In Cenedril you build a baseline ISMS with ISMS Express for NIS-2 by running fifteen compact steps at /isms-wizard/express: from your organization’s basics through scope, assets and risks to finalisation. Express proposes industry-typical defaults at each step that you accept or adjust. At the end the assistant generates the mandatory documents and creates follow-up tasks for the detailed work that follows.
Start Express
Open ISMS Express
Open the assistant at ISMS Express for NIS-2. The first step, Overview, explains what Express does for you: industry-typical defaults, bundled capture of processes and assets, standard risks with assessment suggestions, and the mandatory documents.
Move to the next step
The navigation sits at the bottom of every page. Save & continue stores the current step and opens the next one. Save progress stores your state without advancing. A progress bar at the top shows Step n of 15.
Capture organization and leadership
Set the organization and risk schema
In the Organization step you enter the industry, locations, and the ISMS lead. These basics feed into almost every later step. On save, Express creates a default risk schema that you can inspect via Show details.
Confirm interested parties and scope
The Stakeholders & Requirements and Scope steps are pre-filled from the basics. Express adds six standard interested parties with matching requirements and places legal entities, locations, and departments in scope. Clear the checkboxes wherever something does not fit your organization.
Name leadership and scope of activities
In the Leadership step you name the top management’s information security lead along with all other members of executive management. That person later receives the commitment declaration by email. In the Scope of activities step you delimit which activities belong to the organization.
Assess assets and risks
Select information and supporting assets
In the Information assets step Express lists the typical assets per process category (for example contract documents, customer data, source code). In the Supporting assets step you select which supporting assets are actually in use: workplace hardware, servers, network, communication systems, cloud services, business applications, and external service providers. The selections become entries in the asset register, linked to the relevant processes.
Assess risks and confirm cyber hygiene
In the Risk assessment step Express proposes typical risks with a pre-assessment for each active asset cluster. You select the ones that apply and adjust likelihood and impact. In the Hygiene step you confirm the operational minimum standards in place, which mark the associated risk controls as implemented.
Review residual risk and ISMS Operations
In the Residual risk step Express derives a residual value per risk from the assigned controls and shows the matrix before and after controls. In the ISMS Operations and SecOps & BCM steps Express sets the operational sections to default values. In the Suppliers, IT administration & RACI step the NIS-2 mandatory flows and the default RACI role assignment are created.
Finalise Express
Review the final items
The Wrap-up step summarises the baseline system. You can adjust the security fundamentals policy, report the actual implementation status of your risk controls, and filter the proposed follow-up tasks. Set each task to Done where it is already implemented or not relevant, so no redundant tasks are created.
Finalize Express
Click Finalize Express. Cenedril saves your changes, generates the remaining mandatory policies, and creates the selected follow-up tasks. You then land back on the ISMS overview.
Result: the NIS-2-ready baseline ISMS is in place. The scope statement, commitment charter, information security policy, risk management policy, security fundamentals policy, and the Statement of Applicability are stored in Cenedril, the follow-up tasks are created, and you continue from the ISMS overview in the full assistant.