NIS2 Compliance Templates & Pricing

NIS2 Compliance Templates

Explore 94+ ready-to-use DOCX and XLSX templates covering all 10 NIS2 Article 21 security measures.

What’s Inside

All 10 NIS2 Article 21 Measures — Documented

Every template follows a 9-section structure with pre-filled RACI tables, red-highlighted placeholders, implementation checklists, and Article 21 cross-references. Generic for any sector, or fully rewritten for manufacturing OT and energy/NCCS.

Compare packages & pricing →

From €249 · one-time payment · instant download

Template Categories

Browse by NIS2 compliance area. All 68 generic templates are included in the Complete Toolkit.

Art. 21(2)(a)

Risk Management

9 documents

Risk assessment methodology, risk register (XLSX), treatment plan, residual-risk acceptance, and risk reporting templates.

Art. 21(2)(b)

Incident Management

5 documents

Incident handling policy, minor incident procedure, notification forms (24h/72h/30-day), and incident log (XLSX) aligned with NIS2 Art. 23.

Art. 21(2)(c)

Business Continuity

7 documents

BIA methodology, BIA questionnaire (XLSX), continuity strategy, BCP, crisis management plan, and testing plan and report.

Art. 21(2)(d)

Supply Chain Security

6 documents

Supplier security policy, contractual security clauses, confidentiality statement, supplier risk assessment, directory (XLSX), and third-party questionnaire.

Art. 21(2)(e)–(j)

Technical Controls

24 documents

IT security, access control, authentication, cryptography, network security, patch management, logging & monitoring, backup, secure communications, HR security, and asset management policies.

Art. 20

Board & Governance

9 documents

Project launch decision, implementation plan, management review template, board briefing presentation, executive summary, risk dashboard (XLSX), and cybersecurity measurement report.

All 68 generic templates are included in the Complete Toolkit (€497). Enterprise license (€997) adds multi-entity rights. Sector-adapted packs for manufacturing and energy are listed below.

See packages & pricing →

Sector-Adapted

Operating in Manufacturing or Energy?

These packs are fully rewritten for OT/ICS environments — different files, not subsets of the generic toolkit. They stand alone or pair with any main package.

Manufacturing

Manufacturing Pack

“My factory has PLCs and SCADA”

€349

One-time · 12 sector-adapted DOCX

  • ✓ SCADA/PLC/ICS language built in
  • ✓ Manufacturing-specific risk matrices
  • ✓ IEC 62443 controls referenced

Get Manufacturing Pack

Energy

Energy Pack

“My grid runs on IEC-104”

€349

One-time · 14 sector-adapted DOCX

  • ✓ IEC 62351 / ENTSO-E network codes
  • ✓ NCCS-exclusive compliance templates
  • ✓ Grid-specific risk & incident categories

Get Energy Pack

Need a Specific Area?

Targeted packs for individual Article 21 requirements

Art. 21(2)(a)

Risk Management Pack

€199

8 documents

Risk assessment, treatment, and acceptance frameworks ready for implementation.

View Pack →

Art. 20

Board Briefing Pack

€199

5 documents

Board presentation, resolution templates, and governance oversight framework.

View Pack →

Art. 21(2)(b)

Incident Response Pack

€149

5 documents

Incident handling, logging, and notification procedures aligned with NIS2 timelines.

View Pack →

Art. 21(2)(c)

Business Continuity Pack

€149

7 documents

BIA, continuity strategy, crisis management, and recovery plans.

View Pack →

Art. 21(2)(d)

Supply Chain Pack

€149

6 documents

Supplier security policy, contractual clauses, and third-party assessment tools.

View Pack →

Compare All Products

Generic templates vs. sector-adapted rewrites — see what each product covers

Document Category Quick-Start
€249		 Complete
€497		 Mfg.
€349		 Energy
€349
Management & Planning Generic Generic Sector-Adapted Sector-Adapted
Risk Management Generic Generic Sector-Adapted Sector-Adapted
Core Security Policies Generic Generic Sector-Adapted Sector-Adapted
Business Continuity Generic Sector-Adapted Sector-Adapted
Supply Chain Generic Sector-Adapted Sector-Adapted
Incident Management Generic Generic Sector-Adapted Sector-Adapted
Measurement & KPIs Generic Generic
Board & Governance Generic
Compliance & Audit Tools Generic
NCCS Compliance Energy-Exclusive

Generic = cross-industry language. Sector-Adapted = rewritten with OT/ICS terminology, sector risk scenarios, and industry-specific controls. These are different files with different content — not filtered subsets.

Frequently Asked Questions

What format are the templates?

All templates are delivered in DOCX and XLSX formats. They are fully compatible with Microsoft Word, Google Docs, and LibreOffice — no proprietary software required.

Can I customise the templates with our company details?

Yes. Every template uses {{COMPANY_NAME}} placeholders throughout. Simply find and replace with your organisation’s details, and the documents are ready for use.

