Compliance & Audits
We help you meet NIS2 requirements before they become urgent
We assess compliance with the 10 minimum security measures required by NIS2 Article 21 and the amended KSC Act - identifying gaps, measuring maturity and delivering a prioritized action plan.
Last updated: April 2026
NIS2 Audit is a SEQRED service covering nis2 and ksc act compliance audit. gap analysis, remediation plan, implementation support.
Compliance & Audits
The amendment to Poland's National Cybersecurity System Act entered into force on April 2, 2026, giving organizations 12 months to comply. Article 21 defines 10 minimum security measures - from risk management to supply chain security. Penalties reach EUR 10M for essential entities and EUR 7M for important ones, with personal liability for board members. Organizations need a clear assessment of their current state, maturity scoring and a concrete implementation plan - before the deadline.
Scope
Scope assessment - whether the organization falls under NIS2 as essential or important entity
Audit of 10 minimum security measures (NIS2 Article 21)
Maturity scoring - assessment of each area on a scale from absent to optimized
Assessment of incident reporting and handling processes (NIS2 Article 23)
Supply chain and ICT supplier security analysis
Policy, procedure and documentation review
Support with mandatory self-registration (deadline: 6 months from entry into force)
Remediation plan with prioritization, timeline and resource estimates
Process
Entity classification
We determine whether the organisation is an essential or important entity under NIS2.
Current state audit
We analyse policies, processes, architecture, and documentation against the directive's requirements.
Gap analysis
We identify discrepancies between the current state and NIS2 requirements.
Remediation plan
We deliver a prioritised action plan with a timeline and resource estimates.
Implementation support
On request, we support the organisation in executing the remediation plan.
FAQ
Who does NIS2 apply to? +
NIS2 covers essential and important entities in sectors such as energy, transport, health, digital infrastructure, manufacturing, and others - details depend on the size and type of activity.
How long does the audit take? +
A typical audit takes 4 to 8 weeks, depending on the organisation's size and infrastructure complexity.
Does the audit cover supply chain security? +
Yes - NIS2 requires assessment of risks related to ICT service providers. We analyse contracts, SLAs, and supplier management processes.
What happens after the audit? +
We deliver a report with gap analysis and a remediation plan. On request, we support the organisation in implementing the recommendations.
How does SEQRED price its services? +
Pricing is based on an individual estimate of our consultants' time, considering the project scope and complexity. We present the offer broken down by phases - so you see exactly what you're paying for and can make decisions at each stage.
Can I speak with an expert before making a decision? +
Yes - an initial consultation is always welcome and free of charge. We help define the actual scope of your needs, which allows us to prepare a rational offer tailored to your organization.
How is a NIS2/KSC compliance audit priced? +
Pricing depends on the number of entities and locations covered, the regulatory scope (KSC, NIS2, DORA), and the expected depth of gap analysis. We help select a scope appropriate to your organization's maturity level.
We'll discuss scope, methodology, and timeline.
Free consultation, no strings attached.