What is the difference between Basic, Standard and Premium packages?

The Basic package (from 290 EUR/month) includes quarterly review and email support. Standard (from 550 EUR/month) adds monthly monitoring, incident management and one annual internal assessment. Premium (from 800 EUR/month) offers bi-weekly monitoring, board participation, priority support including weekends and an annual tabletop exercise.

What is the NIS2 diagnostic and why is it mandatory?

According to GEO 155/2024, the NIS2 Officer must perform the organization's risk assessment (ENIRE@RO) and maturity self-assessment. The NIS2 diagnostic (from 990 EUR, billed once) includes these assessments plus critical gap identification and a remediation plan with deadlines.

How long does the NIS2 compliance process take?

The free initial assessment takes 1-2 hours. The detailed Gap Analysis takes 2-6 weeks. Full implementation of technical and organizational measures takes 3-12 months, depending on the organization's size and complexity.

What is the minimum contract duration?

The minimum contract for the outsourced NIS2 Officer service is 12 months. At onboarding, the NIS2 diagnostic is billed (from 990 EUR), and the monthly subscription starts from 290 EUR/month.

NIS2 Compliance Services Romania | Assessment, Implementation, Outsourced Officer

Initial Assessment

Free

The first step toward NIS2 compliance. We quickly assess whether your organization falls under the NIS2 Directive and identify the main priorities.

What's included:

Classification determination (essential vs. important entity)
Preliminary assessment of cybersecurity maturity level
Identification of applicable requirements
General recommendations for next steps

Duration: 1-2 hours

Request free assessment

In-Depth NIS2 Compliance Analysis

Thorough analysis of the organization's security posture vs. NIS2 requirements. We identify exactly what's missing and establish a prioritized action plan.

What's included:

Complete assessment against all Art. 21 NIS2 requirements
Mapping to standards (ISO 27001, NIST CSF)
Supply chain security assessment
Detailed report with identified gaps and recommendations
Prioritized remediation plan with timeline

Duration: 2-6 weeks

Request a custom quote

Compliance Implementation

We turn the plan into reality. We develop and implement everything needed for complete NIS2 compliance.

What's included:

Development/update of security policies and procedures
Risk management framework implementation
Technical controls implementation guidance
Supply chain security program
Business continuity & disaster recovery
Governance structure establishment
DNSC documentation preparation

Duration: 3-12 months

Request a custom quote

Outsourced NIS2 Officer

Monthly subscription

GEO 155/2024 (approved by Law 124/2025) requires each entity subject to NIS2 to designate a DNSC-authorized NIS2 Officer. This function can be fully outsourced, without the need to hire and train specialized internal personnel.

Why is this function mandatory?

According to Romanian NIS2 transposition legislation, each organization subject to NIS2 must have a NIS2 Officer who:

Is authorized through DNSC examination and registered in the national registry
Coordinates all NIS2 compliance activities of the organization
Represents the organization in relation with DNSC
Manages incident reporting according to legal deadlines (24h/72h/1 month)
Ensures periodic review of security measures

Why outsource the NIS2 Officer function?

Reduced cost vs. hiring

An internal cybersecurity specialist costs over 3,000-5,000 EUR/month gross salary. Outsourcing starts from 290 EUR/month — a fraction of the cost, with the same competence.

Immediate compliance

The legal deadline for designation (September 20, 2025) has already passed. Through outsourcing, your organization becomes compliant immediately, without the recruitment and training period.

Proven experience

An outsourced officer works with multiple organizations, accumulating diverse experience across different sectors and risk types — experience an internal employee cannot gain.

Choose the right level:

Basic

from 290 EUR/month

DNSC-authorized NIS2 Officer
DNSC registration and notifications
Quarterly review
Risk register maintenance
Quarterly compliance report
Email support (24h response)
Legislative changes updates

Request quote

Recommended

Standard

from 550 EUR/month

Everything in Basic, plus:
Monthly review (not quarterly)
Monthly compliance report
Incident management support (24h/72h)
1 annual internal assessment
Annual documentation update
Email + phone support (4h response)
1 management awareness session/year

Request quote

Premium

from 800 EUR/month

Everything in Standard, plus:
Bi-weekly monitoring
2 internal assessments/year
Board meeting participation (1/quarter)
Priority support (2h response, incl. weekends)
Full incident response coordination
Annual tabletop exercise
Annual employee awareness session

Request quote

Mandatory NIS2 Diagnostic at onboarding

According to GEO 155/2024, the NIS2 Officer must perform the organization's risk assessment and maturity self-assessment. Therefore, at contract start, we conduct a NIS2 compliance diagnostic that includes:

Risk level assessment (ENIRE@RO)
Maturity level self-assessment
Critical gap identification and prioritization
Remediation plan with deadlines

NIS2 diagnostic cost: from 990 EUR (depending on organization size and complexity). Billed once, at contract start.

Monthly subscription price depends on organization size and complexity. Minimum 12-month contract. NIS2 diagnostic mandatory at onboarding.

Cybersecurity Consulting & Awareness

Art. 14 of GEO 155/2024 requires both management and all staff to have adequate cybersecurity knowledge. We offer consulting and awareness sessions adapted to each level within the organization.

Types of sessions:

NIS2 awareness sessions for management and board
Cybersecurity technical consulting for IT teams
Incident response awareness sessions
Cyber hygiene sessions for employees
Tabletop exercises and incident simulations

Request a custom quote

Cyber Incident Support

NIS2 requires reporting within 24h/72h. We provide response procedures and support in case of incidents.

What's included:

Response plans aligned with NIS2 deadlines
Incident detection and classification procedures
Support for reporting to DNSC / national CSIRT
Post-incident review and lessons learned

NIS2 Services

Initial Assessment

What's included:

In-Depth NIS2 Compliance Analysis

What's included:

Compliance Implementation

What's included:

Outsourced NIS2 Officer

Why is this function mandatory?

Why outsource the NIS2 Officer function?

Reduced cost vs. hiring

Immediate compliance

Proven experience

Choose the right level:

Basic

Standard

Premium

Mandatory NIS2 Diagnostic at onboarding

Cybersecurity Consulting & Awareness

Types of sessions:

Cyber Incident Support

What's included:

Request a free NIS2 assessment