0 policies
Security Framework

NIS 2 Directive Compliance

The NIS 2 Directive (EU 2022/2555) is the EU's updated cybersecurity legislation, significantly expanding the scope and requirements of the original NIS Directive. It mandates comprehensive risk management, incident reporting within 24 hours, supply chain security, and management accountability for essential and important entities across 18 sectors.

Who Needs NIS 2 Directive?

Essential and important entities operating in the EU across energy, transport, health, digital infrastructure, ICT services, and more.

Key Benefits

  • Ensure legal compliance with EU cybersecurity requirements
  • Avoid substantial fines (up to EUR 10 million or 2% of global turnover)
  • Strengthen supply chain and third-party risk management
  • Improve incident response and business continuity capabilities

Key Requirements

  • 1
    Comprehensive cyber risk management measures
  • 2
    Incident handling and reporting within 24 hours
  • 3
    Business continuity and crisis management
  • 4
    Supply chain security and vendor assessment
  • 5
    Network and information systems security
  • 6
    Vulnerability disclosure and patch management
  • 7
    Encryption and access control policies
  • 8
    Multi-factor authentication implementation

Required Policy Templates

0 policies required for NIS 2 Directive compliance, organized by category.

Generate all 0 docs

Generate NIS 2 Directive Documentation

Answer questions about your infrastructure and PoliWriter generates all 0 NIS 2 Directive policies customized to your organization. Audit-ready in hours, not months.

Get Started Free

No credit card required. 3 documents free.

Other Compliance Frameworks

SOC 2 Type II

Service Organization Control 2 - Trust Services Criteria covering Security, Availability, Processing Integrity, Confidentiality, and Privacy. Requires an observation period of 3-12 months demonstrating controls operate effectively over time.

20 templates

GDPR

General Data Protection Regulation - EU data protection and privacy regulation.

3 templates

HIPAA

Health Insurance Portability and Accountability Act - US healthcare data protection.

3 templates

ISO 27001

International standard for information security management systems (ISMS).

3 templates

PCI DSS v4.0

Payment Card Industry Data Security Standard — security controls for organizations that store, process, or transmit payment cardholder data.

12 templates

CCPA/CPRA

California Consumer Privacy Act / California Privacy Rights Act — grants California consumers rights over their personal information collected by businesses.

8 templates

NIST CSF 2.0

NIST Cybersecurity Framework — voluntary guidance for managing cybersecurity risk across five core functions: Identify, Protect, Detect, Respond, and Recover.

10 templates

SOC 2 Type I

SOC 2 Type I — Point-in-time assessment of your security controls design. Ideal for first-time certification before progressing to Type II.

0 templates

ISO 42001

ISO/IEC 42001 — International standard for Artificial Intelligence Management Systems (AIMS), covering responsible AI development, deployment, and governance.

0 templates

NIST SP 800-53

NIST SP 800-53 — Comprehensive catalog of security and privacy controls for federal information systems, widely adopted by private sector organizations.

0 templates
All frameworksBrowse all templates