NetDefiner - make NIS2 practical in your real IT environment

Inventory & classification

We build a baseline from technical collection and digital classification of systems, applications, and where information is stored.

This is what NetDefiner can read in operations

• How programs and systems communicate with the outside world - and when that changes.
• A baseline of devices and systems - and how they connect.
• What is installed and whether it is up to date.
• Whether basic protections are active and if protection weakens.
• Events and logs - as clear summaries, not raw data.
• What runs in the background and if behavior changes.
• Where data is stored, who has access, and how recovery capability looks.

Digital forms for what the regulation requires from people

• Information classification, ownership, and criticality.
• Exceptions, risk acceptance, and continuity requirements.
• Assessments and approvals tied to the responsible role.

The result is a verifiable baseline you can track over time.

Risk & gaps

Once the baseline is established, deviations become clear. NetDefiner shows where requirements are not met and what should be prioritized.

You get answers to questions like:

• Where are the biggest risks today?
• Which systems are most critical but least protected?
• Which actions deliver the most impact first?
• What is missing for requirements to be considered met?
• Which dependencies mean a change affects more?
• Which exceptions need decisions and documentation?

Prioritization you can act on

Gaps are prioritized based on classification, impact, and ownership so the right teams get the right tasks in the right order.

Forms for assessment and decisions

• Risk assessments with clear consequences.
• Exceptions and risk acceptance with traceable decisions.
• Ownership and timelines for next steps.
• Evidence that stands up to review.

Action plan

NetDefiner turns prioritized gaps into a workable plan with ownership, status, and what is required to be done.

The plan includes, for example:

• Clear actions per system and control.
• What must be done now and what can wait.
• Who owns the action and when it should be done.
• What is required for the action to count as verified.

Forms that capture decisions at the right level

• Approval of action plans and priorities.
• Resource and timeline estimates tied to ownership.
• Rationale when an action is postponed.

You get a plan that is easy to follow and resilient to change.

Execute & verify

As actions are completed, NetDefiner verifies they actually had effect.

Verification happens when:

• Status updates automatically when collection shows improvement.
• Actions are tied to ownership and timelines.
• Changes are documented and become traceable.
• Verified evidence is stored for audits and supervision.

When decisions require approval, the sign-off is captured at the right step.

You get a chain from action to proof that is easy to show.

Continuous monitoring & reporting

NetDefiner keeps compliance current when something changes.

That means:

• Technical collection detects changes that may affect compliance.
• The right role automatically gets the right form for assessment.
• New risks become visible immediately.
• Status updates without having to start over.
• History makes it clear what changed and why.
• Actions and decisions stay traceable over time.
• Reports always reflect the current reality.

Change → assessment → decision → action → verified evidence.

Role-based reports ensure each function sees its view:

• Leadership: risk level, priorities, and decision trail.
• CISO / compliance: controls, evidence, and follow-up.
• System owners / IT: concrete gaps, actions, and next steps.
• Audit: structured material that can be reused.

What NetDefiner helps you achieve in NIS2

• A traceable evidence chain that shows status over time.
• A technical baseline of systems, dependencies, and protection level.
• Digital forms for decisions: classification, ownership, exceptions, risk acceptance, and approvals.
• A living system register, routine descriptions, and assessments tied to requirements.
• Role-based reports for leadership, compliance, and system owners.
• Incident readiness with timelines, decision trails, and follow-up.

NetDefiner delivers modules tied to the regulation: incident management, role-based training, role-based reports, digital routines, system register, and assessments.

Everything is connected in a clear view that makes it easy to work systematically with gaps and actions.

Platform support

NetDefiner runs on Windows, Linux, and macOS. Start small and scale without changing the way you work - even in regulated and segmented environments.

On-prem by default

NetDefiner runs in your environment. You choose the scope and what is shared - nothing leaves the environment without an explicit choice.

Who is it for?

Municipalities, regions, universities, critical infrastructure operators, and suppliers in regulated chains that need to demonstrate compliance in operations.

Regulation modules that keep the work together

Make NIS2 an operational way of working

NetDefiner makes it possible to keep compliance current as the environment changes.

You get a complete view with evidence, ownership, and priorities - without starting over each time.

Inventory & classification → Risk & gaps → Action plan → Execute & verify → Continuous monitoring & reporting