Skip to main content
Image coming soon

The NIS2 Playbook for the German Mittelstand IT Integrator

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The NIS2 Playbook for the German Mittelstand IT Integrator

A ready-to-sell NIS2 readiness package a small German integrator can run with a Mittelstand customer without compiling reference material from scratch each time.

Mittelstand customers ask their IT integrator about NIS2 in 2026. Small integrators field the question without a ready playbook while larger SIs sell their internal package. The course delivers the ready package.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Mittelstand customers are now in scope under the German NIS2 transposition. They turn to their existing IT integrator first. Smaller German integrators have the technical capability but lack a ready-to-sell readiness package, so each engagement begins with three weeks of compiling reference material. Larger SIs sell from their internal NIS2 frameworks at a price that prices the smaller integrator out of the opening conversation.

The course closes that gap. It teaches the building of a NIS2 readiness package for the Mittelstand market: essential-vs-important entity assessment translated to Mittelstand turnover and headcount, the ten cybersecurity measures translated to plain language a Geschäftsführer reads in one sitting, an incident reporting workflow aligned to BSI templates, a supply-chain security checklist a Mittelstand procurement team runs in a week, and the management responsibilities slide deck.

The course also covers the engagement structure: how to convert a NIS2 readiness assessment into a six-month retainer at Mittelstand price points. Twelve modules with deliverables. Plus a hand-built playbook for your specific customer mix.

What you walk away with

  • A documented NIS2 essential-vs-important entity assessment for the Mittelstand.
  • Ten cybersecurity measures translated into Geschäftsführer-readable language.
  • An incident reporting workflow aligned to BSI templates.
  • A Mittelstand procurement-runnable supply-chain checklist.
  • A management responsibilities slide deck.
  • A six-month retainer engagement structure.
  • A 10-week build plan.

The 12 modules

Module 1. The German Mittelstand NIS2 landscape
Walkthrough of the Mittelstand NIS2 scope. German transposition (NIS2-Umsetzungsgesetz) and the BSI guidance. How the EU NIS2 Directive lands on Mittelstand turnover and headcount thresholds. What customer-CIOs ask first. What customer-CFOs ask second. The competitive landscape against larger SIs running internal NIS2 frameworks. The strategic decisions a small integrator faces in pricing and packaging.
Module 2. Essential vs important entity assessment
Build the assessment framework: the scope tests translated to Mittelstand sector codes and turnover bands, the documentation that supports the classification decision, the borderline cases (manufacturing, energy-adjacent, healthcare-adjacent, telco resellers, ICT service providers) and how to position them, and the sign-off pack the Mittelstand customer can take to their auditor.
Module 3. Translating the ten cybersecurity measures
Translate each of the ten NIS2 cybersecurity risk management measures into language a Geschäftsführer reads in one sitting. Risk analysis, incident handling, business continuity, supply chain, security in acquisition, effectiveness assessment, basic cyber hygiene and training, cryptography, HR security, MFA. Each translated to a one-paragraph framing plus a maturity scoring grid.
Module 4. Incident reporting workflow aligned to BSI
Build the incident reporting workflow: the 24-hour early warning template, the 72-hour notification template, the one-month full report template, the BSI-Meldeportal submission flow, the customer escalation tree, and the post-incident review pack that satisfies the BSI follow-up question. Plus the playbook for the inevitable customer-side panic call at hour two.
Module 5. Supply-chain security checklist
Build the supply-chain security checklist a Mittelstand procurement team runs in a week. Tier-1 supplier inventory, supplier security questionnaire short-form, supplier contract clause library, supplier incident notification clause, supplier audit right clause, sub-supplier disclosure clause, and the supplier-risk scoring template the customer's procurement director signs.
Module 6. Management responsibilities slide deck
Build the management responsibilities slide deck: the personal liability framing under NIS2 article 20, the board-of-directors briefing format, the C-level training requirement framework, the executive cyber-tabletop format, and the annual attestation pack. Plus the script for the awkward question a Geschäftsführer asks about personal exposure.
Module 7. Documentation and evidence framework
Build the documentation and evidence framework: the policy library structure the customer maintains, the evidence collection cadence, the document control framework, the audit trail framework, and the version control framework. Aligned so the customer's existing ISMS or QMS investment is reused, not duplicated.
Module 8. Sector overlays for the Mittelstand
Build the sector overlays: manufacturing NIS2 overlay, energy-utility NIS2 overlay, ICT service provider NIS2 overlay, transport NIS2 overlay, food sector NIS2 overlay, postal and courier NIS2 overlay, and the wastewater overlay. Each maps the ten measures to sector-specific operational realities.
Module 9. Pricing the readiness package
Build the pricing for the readiness package at Mittelstand price points. Fixed-price assessment, fixed-price gap remediation, fixed-price documentation set, and the six-month managed posture retainer. Plus the customer-facing ROI calculation that justifies the engagement against the personal liability framing in module 6.
Module 10. Six-month retainer engagement structure
Build the engagement structure that converts a readiness assessment into a six-month retainer. Monthly posture review, quarterly tabletop exercise, supplier monitoring, incident response standby, change advisory review, and the executive briefing cadence. Plus the language for the renewal conversation at month five.
Module 11. Sales motion and discovery
Build the sales motion. Discovery questions that surface scope, qualification questions that surface budget, the conversation script for the Geschäftsführer who has not yet read about NIS2, the conversation script for the Geschäftsführer who has, and the proposal template the customer signs without legal back-and-forth.
Module 12. Your 10-week build plan
Week by week. Weeks 1-2: Mittelstand landscape and essential-vs-important assessment. Weeks 3-4: ten measures translated and incident reporting workflow. Weeks 5-6: supply-chain checklist and management slide deck. Weeks 7-8: documentation framework and sector overlays. Weeks 9-10: pricing, retainer structure, sales motion. Deliverable: a ready-to-sell NIS2 readiness package for your Mittelstand customer base.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Customers ask about NIS2 → Module 2 hands you the assessment.
The Geschäftsführer needs the ten measures in plain language → Module 3.
The customer wonders what to file with BSI when the incident hits → Module 4.
Procurement asks for a supplier process → Module 5.
The board asks about personal liability → Module 6.
The customer wants documentation that aligns with their ISMS → Module 7.
The customer is in a regulated sub-sector → Module 8.
You need to price the engagement → Module 9.
The customer wants ongoing posture, not a one-shot → Module 10.
You need a sales motion → Module 11.

