EU Directive 2022/2555 · NIS2 obligation for essential and important entities
Demonstrate compliance with the cybersecurity risk-management measures of the NIS2 Directive. SCMC covers governance, risk management, supply chain, incident reporting and authority cooperation across 10 areas with 95 control questions — using a 0–4 maturity scale and the defined target level ‘Managed’.
Our platform turns the NIS2 requirements into a practical framework for cyber risk management, supply-chain security and authority communication.
Simple, transparent pricing
Monthly
CHF 165
/ month
Annual
CHF 1'650
≈ CHF 138 / month
2 months free
The NIS2 Directive obliges essential and important entities in the EU to implement concrete cybersecurity risk-management measures — from governance and risk analysis to supply-chain security, incident reporting and authority cooperation. SCMC translates these requirements into 10 areas with 95 control questions, a uniform 0–4 maturity scale and a clear ‘Managed’ target level — structured, documented and audit-ready.
The Challenge
You know NIS2 applies to your organisation, but the path from Article 21 to concrete measures in daily operations remains hard to grasp. As a result, there is no robust position assessment.
Our Solution
Our platform translates the NIS2 requirements into 10 areas with 95 control questions and makes the implementation status visible along a uniform maturity scale.
Process the NIS2 requirements in a clear digital workflow instead of Excel mappings, Word documents and scattered evidence.
Create a shared working basis for IT, Security, Compliance, Data Protection, Management and incident owners.
Keep assessments, evidence, incident reports and authority correspondence in one place.
Score every control area on the 0–4 maturity scale and see at a glance how far you still are from the ‘Managed’ target level.
Capture requirements for suppliers, outsourcing partners and ICT service providers in a structured and traceable way.
Document reporting paths, responsibilities, deadlines and escalation steps so that NIS2 incident reporting works reliably when it matters.
Build a solid foundation for authority requests, internal audits and management reporting.
Keep an eye on changes, developments and prior assessments and document progress cleanly over time.
Use the NIS2 assessment not as a one-off but as a repeatable process for ongoing compliance and continuous improvement.
Register for free on our platform and try the entry-level free Cyber-Security Basis Check.
Our platform turns NIS2 requirements, risk management, supply chain and incident reporting into a clear, digital and traceable working process.
The NIS2 Directive (EU 2022/2555) is the revised EU directive on network and information security. It obliges essential and important entities to implement concrete cybersecurity risk-management measures, incident reporting and authority cooperation. Member states transpose NIS2 into national law.
NIS2 covers essential entities (e.g. energy, transport, banking, health, digital infrastructure, public administration) and important entities (e.g. postal services, waste management, food, manufacturing, digital providers) above defined thresholds. Swiss organisations are affected as soon as they provide services in the EU or operate subsidiaries there.
SCMC covers the NIS2 risk-management measures across 10 areas with 95 control questions — governance, risk management, supply chain, incident reporting, authority cooperation and other focus topics. Scoring is based on a 0–4 maturity scale with a defined ‘Managed’ target level.
The maturity scale ranges from 0 (not in place) to 4 (optimised). The ‘Managed’ target level typically corresponds to level 3 — the measure is defined, documented, managed and reviewed. SCMC shows for each control area how far you still are from the target level.
The NIS2 assessment is available as a monthly or annual subscription — details at scmc.ch/pricing. To try the platform, the Cyber-Security Basis Check is available free of charge (10 areas, 39 control questions).
No. SCMC replaces neither the formal authority report nor a formal conformity check. The platform is a digital tool for structured self-assessment, documentation and evidence preparation — formal responsibility remains with management.
Yes. The platform is built for repeatable cycles with versioning — matching the ongoing effectiveness requirements from NIS2.
