As one of the first ISMS tools, verinice offers support for the EU directive NIS2. The "NIS2 verinice risk catalog" was developed in close cooperation between the Verband Deutscher Maschinen- und Anlagenbau (VDMA) and the verinice team at SerNet GmbH. The new catalog supports organizations in meeting the NIS2 requirements and ISO/IEC 27001:2022. It is available directly at the verinice.SHOP in a free and a paid version and is therefore ready for immediate use.
The NIS2 Directive imposes increased IT security requirements on companies in the EU from October 2024: It applies to companies that, depending on their size and turnover, act as essential or important service providers in sectors such as energy, transport, health and digital infrastructure. The timely establishment of an information security management system (ISMS) in accordance with ISO 27001 is one possible way to meet the requirements of the directive.
Advantages of the verinice risk catalog
The "NIS2 verinice Risk Catalog" is based on the "verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition", which has been available for many years. A team at SerNet customer and VDMA member Krones AG has mapped the NIS2 requirements to the current ISO/IEC 27001:2022 and made them available to the verinice team via the VDMA. Thanks to the cooperation between VDMA and SerNet, this mapping can now be made available to the general public. In addition to the already extensive contents of the risk catalog, 24 requirements of NIS2 have now been added, which are linked to the corresponding requirements of ISO/IEC 27001:2022 and are thus also taken into account in the risk analysis. The catalog is aimed at companies of all sizes and types and is an essential resource for achieving and maintaining compliance with the NIS2 directive and ISO/IEC 27001:2022. The use of this catalog enables risk management processes to be accelerated and optimized thanks to its detailed and comprehensive preparation
Availability and live demo
The "NIS2 verinice risk catalog" is an add-on module for use in the ISMS tool verinice from version 1.26. It can be obtained from the verinice store and integrated into the tool. Two versions are available:
- The paid full version of the "verinice risk catalog" including access to the original ISO standards (licensed via Beuth-Verlag), which has been expanded to include the mapping of the NIS2 guideline to ISO27001:2022.
- The free version (German only), which only contains the catalog content of the ISO standard in encrypted form - for licensing reasons, full access is only available in the paid full version.
If you are already using the risk catalog together with verinice, you can use the NIS2 content of the VDMA at no additional cost by downloading the ZIP file again. If you want to test everything free of charge, you can do so with the EVAL version of the verinice client and the free NIS2 catalog.
The verinice team offers the opportunity to get to know the catalog better. In regular webinars, the team demonstrates the risk catalog and, in the future, the NIS2 integration in verinice as an extension for an ISMS. Stanislav Striegler, who made a significant contribution to the realization of the "NIS2 verinice risk catalog", leads the live demos himself and is happy to answer questions.