Skip to content
Vectel
Support/IT costs and budgeting

What does a NIS2 audit or NIS2 readiness assessment cost

True NIS2 audits run via existing certification bodies. A readiness assessment for SMB is not a full ISO audit in scope or price.

Try this first

  1. 1Decide which flavour you need. NIS2 readiness (gap analysis plus action plan) is not the same as ISO 27001 or NEN 7510 certification. For most SMBs in the essential-supplier scope, readiness is enough.
  2. 2Quote at least three parties. Range varies widely with company size and complexity. A 10-person SMB on an M365 stack is cheaper to assess than a 200-person business with legacy systems.
  3. 3Split the budget in two. First the readiness scan itself (one-off consulting), then remediation (technology, policy, training). The second part is usually larger than the first.
  4. 4Count internal hours. An audit costs the organisation 40 to 80 hours in interviews, documentation, and remediation. That time never appears on the auditor quote.
  5. 5Plan yearly follow-up. NIS2 is not a one-off stamp. Reserve a one or two day rerun each year to catch drift.

When to bring us in

We run NIS2 readiness for SMB clients as a fixed scope with line items. /contact with sector and headcount, we return a plan.

See also

None of the above fits?

Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.

Who are you?

For the AI question we need your email and company, so we can follow up if the AI gets stuck, and to prevent abuse.

Limited to 2 questions per hour and 5 per day, kept lean so the AI stays useful. For more, contacting us directly works better for you and us.

Or skip the DIY entirely

Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.

Bring us inHow Managed IT works