NIS2 Executive Assurance.
Independently Confirmed
Most organisations have implemented the technical requirements of NIS2.
Far fewer have independently confirmed that the Management Body can demonstrate it has fulfilled its own responsibilities under the Directive.
NIS2 Executive Assurance Assessment is a two-day, fixed-fee, independent assessment delivered entirely remote, reported straight to leadership.
Technical implementation protects the organisation.
Executive participation protects the Management Body.
Most NIS2 programmes are, correctly, treated as a technical build. ISO 27001/ISMS, controls, detection, response. That work is necessary, and in most organisations it is already well underway.
A second layer of the Directive is frequently overlooked:
-
Active Management Body oversight and participation
-
Executive training and demonstrable engagement
-
Documented decision rights and escalation authority
-
Leadership involvement during a cyber incident, evidenced, not assumed
Technical implementation can be delegated.
Executive responsibility cannot.
80% of NIS2 work is technical.
The other 20% is where leadership's personal liability actually sits.
This isn't a claim that your organisation has done something wrong. Most organisations that come to us are already competent: ISO 27001 certified, internal teams in place, external advisers engaged.
What has rarely happened is an independent check that the executive layer - the part the Directive holds the Management Body personally responsible for - is demonstrable, not just assumed.
Our assessment prioritises:
-
Independent review of Management Body evidence and participation
-
Assessment of executive decision-making and escalation design against NIS2 expectations
-
Technical gap analysis against NIS2 and your existing ISMS
-
A leadership-ready briefing note and debrief, separate from the technical findings
-
A prioritised remediation roadmap with effort estimates
This is not a replacement for your implementation partner, legal counsel, or existing certifications. It sits alongside them, independently confirming that what's in place adds up to demonstrable executive readiness.
Most programmes treat that 20% as secondary. In our view, it's close to 80% of the Directive's actual point. More on how NIS2 changes director accountability.
80% of NIS2 work is technical,
20% is executive.
The Directive's intent inverts the ratio: the 20% is 80% of the point.
Executive Assurance in practice.
Designed to be independent.
One accountable senior practitioner
Scoped, conducted, and reported personally. No team of juniors, no account manager, no hand-off after the first call.
Two days.
Fixed fee.
Priced before you begin, confirmed in writing within one working day of the scoping call. No day rates, no scope creep.
Independent of your existing advisers
Not a replacement for your implementation partner or legal counsel. A separate, independent layer of confirmation.
Energy sector background
CISA and CRISC certified, ISO 27001, 42001 and 50001 Lead Auditor, with direct experience in metering, AMI, and energy operations.
What you receive when your NIS2 Executive Assurance is complete.
Executives receive:
-
Independent confirmation of the Management Body's readiness
-
A leadership-ready briefing note written for decision-makers, not auditors
-
Clarity on whether existing evidence would hold up under scrutiny
-
A defensible answer to "how do we know we've met our own responsibilities"
Organisations receive:
-
A technical gap analysis against NIS2 and your ISMS
-
A prioritised remediation roadmap with effort estimates
-
One engagement, two distinct reports, no duplicated effort
-
A 60-minute leadership debrief before any further decisions are made
Executive Assurance is delivered progressively.
Ascertain
A 30-minute scope call to understand your organisation, sector context, and current stage.
Acquaint
You share what's already in place: policies, controls, your Statement of Applicability. Whatever stage you've reached is the starting point.
Assess
Gap analysis conducted against NIS2 and your existing ISMS, alongside independent review of Management Body evidence and participation.
Assure
A leadership-ready executive summary and detailed technical findings, delivered with a 60-minute debrief.
Start with an independent read on where you stand.
Organisations engage ISOMETRI for Executive Assurance when technical implementation is underway or complete, and leadership wants independent confirmation of the layer only the Management Body itself can fulfil.
An initial consult explores:
-
Your organisation, sector context, and current implementation stage
-
Whether a NIS2 Executive Assurance Assessment is the right fit before any commitment is made
-
Your fixed fee, confirmed in writing within one working day
-
What existing evidence (certifications, policies, advisers) is already in place
All conversations are confidential and advisory-focused.
There is no commitment beyond the initial conversation.