NIS2PME
PT Try it

How it works

A clear journey, from first login to demonstrable compliance

NIS2 compliance is not solved in a day, but it is solved with method. The platform turns the regulatory framework into a process with a beginning, a middle and an end.

First, the registration: when creating your account, you indicate your organisation's classification under Decree-Law 125/2025 (essential or important entity) and the applicable compliance level (Basic, Substantial or High). The platform then presents the corresponding QNRCS controls. The platform doesn't decide your level: the regulatory framework does. The platform simply applies it rigorously.

1

Answer the assessment questionnaire

It consists of 10 questions about your company's practices, each mapped to one of the most common vulnerabilities in SMEs. The questionnaire is written for managers, not specialists, and can be redone whenever your company's reality changes.

2

Receive your priority action plan

Each question is linked to several QNRCS controls. Based on your answers, the platform generates a priority action plan: the controls that should be reviewed and implemented first, because they address the vulnerabilities most likely to be open in your company.

3

Implement the controls with guidance

Each control explains what is expected and how to implement it in an SME, with ready-to-adapt document templates (policies, incident response plan, procedures) and room to attach the evidence of implementation. Progress is organised across the 6 QNRCS domains: Govern, Identify, Protect, Detect, Respond and Recover.

4

Track, demonstrate and improve

The dashboard shows maturity per domain and progress against the required minimum. When you need to demonstrate compliance, whether to management, clients, auditors or authorities, you export a report with everything documented.

The result, at a glance

The overview dashboard answers the three questions management asks: where are we, what is missing, what is the priority.

app.nis2pme.pt
Overview dashboard with compliance, maturity per domain and priority actions
Overview: global compliance, control statuses, maturity per domain and priority actions.

Who is NIS2PME for?

SME managers

Who need to know whether they are covered, what is required of them and how much work lies ahead, all in clear language.

IT managers

Who juggle security alongside everything else and need a structured plan and organised evidence.

Consultants and auditors

Who support several SMEs and benefit from an open-source tool deployable at any client, with no licensing costs.

Ready to find out where you stand?

The assessment is 10 questions: it takes less time than a meeting and tells you more about your security than many reports.

Online platform coming soon

The online platform (hosted service with demo accounts) is in final preparation. Leave your email and we will let you know as soon as you can try it.

Used exclusively for the launch announcement. No newsletters, no third-party sharing.

Don't want to wait? The on-premises version is already available: deploy via Docker from GitHub