When the basics are too informal for NIS2

NIS2 Foundations Plan

Sometimes the issue is not just missing documents. The basics are too informal: no clear owner, no register, no incident process, unclear backup evidence, weak access routines, or unanswered MSP questions. The Foundations Plan turns those NIS2 readiness gaps into a practical action plan your team can actually follow.

Use this route when

The foundations are too weak to support credible NIS2 evidence.

Businesses whose ownership, policies, registers, access routines, incident process, backup evidence, or MSP evidence are too weak or unclear.

What this route produces

A practical plan for ownership, routines, and evidence.

Cyber ownership model for decisions, evidence maintenance, MSP work, and customer response approval.
Starter register set or setup guidance for risks, assets, suppliers, access reviews, incidents, and actions.
Policy and routine gap list prioritising missing or weak procedures and repeatable routines.
Access and backup evidence plan covering MFA, user reviews, backup status, recovery expectations, and continuity.
Incident process outline with escalation, contacts, response steps, and records to keep.
MSP action list with clear evidence requests and responsibility questions.
90-day foundation roadmap with owners and evidence outcomes.

How the plan is built

Turn weak foundations into owner-backed next actions.

Baseline review of ownership, policies, registers, access, backup, incident, supplier, and MSP evidence.
Identify missing foundations and practical evidence requirements.
Create MSP or internal IT action list and responsibility map.
Build a 90-day roadmap with owners, decisions, and evidence outcomes.

Not sure this is the right service?

Start with the NIS2 Readiness Check if you are still working out the right route, likely exposure, evidence gaps, or whether any project is needed yet.

View the Readiness Check