B.2
B.2.1
Network and systems security policy
Top-level document required by law.
2–3 daysfrom 1,320 €
B.2.2
Risk Management framework
Risk register, likelihood/impact matrix, treatment plan, annual review.
5–8 daysfrom 1,560 €
B.2.3
Asset Management — IT inventory
CMDB, automated inventory of servers, containers, SaaS subscriptions, certificates.
5–10 daysfrom 1,920 €
B.2.4
Network segmentation
Separation of production/test/office networks; Zero Trust / microsegmentation.
5–10 daysfrom 1,920 €
B.2.5
Backup and recovery (BCP/DRP)
3-2-1 strategy, immutable backups, restoration tests.
5–10 daysfrom 1,920 €
B.2.6
Vulnerability management
Nessus/Trivy/OpenVAS deployment, CVSS-based remediation, patching SLA.
5–8 daysfrom 1,560 €
B.2.7Monthly
Endpoint protection
EDR/AV on servers and workstations, central management, 24/7 alert response.
1 daysfrom 480 €
B.2.8
Supply chain security
Vendor verification, SBOM, security questionnaire for vendors.
5–8 daysfrom 1,560 €