NIS2Compass — NIS2-Compliance-Plattform
Use CasesPricing

Weiterführende Seiten

  • Blog
  • FAQ
  • Glossar
  • Use Cases
  • Branchen
  • Preisgestaltung

Offizielle Quellen

  • BSI – Bundesamt für Sicherheit in der Informationstechnik
  • NIS2-Richtlinie (EUR-Lex)
  • NIS2UmsuCG (Bundesgesetzblatt)
NIS2Compass — NIS2-Compliance-Plattform

Ihr Navigator durch die NIS2-Compliance

Rechtliches

  • Datenschutzerklärung
  • Allgemeine Geschäftsbedingungen
  • Cookie-Richtlinie
  • Impressum

Ressourcen

  • Blog
  • Use Cases
  • Branchen
  • Preise
  • FAQ
  • Glossar

Kontakt

Kontakt

kontakt@nis2compass.de

NIS2Compass bietet Informationen und Orientierungshilfen zur NIS2-Compliance. Die Inhalte stellen keine Rechtsberatung im Sinne des Rechtsdienstleistungsgesetzes (RDG) dar und ersetzen keine individuelle rechtliche oder fachliche Beratung.

© Copyright 2026 NIS2Compass. Alle Rechte vorbehalten.

Entwickelt in DeutschlandAllianz für Cyber-Sicherheit — Teilnehmer
HomeUse CasesISMS Extension

NIS2 as an Extension to Your ISMS: the missing 20 %

Written by the NIS2Compass Team · Last updated: May 2026

An ISMS tool documents – nothing more. It is an instrument, but how to wield it and what content belongs in it usually stays unclear. Either the tool ships with sufficient guidance, or you invest in more consulting to learn methodology and NIS2 specifics. NIS2Compass delivers exactly that knowledge: structured implementation path, German § depth, ready-made templates – for €29/month.

  • Export templates to Word, Excel, PDF
  • ISO 27001 ↔ §30 BSIG mapping built in
  • §32 reporting process as ready-made template
  • §38 BSIG training for executive management
  • Updates included for legal changes
Try ProStart Pre-Check
Hosted in Germany·GDPR-compliant·cancellable monthly

Who is the ISMS Extension use case for?

Persona profile

ISO, CISO, or IT compliance manager in companies from start-ups to mid-sized businesses. An ISMS tool is already in use or firmly planned.

Knowledge level

Familiar with ISMS concepts and compliance frameworks. Aware that the tool only documents – methodology and NIS2 content still need to be added.

Trigger

Customer audit requests NIS2 mapping. Supplier request on §30 BSIG. Internal audit flag on NIS2 gap.

Not quite a fit? Compare all use cases →

Typical challenges when integrating NIS2 into an ISMS

ISO 27001 does not cover everything

70-80 % coverage. The rest are §32 reporting duties, §38 management liability, supply chain security, and sector-specific BSIG paragraphs.

A tool is not a method

ISMS tools deliver the documentation structure but not the NIS2 content. Without German § depth and ready-made templates, the build stays your own research project.

Audit questions remain unanswered

Customers have been asking explicitly about NIS2 compliance since December 2025. ISMS documents without § references are no longer enough.

How NIS2Compass closes the ISMS gap

NIS2Compass is not an ISMS tool — it is the NIS2 knowledge base and template library alongside your existing ISMS. A typical workflow: the ISO exports the NIS2Compass template for the supplier security questionnaire as Word, adapts the logo, and imports it as controlled documentation into their existing ISMS tool. The knowledge hub articles deliver the rationale for the next audit. The Pre-Check shows which §30 substeps the existing ISMS does not yet cover. No tool migration — just the missing NIS2 content.

45+ templates with § references

Word and Excel files, exportable into any ISMS tool.

40+ KH articles with BSIG depth

Rationale for audits and discussion basis with executive management.

Pre-Check: ISO ↔ §30 mapping

18-screen gap analysis shows which §30 substeps your ISMS does not yet cover.

Which §30 BSIG duties ISO 27001 does not fully cover

§30(2) No. 4

Supply chain security

ISO 27001 Annex A.5.21 requires supplier assessment. NIS2 goes further: Tier-1/Tier-2 differentiation, contract clauses, regular audits.

§32

Reporting duty for significant incidents

24-hour early warning, 72-hour detailed report, one-month final report to the BSI. ISO 27001 does not impose deadlines this strict.

§38

Management liability

Personal liability for failed risk oversight. ISO 27001 requires management commitment but not personal liability against private assets.

More in the blog: NIS2 and ISMS – how they fit together, NIS2 vs. ISO 27001 – mapping in practice, Implementing NIS2 step by step.

NIS2Compass compared for ISMS extension

NIS2Compass vs. classic consulting, ISMS tool, and self-implementation for ISMS extension
CriterionNIS2CompassKlassische BeratungISMS-ToolSelbstumsetzung
Cost/month€29€700-1,200/day€200-2,000/month€0
German § referencesyes, in every templatedepends on consultantno (US focus)research yourself
Exportable templatesyes, no extra costproject-specificoften PDF / tool-internalbuild yourself
ISO 27001 ↔ §30 BSIG mappingbuilt in (Pre-Check)extra chargerudimentarymanual BSIG reading
Updates on legal changesincludedextra chargetool-dependentmonitor yourself
Ready to use10 minutesweeks of onboardingdays of setupmonths

Frequently asked questions on ISMS extension with NIS2

Also relevant for you

Consulting Alternative

Consultant day rates €1,000-2,000, projects €15,000-150,000. NIS2Compass delivers the same expertise plus templates for €29/month.

Learn more

NIS2 Getting Started

New to NIS2. NIS2Compass structures the implementation in 8 chapters with Pre-Check and templates.

Learn more

Digital NIS2 Advisor

You want NIS2 without a consultant and need the right digital companion. Curated knowledge instead of AI hallucinations.

Learn more

Ready to close the missing 20 %?

45+ templates, 40+ KH articles, built-in ISO 27001 mapping. Ready to use in 10 minutes — for €29/month.

Try ProStart Pre-Check
cancellable monthly·no setup fee·Hosted in Germany

Official sources

  • §30 BSIG full text (German)
  • BSI hub on NIS2 regulation (German)
  • ISO/IEC 27001:2022 (German)