How is you NIS2 compliance programme progressing?

NIS2 isn’t just another compliance hurdle — it’s a chance to build something lasting.

When I set out to design our NIS2 strategy, I didn’t want a one-time audit fix. I wanted a connected, evidence-driven framework that could adapt to NIS2, ISO, NIST, and beyond.

By mapping our functions to NIS2 clauses through five operational pillars, engaging the right stakeholders, and linking to BT Group’s wider governance strategy, we’ve built a model that:

• Reduces audit prep time
• Closes knowledge gaps
• Aligns multiple compliance frameworks
• Supports operational resilience

This approach works because it’s not just about passing an audit — it’s about making compliance sustainable.

If your team is facing NIS2 or a similar framework, here are my top five recommendations:

1. Scope smartly — focus on what’s in play.
2. Link audit questions directly to your evidence base.
3. Identify your critical assets early.
4. Engage the right stakeholders from the start.
5. Run a pre-audit dry run — find the gaps before the auditors do.

✅ Compliance isn’t a box-tick. Done right, it’s a competitive advantage.

#NIS2 #CyberSecurity #Governance #AuditExcellence #OperationalResilience