Articles 20 and 21 · Directive (EU) 2022/2555

Meet NIS2 where it is hardest to prove: your people

NIS2 includes cybersecurity training within its mandatory minimum measures and adds personal accountability for the management body. We give you the security awareness programs, the assessments and the auditable evidence, ready for an essential or important entity.

Request a demo

The human element is the first thing the audit asks about

According to Verizon’s DBIR report, the human element is involved in around 6 in 10 breaches. The first NIS2 audits are already asking about the security awareness program in a level of detail that surprises more than one CISO. Having training is not enough: you have to prove that it reaches people, that it is understood and that it changes behavior.

What NIS2 requires of you on training

Article 21: all staff

Article 21.2 expressly includes basic cyber hygiene practices and cybersecurity training among the mandatory measures. It counts as one more measure, demanded in an audit just like the technical ones.

Article 20: the management body

The management body has to approve the risk management measures, oversee their implementation and receive specific training. The Directive also allows it to be held personally accountable for non-compliance.

A NIS2 program that is already built, segmented by audience

You don’t have to build it from scratch. The NIS2 content comes ready and segmented by audience, in two automatic programs you assign in a couple of clicks: one for the management body and one for all staff.

27 NIS2 contents, ready to assign 9 training modules, each with its exam and its reinforcement newsletter. ✓ Included in the base content package, at no extra cost

Management body

Executive track to approve and oversee the risk management measures, focused on enabling informed decisions about risk.

All staff

Basic cyber hygiene practices and threat recognition, with phishing simulations that measure real behavior.

Compliance mapped to the directive

Every piece of content is mapped to the NIS2 articles it covers. From the platform you check the level of compliance based on the training assigned to each person.

And every piece leaves a trail: who completed what, with what result and how they evolved. That is the evidence that turns “we trained our people” into something verifiable.

More than 700 organizations sustain their program with SMARTFENSE

We have spent more than 10 years helping organizations in banking, healthcare, critical infrastructure and the public sector reduce human risk and leave auditable evidence that they do. The difference from a generic campaign is end-to-end traceability: role-segmented training, assessments, phishing simulations and metrics that track progress over time. It is exactly what a NIS2 audit will ask for once it starts pulling the thread.

Banking Healthcare Public sector Critical infrastructure Telecommunications

Request a demo and get your program ready for NIS2

Leave us your details and we will show you how to cover what NIS2 requires on training, with the programs ready to activate and the evidence prepared for an audit.

Full name*

Corporate email*

Phone

Country

Company

Company size

Use of the platform*

Is this the first time you are evaluating a solution to run your awareness program?

Who is responsible for cybersecurity awareness in your organization? *

Has your organization ever carried out cybersecurity awareness initiatives?*

Were these initiatives carried out on an ongoing basis?

Are they still in place today?

How would you describe your organization's experience with these initiatives?

Message*

I have read, understand and accept the privacy policy

This field should be left blank