SaaSFort
NIS2 Article 21
Self-Audit Template
All 10 mandatory NIS2 cybersecurity risk-management measures, in one Excel. Status, priority, owner, deadline — and an auto-counted readiness percentage. Built for SaaS compliance teams without a €50K consultant budget.
NIS2 Article 21(2) measures covered, one row each
EU 2022/2555
German entities missed the BSI registration deadline
BSI / heise
maximum fine for essential entities — 2% of global turnover
NIS2 Art. 34
All 10 Controls
Every NIS2 Article 21(2) measure,
one row at a time
Risk analysis & policies
Documented ISMS, board-approved policy review.
Incident handling
24h early warning + 72h CSIRT report procedure.
Business continuity
BCP/DRP with RTO/RPO objectives, tested annually.
Supply chain security
Critical supplier inventory + contractual clauses.
Vulnerability handling
Patching SLA, SBOM, disclosure policy.
Effectiveness assessment
External scans, KPI dashboard, MTTR/MTTD.
Cyber hygiene & training
Annual training records, §38 BSIG board training.
Cryptography
TLS 1.2+, encryption-at-rest, key management.
Access control
RBAC, quarterly access reviews, PAM for admins.
Multi-factor authentication
MFA on all access, FIDO2 for privileged.
Who It's For
Built for compliance teams
on a deadline
Compliance & Risk Officers
Walk into the next NIS2 board meeting with a populated audit, not a blank slate.
SaaS CTOs & Founders
See exactly what auditors will check — and where you stand against the October 2026 deadline.
Mid-Market Teams (50–250)
No €50K consultant. No enterprise GRC tooling. Just a working Excel and a clear remediation path.
October 2026 enforcement is six months away
Get the template, fill it in this week, and validate your external posture with a free SaaSFort scan.