Remote Working, BYOD, Physical Security, Information Classification, Asset Management, IT Asset Register, Network Security, Patching, Logging, Change Management, Backup, Information Transfer, Secure Communications, Disposal, Encryption, Access Control, Authentication, Password Policy, ICT Acquisition, ICT Security Requirements, HR Security + Statement of Acceptance

4. Business Continuity

9 docs — BIA Methodology, BIA Questionnaire, BC Strategy, BC Plan, Crisis Management Plan, Exercise Plan, Exercise Report, Backup Policy, Disaster Recovery Plan

5. Supply Chain

6 docs — Supplier Security Policy, Security Clauses, Confidentiality Statement, Supplier Directory, Self-Assessment Questionnaire, Compliance Checklist

6. Incident Management

5 docs — Incident Handling Policy, Minor Incident Procedure, Incident Log, Notification Forms (24h/72h/1-month per Art. 23), Corrective Actions Register

7. Measurement & KPIs

2 docs — Measurement Methodology, Measurement Report

8. Board & Governance

2 docs — Board Briefing Pack, Board Resolution Template

9. Compliance & Audit Tools

9 docs — NIS2–ISO Mapping Spreadsheet, Gap Analysis, Training Tracker, Internal Audit Checklist, CIR Compliance Matrix, GDPR–NIS2 Checklist, NCA Registration Guide, Audit Procedure, Audit Report

10. System Layer

8 docs — Master Map, Role Matrix, Quick-Start Cards (NIS2 Officer, IT Lead, HR Manager), Incident Flowchart, Implementation Flowchart, Dependency Map

See all 68 document titles
  1. 00a — Welcome & Overview
  2. 00b — Implementation Guide
  3. 00c — Master Map
  4. 00d — Role Matrix
  5. 00e — Quick-Start Card: NIS2 Officer
  6. 00f — Quick-Start Card: IT Lead
  7. 00g — Quick-Start Card: HR Manager
  8. 00h — Incident Flowchart
  9. 00i — Implementation Flowchart
  10. 00j — Document Dependency Map
  11. 01 — Project Launch Pack
  12. 02 — Project Plan
  13. 03 — Initial Training Plan
  14. 04 — Information Security Policy
  15. 05 — Risk Assessment Methodology
  16. 06 — Risk Assessment Table
  17. 07 — Risk Treatment Table
  18. 08 — Acceptance of Residual Risks
  19. 09 — Risk Assessment & Treatment Report
  20. 10 — Risk Treatment Plan
  21. 11 — IT Security Policy
  22. 12 — Clear Desk & Clear Screen Policy
  23. 13 — Mobile & Remote Working Policy
  24. 14 — BYOD Policy
  25. 15 — Physical Security Policy
  26. 16 — Information Classification Policy
  27. 17 — Asset Management Policy
  28. 18 — IT Asset Register
  29. 19 — Network Security Policy
  30. 20 — Vulnerability & Patch Management
  31. 21 — Logging & Monitoring Policy
  32. 22 — Change Management Policy
  33. 23 — Backup Policy
  34. 24 — Information Transfer Policy
  35. 25 — Secure Communications Policy
  36. 26 — Secure Disposal Policy
  37. 27 — Encryption & Cryptographic Controls
  38. 28 — Access Control Policy
  39. 29 — Authentication Policy (incl. MFA)
  40. 30 — Password Policy
  41. 31 — ICT Acquisition Policy
  42. 32 — ICT Security Requirements
  43. 33 — HR Security Policy
  44. 34 — Statement of Acceptance
  45. 35 — BIA Methodology
  46. 36 — BIA Questionnaire
  47. 37 — Business Continuity Strategy
  48. 38 — Business Continuity Plan
  49. 39 — Crisis Management Plan
  50. 40 — Exercise Plan
  51. 41 — Exercise Report
  52. 42 — Supplier Security Policy
  53. 43 — Supplier Security Clauses
  54. 44 — Confidentiality Statement
  55. 45 — Supplier Directory
  56. 46 — Measurement Methodology
  57. 47 — Measurement Report
  58. 48 — Incident Handling Policy
  59. 49 — Minor Incident Procedure
  60. 50 — Incident Log
  61. 51 — Incident Notification Forms
  62. 52 — Corrective Actions Register
  63. 53 — NIS2–ISO 27001 Mapping Spreadsheet
  64. 54 — Gap Analysis Workbook
  65. 55 — Training Tracker
  66. 56 — Internal Audit Checklist
  67. 57 — CIR 2024/2690 Compliance Matrix
  68. 58 — Board Briefing Pack
  69. 59 — Board Resolution Template
  70. 60 — Supplier Self-Assessment Questionnaire
  71. 61 — Supplier Compliance Checklist
  72. 62 — NCA Registration Guide
  73. 63 — GDPR–NIS2 Crosswalk Checklist
  74. 64 — Disaster Recovery Plan
  75. 65 — Audit Procedure
  76. 66 — Audit Report Template

