Services Approach Results About Diagnostic →
Service 05 · Deploy

Securing and protecting.
Compliance and resilience.

NIS2, DORA, ISO 27001, GDPR. Regulatory obligations are accumulating. But compliance is not an end in itself: it is an opportunity to make your organisation more robust and your client relationships more solid.

Request a diagnostic →
Situations we recognise

Your situation is familiar to us.

Regulatory obligations are multiplying and threats evolve faster than organisations can adapt. Knowing where to start is often the real challenge.

📜
You are not sure whether NIS2 applies to you
The NIS2 directive has significantly expanded the scope of covered entities. Are you an essential or important entity? What are your concrete obligations?
🏦
DORA applies to you but you do not know where to begin
If you operate in financial services or serve a financial sector actor, DORA imposes strict digital operational resilience requirements.
🔓
You have had an incident and want to prevent a recurrence
A ransomware attack, a data breach, a failing supplier. The incident is over — but the vulnerability remains.
📋
A client or tender requires proof of your security level
A major client or public procurement requires evidence of your security posture. You do not know how to assess or improve it quickly.
What you receive

Concrete deliverables. Measurable outcomes.

Every engagement ends with tangible deliverables and verifiable indicators.

01
IT risk assessment
An inventory of your critical assets, a threat and vulnerability map, and a risk prioritisation by likelihood and impact.
02
Regulatory compliance analysis
Your current position against NIS2, DORA, ISO 27001 or GDPR depending on your sector. Gaps identified and a compliance roadmap.
03
Risk treatment plan
Security measures to implement, sequenced by priority and budget. Owners, timelines and tracking indicators.
04
Business continuity plan
Procedures to follow in the event of a major incident: who decides what, in what order, how to restore critical operations and how to communicate.
05
Team awareness programme
Training modules tailored to your teams: cyber hygiene, phishing, incident management. In-person or e-learning depending on your organisation.
Measured results

What our clients see after the engagement.

100%
Of clients can respond to a client security questionnaire after the engagement
–60%
Reduction in priority IT risks after the treatment plan is implemented
93%
Of trained staff better identify phishing attempts
Our approach

Three phases. Grounded in your reality.

We always start by understanding your reality before proposing anything.

01 · Assess
Measuring your exposure
Weeks 1 and 2
Critical asset inventory. Review of existing security measures. Assessment of your exposure to current threats and your regulatory compliance level.
02 · Plan
Building the roadmap
Weeks 2 and 3
Risk and compliance gap prioritisation. Risk treatment plan construction. Business continuity plan definition.
03 · Strengthen
Implementing and training
Weeks 3 onwards
Implementation support. Team training sessions. Incident monitoring and management process set-up.
Frequently asked questions

What business leaders ask us.

Is my company covered by NIS2?+
NIS2 applies to medium and large entities in essential sectors (energy, transport, health, finance, water, digital infrastructure, public administration) and important sectors (postal services, waste management, chemicals, food, manufacturing, digital). If in doubt, we conduct a scope analysis during the first conversation.
What is the difference between NIS2 and DORA?+
NIS2 is a broad European cybersecurity directive applicable across many sectors. DORA (Digital Operational Resilience Act) applies specifically to the financial sector and its technology providers. Both can apply simultaneously if you are an IT provider to a financial actor.
Can we pursue ISO 27001 alongside NIS2?+
Yes, and this is often the most efficient approach. The requirements overlap significantly. A well-conducted NIS2 compliance process covers approximately 70% of the path to ISO 27001. We sequence both workstreams to maximise efficiency.
How long does full compliance take?+
A complete NIS2 compliance process takes between 6 and 12 weeks depending on your initial maturity level and the size of your organisation. We always start with high-impact, low-cost measures to generate rapid results.
Are compliance engagements eligible for funding in Luxembourg?+
Yes. Luxinnovation offers digital transformation grants that can partially cover IT security engagements. We guide you towards applicable schemes during the engagement scoping.

Ready to get clarity on your situation?

A 30-minute conversation is enough to identify your priorities. No commitment, no jargon.

Start the diagnostic →