In recent weeks, I have heard the same thing repeatedly in conversations with customers:
The industry surrounding NIS-2 and ISO 27001 is currently a gold mine, and many are acting accordingly.
The general sentiment can be summarized in two extremes:
Extreme 1: The certificate pushers
“ISO 27001 and NIS-2 in 3 weeks, free of charge. Everything digital, everything automated!”
The result:
→ Fancy documentation, zero ISMS in practice
→ No understanding of business processes
→ Everything falls apart during the audit
Extreme 2: The compliance purists
“First, we create a comprehensive risk analysis with 187 controls and then build a comprehensive governance structure with 17 roles…”
Result:
→ No one understands what they’re talking about
→ Bureaucratic overkill and unnecessary tools
→ €60,000 later: The team hates the topic
What’s missing? A healthy middle ground.
Someone who can talk to executives and administrators alike.
He understands how medium-sized companies tick.
He explains in clear language what ISO 27001 and NIS-2 really require and then helps to set up a functioning ISMS that supports rather than hinders.
With pragmatism.
With common sense.
With solutions that work sustainably – not just on PowerPoint.
The truth is simple:
The quick-quick faction wants to sell certificates.
The purists want to win the prize for the most beautiful ISMS.
Hardly anyone wants to do what really matters:
No scaremongering. No technical jargon. No overengineering.
Just one thing: information security that is livable.
If you want ISMS and NIS 2 compliance that works instead of frustrating, then let’s talk.
Tags
Share post
Thomas Neeff