SaaSFort
Free Bundle — Article 23 Ready

NIS2 24-Hour Incident Notification Bundle

BSI-format notification templates (24h, 72h, 1-month). Tabletop exercise with three scenarios. Awareness-clock worksheet. Everything Article 23 demands — in one zip, in German and English.

No spam. Unsubscribe anytime. Free forever.

NIS2 Article 21ISO 27001 Annex AOWASP Top 10GDPR-readyEU-hosted
Article 23 Timeline
Awareness → Final report · v1.0
.zip
1
24h — Early warning
Notify CSIRT/BSI that you are aware of a significant incident. Preliminary assessment, suspected attack flag.
2
72h — Incident notification
Nature of incident, indicators of compromise, initial impact, cross-border effect.
3
1mo — Final report
Full description, root cause, applied mitigations, preventive measures going forward.
DE + EN
24h

Article 23 early-warning deadline — clock starts at awareness, not detection

EU 2022/2555 Art. 23(4)

€10M

maximum fine for late or missing notification — 2% of global turnover, whichever is higher

NIS2 Art. 34

3

tabletop scenarios with role cards: ransomware, data breach, sustained DDoS

SaaSFort bundle v1

What's in the Bundle

Six artifacts. One zip. Built for the worst Tuesday of your year.

Templates document. SaaSFort scans verify. The bundle gives you a defensible paper trail before, during, and after a significant incident — so your 24-hour clock never runs out on a blank form.

24h BSI notification template

Pre-formatted .docx with every required field — DE + EN versions. Drop-in ready for BSI Meldeportal.

72h follow-up + 1-month final report

Two more templates covering the full Article 23 timeline. Same fields, same structure — auditor-ready.

Tabletop exercise (3 scenarios)

Ransomware, data breach, sustained DDoS. Role cards for CTO, CISO, comms lead, legal, support. Timed prompts.

Internal-comms log + decision sheet

When did you become aware, who decided to escalate, who approved the BSI notification. The audit trail Article 23 demands.

Awareness-clock worksheet

The clock starts at awareness, not at compromise. This worksheet documents detection, triage, and the moment legal liability begins.

CSIRT-format field map

BSI fields, ENISA fields, CSIRT NL fields — one cross-reference table. Fill once, file anywhere in the EU.

Templates ≠ Compliance

The bundle documents your readiness. A scan verifies it.

Article 23 mandates the notification process. Article 21 mandates the underlying controls — incident handling, vulnerability management, MFA, encryption — that determine whether you have something to report and how fast you can detect it.

The templates give you the paper trail. A SaaSFort scan validates the technical posture behind it: are your security headers configured, is your TLS current, are your endpoints exposed? The pairing is the point. Use one without the other and you have either a documented gap or an undocumented breach.

Who It's For

Anyone who would have to file the BSI form at 3am

CISOs & Heads of Security

Run the tabletop next quarter, file the templates in your IR runbook, sleep slightly better.

SaaS CTOs & Founders

You are the incident commander whether you signed up for it or not. The bundle gives you a script.

Compliance & Legal Leads

Article 23 has a defensible audit trail or it has a fine. The awareness-clock worksheet is the receipts.

Run the tabletop before you have to file the form

October 2026 enforcement is six months out. The 24-hour clock waits for no one. Get the bundle, run the exercise, validate your external posture with a free SaaSFort scan.

Download the Bundle Validate with a Free Scan

Already have the Article 21 self-audit template? This bundle is the operational counterpart.