The NIS2 directive requires an Information Security Management System (ISMS) policy for entities in scope. SYAGA delivers a complete, compliant and operational document, without tying up your teams for months.
NIS2 changes the game for essential and important entities in scope
The EU directive requires essential and important entities to formalise a cyber risk management policy, with an associated sanctions regime.
A large share of SMEs/mid-sized companies today have no formal information security policy document. The topic is perceived as complex and costly.
Classic security policy drafting engagements often stretch over several months, for a budget that can be hard to justify for an SME.
Tying up your CISO or IT manager for weeks to formalise a security policy is not viable in an SME where everyone already wears several hats.
5 days, 20 chapters, 1 operational document your teams can apply the following Monday
Interview with the CISO/IT manager or the business owner. Collection of context, scope, business stakes and current maturity level via our structured questionnaire.
Inventory of assets (servers, workstations, applications), network architecture analysis, identification of critical flows, subject to prior agreement.
Drafting of the 20 chapters using your actual data: security organisation chart, risk matrix, operational procedures, IT charter. Everything is specific to your context.
Detailed mapping to NIS2, ISO 27001 and GDPR. Generation of annexes: asset inventory, compliance matrix, incident management procedures, access and change management procedures.
Presentation of the deliverable to the management committee. Q&A session. Delivery of editable files (HTML, PDF, DOCX) for your teams to own.
A complete, ready-to-deploy pack with all the documents you need
Complete security policy covering all ISO 27001 domains.
Summary of your security posture with visual indicators.
Operational documents directly applicable by your teams.
Mapping between your security policy and NIS2 requirements.
Statement of Applicability and mapping of the 93 Annex A controls.
All documents in formats you can modify.
A single document to address your main frameworks
Coverage of Articles 20, 21 and 23. Risk management measures, governance, incident notification. Article-by-article mapping included.
Statement of Applicability for the 93 Annex A controls. Structure aligned with clauses 4 to 10 and the 4 themes (organisational, people, physical, technological).
The ANSSI IT hygiene measures are covered across the 20 chapters. Explicit correspondence in the compliance mapping.
Appropriate technical and organisational measures to ensure the security of personal data. Data classification and processing register addressed.
Choose the plan that fits your context, or request a custom quote
SME < 50 employees, single site
SME/mid-size 50-250 employees, multi-site
Mid-size/large 250+ employees, regulated sector
Annual maintenance: 500 EUR excl. VAT/year
Annual update of the security policy (regulatory changes, IT system changes). Procedure review, compliance mapping refresh, new PDF.