Keeping NIS2 alive – 5 tips for sustainable information security
Information security is an on-going process – not a one-off project. It demands evaluation, adaptation, and, above all, structure. Here are five practical tips to help you maintain great information security.
.jpeg)
“The key mindset when working with information security and NIS2 is to understand that this is not a project. When we say we’ve reached the finish line, we’re actually starting over. We must evaluate, improve, and adjust.”
— Marie Bjerre Simonsen, Information Security Expert at Wired Relations
Marie shares her five best tips for keeping NIS2 – and your security efforts – alive beyond implementation.
1. Use an annual wheel to stay structured and confident
Top tip: Create structure with an annual wheel that maps all key tasks throughout the year.
How: Build it incrementally – task by task. Allow employees to submit tasks into a central system that feeds into a shared overview.
“There are recurring tasks we need to handle every year to monitor our security, stay on top of things, and protect our organisation. That’s what we mean by the annual wheel.”
Useful resources:
- Newsletter sign-up: Get a complete annual wheel example]
- [How to Manage Your Annual Compliance Tasks]
2. Treat vendor management as a living process
Top tip: Managing vendors is never “set and forget.” Ongoing oversight, based on risk, is essential.
How: Develop a monitoring plan for each vendor and integrate it into your annual wheel. The plan should include their risk profile, audit method, and schedule.
“It makes little sense to place requirements on vendors if you don’t plan to follow up.”
Useful resources:
- E-book: Strategic Vendor Management – Build Trustworthy Partnerships
- Tackle the 10 Biggest Challenges in Vendor Management
3. Turn awareness training into a security driver
Top tip: Awareness programmes must evolve. A generic, static approach won’t cut it.
How: Use findings from risk assessments and past security incidents to customise training. Review and refine it at least annually.
“Don’t just keep doing things because you’re supposed to. Ask yourself: Is it working? Are we hitting the mark?”
4. Make Risk Assessments Ongoing – Not One-Off
Top tip: Risks change – and so should your assessments. Revisit them regularly, especially when systems, vendors, or threats evolve.
How: During each risk assessment, set the next review date and add it to your annual wheel.
“Doing a risk assessment once isn’t enough. You can’t just tick a box and move on. It needs to happen continuously.”
Useful resources:
5. Keep leadership involved – from start to finish
Top tip: Information security starts at the top. Leadership must be actively engaged and informed.
How: Maintain regular reporting and dialogue. Ensure leaders get clear, actionable insights that guide strategic decisions.
“Leadership must be kept informed. They need to be able to make decisions based on insights they actually understand and can act on.”
Ready to sustain your NIS2 compliance?
Let’s talk about how to maintain structure, momentum, and engagement – all year round.
👉 [Book a demo with our experts] for tailored advice on follow-up, annual planning, and next steps.
