30/90
NIS2 operational plan in 30/90 days
A practical timeline to activate controls, response, and evidence with clear ownership.
Days 1-30: Baseline and governance
- • Asset and dependency inventory by business criticality.
- • Incident owner matrix and escalation path definition.
- • Telemetry onboarding for SIEM/SOC visibility.
Days 31-60: Detection and response
- • Prioritized use cases mapped to top threats.
- • Playbooks for ransomware, BEC, and identity abuse.
- • 24/72 reporting workflow tests.
Days 61-90: Evidence and readiness
- • Tabletop exercise with leadership and technical team.
- • Audit-ready evidence package.
- • KPI baseline (MTTD/MTTR/reporting quality).