How Every Article 21 Measure Is Covered

The table below maps each Article 21(2) security measure to the toolkit documents and CIR 2024/2690 Annex sections that address it.

NIS2 Article Security Measure Toolkit Documents CIR Annex
Art. 21(2)(a) Risk analysis & information system security Docs 04–10: Information Security Policy, Risk Assessment Methodology, Risk Assessment & Treatment Tables, Residual Risk Acceptance, Risk Report, Risk Treatment Plan Sections 1–2
Art. 21(2)(b) Incident handling Docs 48–52: Incident Handling Policy, Minor Incident Procedure, Incident Log, Notification Forms (24h/72h/1-month), Corrective Actions Register Section 3
Art. 21(2)(c) Business continuity & crisis management Docs 23, 35–41, 64: BIA Methodology & Questionnaire, BC Strategy & Plan, Crisis Management Plan, Exercise Plan & Report, Backup Policy, Disaster Recovery Plan Section 4
Art. 21(2)(d) Supply chain security Docs 42–45, 60–61: Supplier Security Policy, Security Clauses, Confidentiality Statement, Supplier Directory, Self-Assessment, Compliance Checklist Section 5
Art. 21(2)(e) Acquisition, development & maintenance Docs 20, 22, 31–32: Vulnerability & Patch Management, Change Management, ICT Acquisition, ICT Security Requirements Section 6
Art. 21(2)(f) Effectiveness assessment Docs 46–47, 53–57, 62–66: Measurement Methodology & Report, NIS2–ISO Mapping, Gap Analysis, Audit Checklist, CIR Compliance Matrix, Audit Procedure & Report Section 7
Art. 21(2)(g) Cybersecurity training & awareness Doc 03: Initial Training Plan with role-specific modules; Doc 55: Training Tracker Section 8
Art. 21(2)(h) Cryptography & encryption Doc 27: Encryption & Cryptographic Controls Section 9
Art. 21(2)(i) HR security, access control & asset management Docs 28–30, 33–34: Access Control, Authentication (MFA), Password Policy, HR Security, Statement of Acceptance; Docs 16–18: Information Classification, Asset Management, IT Asset Register Sections 10–12
Art. 21(2)(j) Multi-factor authentication & secure communications Docs 25, 29: Secure Communications Policy, Authentication Policy (incl. MFA requirements) Section 11

Which Product Fits Your Starting Point

The Complete Toolkit contains all 68 generic documents. Sector packs contain fully rewritten, sector-adapted versions—not subsets of the Complete Toolkit. Choose based on your industry and scope.