How are templates mapped to NIS2?

Each template includes a regulatory mapping section that traces its content to the specific Article 21 sub-requirement, the corresponding CIR 2024/2690 Annex clause, and relevant ENISA guidance. You always know exactly which obligation each document satisfies.

Do you handle VAT?

Yes. For B2B purchases with a valid EU VAT number, reverse charge applies (0% VAT). For B2C purchases, VAT is added at the rate applicable to your country of residence.

Can I get a refund?

As these are digital products, refunds are not available after download. If you have any concerns before purchasing, please contact us and we will be happy to answer your questions.

Are updates included?

Yes. All regulatory updates — including changes from implementing acts, ENISA guidance revisions, and CIR amendments — are included free for 12 months from the date of purchase.

What is the difference between the Complete Toolkit and sector packs?

The Complete Toolkit contains 68 generic documents covering every Article 21 requirement. The Manufacturing Pack (12 docs) and Energy Pack (14 docs) contain sector-adapted rewrites — entirely different files with OT/ICS terminology, sector-specific risk scenarios, and industry controls baked in. They are not subsets of each other. Use a sector pack on its own for core compliance, or pair it with the Complete Toolkit for full generic + sector-adapted coverage.

What are the cross-sell packs?

Cross-sell packs (Risk Management, Board Briefing, Incident Response, Business Continuity, Supply Chain) are focused subsets of the Complete Toolkit — ideal if you only need documentation for one specific Article 21 area. Every document in a cross-sell pack is also included in the Complete Toolkit.

Full Document List

All 68 core documents included in the Complete Toolkit, grouped by category

Management & Planning 6 docs
  • NIS2 Implementation Project Plan
  • ISMS Scope & Context Document
  • Information Security Policy
  • Roles & Responsibilities Matrix
  • Security Awareness Training Plan
  • Document Control Procedure

Risk Management 10 docs
  • Risk Management Policy
  • Risk Assessment Methodology
  • Risk Register (XLSX)
  • Risk Treatment Plan
  • Risk Acceptance Criteria
  • Risk Appetite Statement
  • Threat Landscape Analysis Template
  • Vulnerability Management Procedure
  • Security Metrics & KPI Dashboard (XLSX)
  • Management Review Minutes Template

Core Security Policies 14 docs
  • Network Security Policy
  • Encryption & Cryptography Policy
  • Secure Development Policy
  • Patch Management Procedure
  • Change Management Procedure
  • Configuration Management Policy
  • Mobile Device & Remote Working Policy
  • Acceptable Use Policy
  • Physical Security Policy
  • Cloud Security Policy
  • Logging & Monitoring Policy
  • Email & Communications Security Policy
  • Endpoint Protection Policy
  • Secure Disposal & Media Handling Policy

Access & Authentication 5 docs
  • Access Control Policy
  • Multi-Factor Authentication Procedure
  • Privileged Access Management Policy
  • User Provisioning & De-provisioning Procedure
  • Password Policy

Asset Management 2 docs
  • Asset Inventory Register (XLSX)
  • Asset Classification & Handling Policy

Data Protection 3 docs
  • Data Classification Policy
  • Data Retention & Disposal Schedule
  • Privacy Impact Assessment Template

Backup & Continuity 4 docs
  • Backup Policy & Procedure
  • Backup Testing & Verification Log (XLSX)
  • Disaster Recovery Plan
  • Recovery Time & Point Objectives Register

Business Continuity 7 docs
  • Business Impact Analysis (BIA)
  • Business Continuity Policy
  • Business Continuity Strategy
  • Business Continuity Plan
  • Crisis Management Plan
  • Crisis Communication Plan
  • BC Testing & Exercise Schedule

Incident Management 5 docs
  • Incident Response Policy & Procedure
  • Incident Classification & Severity Matrix
  • Incident Log & Tracker (XLSX)
  • NIS2 Notification Workflow (24h / 72h / 1 month)
  • Post-Incident Review Template

Supplier Management 6 docs
  • Supplier Security Policy
  • Supplier Risk Assessment Questionnaire
  • Supplier Register (XLSX)
  • Security Clauses for Contracts
  • Third-Party Access Agreement
  • Supplier Monitoring & Review Procedure

Board & Governance 5 docs
  • Board Briefing Presentation Template
  • Board Resolution on NIS2 Compliance
  • Management Body Training Record
  • Governance & Oversight Framework
  • Compliance Status Dashboard (XLSX)

6 + 10 + 14 + 5 + 2 + 3 + 4 + 7 + 5 + 6 + 5 = 67 core documents. The 68th is the ISO 27001 Cross-Reference Mapping included with the Complete Toolkit.

Ready to Start Your NIS2 Compliance Journey?

Get the Complete Toolkit and cover every Article 21 requirement.

€497

Compare All Products

Instant download · DOCX & XLSX · Professional formatting · 12-month updates