Question 1

What is NIS2 and who must comply?

Accepted Answer

NIS2 is the EU Directive on the security of network and information systems. Many medium and large enterprises in key sectors must comply; SMEs in supply chains may be indirectly affected.

Question 2

How does Verity Edge help with NIS2?

Accepted Answer

We provide scorecards, automated evidence, and reports mapped to NIS2 control families, without processing personal data.

Question 3

Do we need personal data to prove compliance?

Accepted Answer

No. Verity Edge uses operational metrics only, avoiding PHI/PII in the telemetry pipeline.

Question 4

How long does an assessment take?

Accepted Answer

Most SMEs reach audit-ready status within an 8-week structured assessment.

Question 5

What counts as a site for NIS2 compliance?

Accepted Answer

A site is any physical location with IT infrastructure you want to monitor. This could be a server room, retail store, factory floor, or office building.

Question 6

Can we assess more than 3 sites?

Accepted Answer

Yes—upgrade anytime or purchase the Extended Audit Pack for up to 10 sites.

Control Area	What to do	Owner	Next step
Asset inventory	Maintain an up-to-date inventory of all edge systems and sites	IT	Automate this step
Incident response	Define alert thresholds, escalation, and MTTR targets	Ops	Create alert rules
Backup & recovery	Document policies, test restores, and retain evidence	Compliance	Generate evidence
Supply chain	Assess vendors, document data flows, minimize personal data	Compliance	Automate records

NIS2 Checklist

Need Help with NIS2?