18 April has come and gone. And the debate in Belgium has shifted.

Until recently, NIS2 was all about intentions.
Frameworks that were being evaluated, steering groups that had yet to get started, plans that everyone agreed on but no one took ownership of.

That phase is over. The CCB now expects documentation to be on the table. A signed agreement with an accredited assessor, or a CyFun self-assessment that you can hand over today.

What we’re seeing with organisations that did register on time: the plan was there, the evidence wasn’t. Measures are described in one document, implementation is in another system, and the status exists only in the minds of three people. That works until someone wants to verify it.

And that is exactly what is happening now.

A CISO who has to show the board which controls have been implemented and which haven’t. A director who has to sign the statement of compliance, but cannot see at a glance how far the organisation has actually got.
A supply chain partner who sends a supplier questionnaire and expects a reply within a week.

Three situations, always the same pattern: the knowledge is there, the overview isn’t.

At IRM360, we work with organisations that want to bridge that gap.
Our platform integrates directly with CyberFundamentals and ISO 27001, so that measures, accountability and evidence are all managed within a single environment.
Not as an extra layer of registration on top of what you already have, but as the place where implementation and demonstrability come together.

On 20 and 21 May, we’ll be at Cybersec Europe in Brussels.
There, we’ll show you exactly what that looks like: from measure to evidence, from spreadsheet to an overview you can present to an auditor or your own board.

If you’d like to discuss how your organisation is currently performing with regard to CyFun or ISO 27001, send us a message.
We’ll then schedule a brief meeting before the event.
Better to be well prepared for the discussion than caught off guard by the next question.