ISAE 3000 - documenting your NIS2 compliance 

Is your company covered by the NIS2 Directive - or do you provide IT solutions to someone who is? 

With an ISAE 3000 statement, you can prove that your security efforts meet the requirements of NIS2 and that your processes are designed and implemented correctly. 

What is an ISAE 3000 statement with a focus on NIS2? 

It is an independent auditor's report that assesses whether your controls and processes match the requirements of the NIS2 Directive - e.g. in terms of risk management, incident management, governance and documentation. 

The statement can be used to demonstrate compliance to customers, partners, regulators and your own management. 

When is ISAE 3000 NIS2 relevant? 

• When you are directly covered by NIS2 (critical or important sector) 

• When customers or partners demand documented NIS2 compliance 

• When board and management want assurance on liability and risk management 

• When you need to prove your maturity and readiness to authorities 

• When you want an alternative to certification 

Do you need help getting ready? 

Many companies don't have a complete setup yet - and start with a maturity check and an action plan. 

We help you get a handle on the requirements and necessary controls. 

Read more about our consulting services here 

Ready to get an NIS2 declaration? 

We prepare ISAE 3000 declarations based on NIS2 requirements - customized to your size, industry and risk profile. 

Read more about our declarations here

Tool: Lexoforms 

Lexoforms can be used to gather your documentation, risk assessments, controls and follow-ups - so you can easily prepare for an ISAE 3000 declaration. 

Read more about Lexoforms 

---

Frequently asked questions (FAQ) 

Contact us - we'll guide you through the process with confidence 

Want to show that you take NIS2 seriously and are on top of your cyber security?
We guide you all the way from maturity check to declaration.