Client profile
Two end-client companies operating in manufacturing (industrial machinery) and food (milling industry), served in coordination with an external IT Management partner.
Objective
Gap Analysis and set-up of compliance activities, with primary focus on NIS2 and related areas (CRA, Data Act, AI Act, GDPR, food-sector standards such as BRCGS Food Safety and IFS Food).
Approach
Both companies were addressed with the same methodological approach and timeline, tailored to their specific context, with separate paths and fees per client. The assessment covered all business areas, R&D, production, administration, customer management and sales.
Activities carried out
- Assessment of existing organisation, policies and procedures, IT and OT infrastructure, data management
- Detailed analysis of NIS2 requirements, risk management, incident management, training and awareness
- On-site kick-off workshop for alignment and information gathering
- On-site feedback workshop, presenting impacts and possible next steps for Design
- Top Management training and awareness session, as required by NIS2
Deliverable
Compliance context document, Gap Analysis with two compliance levels (Basic and Advanced) and priorities based on impact and opportunity, Top Management training session, work plan for the Design phase.
Timeline
Activities started in spring 2026 and completed by the end of summer, in line with the NIS2 deadline of October 2026 and the first CRA deadline.
NIS2CRAMulti-client