NIS2 Statement.
This statement summarises how XCOM.DEV approaches the EU NIS2 directive. It is informational and not legal advice.
Scope
CyberSecurity AD operates digital infrastructure that may fall in scope of NIS2 depending on customer use cases. We treat the directive as a baseline regardless of strict applicability.
Risk management measures
- Risk analysis and information system security policies.
- Incident handling with documented escalation paths.
- Business continuity, including backups and crisis management.
- Supply chain security (pinned dependencies, signed builds).
- Security in network and information systems acquisition, development and maintenance.
- Policies and procedures to assess effectiveness of security measures.
- Basic cyber hygiene and security training.
- Cryptography and encryption policies.
- Human-resources security, access control, and asset management.
- Multi-factor authentication and secured communications where appropriate.
Incident reporting
Significant incidents are reported to the relevant national CSIRT within the NIS2 timelines (early warning < 24h, incident notification < 72h, final report < 1 month).