4.9/5.0 stars on G2 | Trusted by 8.000+ companies

From IT-Grundschutz to NIS2: structured workflows and defensible evidence

Close the gap between IT-Grundschutz and NIS2. Operationalise governance duties, reporting workflows and third-party oversight with clear structure and complete, defensible documentation.

IT-Grundschutz policies, controls, recurring tasks and risks you can map directly to NIS2
Governance, reporting and supply-chain workflows ready for Germany's NIS2 implementation
Suitable for organisations using IT-Grundschutz, ISO27001, and those newly in NIS2 scope

Strengthen your IT-Grundschutz foundation with NIS2-ready controls

Extend your IT-Grundschutz or ISO 27001 programme with dedicated NIS2 Implementation Add-Ons: prebuilt workflows, mapped requirements, and evidence structures for governance, incident reporting and supply-chain oversight.

Governance and Accountability Evidence

Capture decisions, approvals and management responsibilities required under NIS2 and NIS2UmsG

Reporting and Incident Handling

Use structured workflows to meet NIS2 reporting timelines and maintain clear audit trails.

Supply-Chain Risk Oversight

Assess third parties, record safeguards and produce defensible supply-chain evidence.

Framework Mapping Across Standards

Map IT-Grundschutz, ISO 27001 and B3S controls to NIS2 requirements & remove duplication and gaps.

NIS2

NIS2 mapped directly to your existing IT-Grundschutz controls

Governance and Management Duties

Incident Handling and Reporting

Supply-Chain and Third-Party Controls

Risk Management and Continuous Improvement

"With Formalize, we went live practically on day one. Within two months, we had full coverage of our compliance needs, even over the holiday season."

Fernando Sanz de Galdeano

CISO, Arcano Partners

Features

Implement baseline security measures aligned to BSI IT-Grundschutz recommendations

Demonstrable Leadership Involvement

Structured evidence of management approval, oversight and accountability across your ISMS. Meet NIS2's requirement for active involvement of the management body with clear, verifiable records.

Approve key governance outputs such as policies, risk assessments, incident reports and continuity documentation
Capture timestamped approvals as clear evidence of leadership oversight
Record and prove management accountability with structured decision logs

Connected Assets, Processes, Systems and Suppliers

A clear view of dependencies is essential for NIS2. Formalize connects assets, suppliers, systems and processes so you can understand how risks propagate and where controls are required.

Link assets directly to risks and controls to show how security measures are applied
Map suppliers and systems to their associated risks to evidence supply-chain governance
Connect processes to business impact and treatment plans to demonstrate end-to-end resilience

Supplier Management

NIS2 places strong emphasis on supply-chain security. Formalize centralizes your supplier data, assessments and evidence so you can manage third-party risk with clarity and structure.

Maintain a complete supplier repository with questionnaires, risk scoring and control mappings
Track critical suppliers, submitted evidence, contracts and SLAs in one place
Monitor and document supply-chain risk to meet NIS2 expectations for third-party oversight