Written by the NIS2Compass Team ·
An ISMS tool documents – nothing more. It is an instrument, but how to wield it and what content belongs in it usually stays unclear. Either the tool ships with sufficient guidance, or you invest in more consulting to learn methodology and NIS2 specifics. NIS2Compass delivers exactly that knowledge: structured implementation path, German § depth, ready-made templates – for €29/month.
Persona profile
ISO, CISO, or IT compliance manager in companies from start-ups to mid-sized businesses. An ISMS tool is already in use or firmly planned.
Knowledge level
Familiar with ISMS concepts and compliance frameworks. Aware that the tool only documents – methodology and NIS2 content still need to be added.
Trigger
Customer audit requests NIS2 mapping. Supplier request on §30 BSIG. Internal audit flag on NIS2 gap.
70-80 % coverage. The rest are §32 reporting duties, §38 management liability, supply chain security, and sector-specific BSIG paragraphs.
ISMS tools deliver the documentation structure but not the NIS2 content. Without German § depth and ready-made templates, the build stays your own research project.
Customers have been asking explicitly about NIS2 compliance since December 2025. ISMS documents without § references are no longer enough.
NIS2Compass is not an ISMS tool — it is the NIS2 knowledge base and template library alongside your existing ISMS. A typical workflow: the ISO exports the NIS2Compass template for the supplier security questionnaire as Word, adapts the logo, and imports it as controlled documentation into their existing ISMS tool. The knowledge hub articles deliver the rationale for the next audit. The Pre-Check shows which §30 substeps the existing ISMS does not yet cover. No tool migration — just the missing NIS2 content.
45+ templates with § references
Word and Excel files, exportable into any ISMS tool.
40+ KH articles with BSIG depth
Rationale for audits and discussion basis with executive management.
Pre-Check: ISO ↔ §30 mapping
18-screen gap analysis shows which §30 substeps your ISMS does not yet cover.
ISO 27001 Annex A.5.21 requires supplier assessment. NIS2 goes further: Tier-1/Tier-2 differentiation, contract clauses, regular audits.
24-hour early warning, 72-hour detailed report, one-month final report to the BSI. ISO 27001 does not impose deadlines this strict.
Personal liability for failed risk oversight. ISO 27001 requires management commitment but not personal liability against private assets.
| Criterion | NIS2Compass | Klassische Beratung | ISMS-Tool | Selbstumsetzung |
|---|---|---|---|---|
| Cost/month | €29 | €700-1,200/day | €200-2,000/month | €0 |
| German § references | yes, in every template | depends on consultant | no (US focus) | research yourself |
| Exportable templates | yes, no extra cost | project-specific | often PDF / tool-internal | build yourself |
| ISO 27001 ↔ §30 BSIG mapping | built in (Pre-Check) | extra charge | rudimentary | manual BSIG reading |
| Updates on legal changes | included | extra charge | tool-dependent | monitor yourself |
| Ready to use | 10 minutes | weeks of onboarding | days of setup | months |
Consultant day rates €1,000-2,000, projects €15,000-150,000. NIS2Compass delivers the same expertise plus templates for €29/month.
Learn moreNew to NIS2. NIS2Compass structures the implementation in 8 chapters with Pre-Check and templates.
Learn moreYou want NIS2 without a consultant and need the right digital companion. Curated knowledge instead of AI hallucinations.
Learn more45+ templates, 40+ KH articles, built-in ISO 27001 mapping. Ready to use in 10 minutes — for €29/month.