NIS2 Readiness – Workshops, Consulting & Implementation Support for NISG 2024
With the EU NIS2 Directive and the Austrian Network and Information Systems Security Act (NISG 2024), significantly expanded cybersecurity requirements now apply to companies in essential and important sectors. The obligations no longer just affect traditional critical infrastructure operators – medium-sized companies in areas such as energy, healthcare, transport, digital infrastructure, wastewater, public administration, food, or manufacturing may also be affected.
We help you understand the requirements, assess your current status, and implement the necessary measures in a structured way.
Are You Affected?
The NIS2 Directive distinguishes between essential and important entities. Whether your organization falls within scope depends on sector, company size, and criticality. We help you determine your status:
- Verify sector affiliation (Annex I and II of the NIS2 Directive)
- Assess thresholds for employee count and revenue
- Identify dependencies in the supply chain
- Clarify existing exceptions and special provisions
Our NIS2/NISG Workshops
We offer practice-oriented workshops that prepare your team for the requirements – clear, structured, and tailored to your industry:
- Awareness Workshop – Overview of NIS2/NISG for executives and management. What's changing? What obligations arise? What liability risks exist? This workshop creates awareness at management level and is the ideal starting point.
- Deep-Dive Workshop – Detailed analysis of technical and organizational requirements for IT managers, CISOs, and security officers. Topics: risk management, incident reporting, supply chain security, business continuity, encryption, access control.
- Gap Analysis Workshop – Joint assessment of your current security level against NIS2 requirements. Identification of gaps and creation of a prioritized action plan. Result: a concrete roadmap to compliance.
- Incident Response Workshop – Simulation and exercise of security incidents. Understanding reporting obligations (24h/72h deadlines), defining communication channels, establishing escalation processes.
- Supply Chain Security Workshop – Assessment of cybersecurity in your supply chain. Defining requirements for suppliers, contractual safeguards, monitoring third-party risks.
Consulting & Implementation Support
Beyond workshops, we guide you through concrete implementation:
- Risk Management – Building or enhancing a risk management system per NIS2, including asset inventory, threat analysis, and risk assessment.
- Security Policies – Creating information security policies, emergency plans, and business continuity concepts.
- Technical Measures – Implementing network segmentation, encryption, monitoring, logging, and access controls – aligned with your infrastructure.
- Incident Reporting – Setting up processes and structures for timely reporting of security incidents to the competent authority.
- Documentation & Evidence – Building the required documentation for audits and regulatory inspections.
- ISMS Integration – Integrating NIS2 requirements into existing management systems (ISO 27001, BSI IT-Grundschutz).
Training & Awareness
NIS2 explicitly requires regular training for employees and executives. We offer:
- Cybersecurity awareness training for all employees
- Specialized training for IT and OT personnel
- Phishing simulations and social engineering tests
- Executive training on liability and duty of care
Why ALPSCALE?
We come from practice – not from pure consulting. Our team combines experience in energy supply, industrial automation, and IT security. We know the reality in organizations operating critical infrastructure, and we understand that compliance is not an end in itself but must create real security.
Contact us – together, we'll clarify whether you're affected, where you stand, and how to implement NIS2 pragmatically and efficiently.