Document Category Quick-Start Bundle
€249		 Complete Toolkit
€497		 Manufacturing Pack
€349		 Energy Pack
€349
Management & Planning Generic Generic Sector-Adapted Sector-Adapted
Risk Management Generic Generic Sector-Adapted Sector-Adapted
Core Security Policies Generic Generic Sector-Adapted Sector-Adapted
Business Continuity Generic Sector-Adapted Sector-Adapted
Supply Chain Generic Sector-Adapted Sector-Adapted
Incident Management Generic Generic Sector-Adapted Sector-Adapted
Measurement & KPIs Generic Generic
Board & Governance Generic
Compliance & Audit Tools Generic

Who Uses the Complete Toolkit

CISO / NIS2 Officer — You need a documentation set that is audit-ready from day one. The toolkit provides pre-structured policies with regulatory references already embedded, so you can present a complete Article 21 evidence package to your national competent authority.

IT Security Lead — You need implementation-level detail, not abstract policy statements. Every document includes RACI tables for six roles, implementation checklists (0–4 weeks and 1–3 months), and measurable KPIs so your team knows exactly who does what and by when.

Compliance Manager — You need the regulatory mapping done before you start drafting. Each template references the applicable NIS2 Article, CIR 2024/2690 Annex section, and ENISA technical guidance—saving weeks of cross-referencing work.

Board Member / CEO — You need to demonstrate Article 20 due diligence. The Board Briefing Pack and Board Resolution template provide the governance artefacts that show management oversight is documented and active.

Common Questions About the NIS2 Complete Toolkit

Are these templates legal advice?

No. These templates are general samples intended as a starting point for your NIS2 documentation. They do not constitute legal advice. Every document must be reviewed by a qualified professional before adoption, taking into account your sector, jurisdiction, and organisational context.

Can I customise the documents?

Yes. All templates are delivered as editable DOCX and XLSX files. Organisation-specific fields—such as company name, scope, roles, and thresholds—are highlighted in red bold text so nothing is missed during customisation. You can add your logo, adjust section scope, and extend any template to fit your requirements.

What format are the files?

The toolkit contains DOCX (Word) and XLSX (Excel) files. They are compatible with Microsoft Word, Google Docs, LibreOffice Writer, and any application that supports the Open XML format. No proprietary software is required.

Do you offer refunds?

This is a digital download product. The right of withdrawal is waived at checkout in accordance with EU Directive 2011/83/EU, Article 16(m). You will be asked to consent to this waiver before completing payment.

How do I know these cover all NIS2 requirements?

Every document references the specific Article 21(2) measure it addresses, the corresponding CIR 2024/2690 Annex section, and applicable ENISA guidance. The compliance matrix above maps all ten measures to their toolkit documents. Doc 57 (CIR Compliance Matrix) provides a standalone crosswalk for audits.

Are updates included?

Yes. Your purchase includes one year of updates. As EU guidance evolves—new ENISA publications, member state implementation acts, or CIR amendments—updated templates are made available for download at no additional cost during your update period.

I already have ISO 27001 — do I still need this?

Yes. While NIS2 and ISO 27001:2022 share significant overlap, the Directive imposes additional requirements that ISO alone does not cover—including incident notification timelines (Article 23), supply chain due diligence (Article 21(2)(d)), board-level governance obligations (Article 20), and specific CIR 2024/2690 technical measures. Doc 53 (NIS2–ISO 27001 Mapping Spreadsheet) identifies every gap so you know exactly where your existing ISMS needs supplementing.

Start Your NIS2 Documentation Today

The Complete Toolkit provides a structured path from zero documentation to full Article 21 coverage—68 editable templates with the regulatory mapping already done, ready to customise, present to your board, and hand to auditors.

Instant download after payment
Stripe-secured checkout
VAT handled at checkout
1 year of updates included

Disclaimer: These templates are general samples for internal use. They do not constitute legal advice and must be reviewed by a qualified professional before adoption. No document in this pack guarantees NIS2 compliance. See our full Disclaimer.

Reviews

There are no reviews yet.

Be the first to review “NIS2 Complete Toolkit”

Your email address will not be published. Required fields are marked *

Related products