What you get with this course

  • The 12-module course delivered as text plus downloadable templates.
  • Templates and worked examples for every module.
  • A hand-built playbook generated for your specific customer mix.
  • Three reference packages drawn from peer Mittelstand engagements.
  • Scripted talking points for the Geschäftsführer engagement.

What you will have in hand by Day 1, Week 1, Month 1

Day 1: Mittelstand assessment scaffold drafted.

Week 4: Ten measures and incident workflow designed.

Week 8: Supply-chain, management slide deck, documentation framework operational.

Week 10: Ready-to-sell package in market.

Before and after

Before

Each NIS2 conversation starts with three weeks of compiling reference material. Larger SIs price you out of the opening. Engagements end at the assessment with no retainer.

After

A ready-to-sell readiness package opens the conversation. The Mittelstand customer sees a small integrator with a sharper answer than the SI alternative. The assessment converts to a six-month retainer.

What happens if you do not address this

Customers do not wait. Larger SIs are already packaging NIS2 for the Mittelstand. The window for a small German integrator to define the offering is now.

Who it is for

For German Mittelstand IT integrator principals, lead consultants, and senior security architects at small-to-mid German systems integrator firms serving the Mittelstand.

Who this is NOT for. Pure non-integrator roles. Practitioners at firms with no German Mittelstand business. Pure non-cybersecurity roles.

How it arrives

Text-based course via LMS, plus downloadable templates and worked examples and the hand-built playbook.

Time investment. Roughly 18 hours of reading and 60 to 120 hours of build effort across the 10-week plan.

Why $199 is the right number

External NIS2 readiness consultants charge from 50,000 to 200,000 EUR for a Mittelstand-shaped package build. 199 USD buys the focused playbook and the implementation document for your customer mix.

FAQ

Will this work for non-Mittelstand customers?
Partially. The framework adapts, but the pricing and packaging modules are tuned for Mittelstand price points.
What if my customers are mostly manufacturing?
Module 8 covers manufacturing NIS2 overlay in depth.
Does this cover the cooperation between integrator and customer-side CISO?
Module 10 covers the engagement structure including customer-CISO interfaces.
What is in the implementation playbook for me specifically?
Pricing tailored to your customer mix, sales discovery questions tuned to your sector concentration, a six-month retainer template matched to your team capacity.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!