| Industry | Manufacturing · Industrial equipment |
| Company size | 50–250 employees |
| Clients | Enterprise and public sector buyers across the EU |
| NIS2 classification | Important entity — manufacturing category |
| SEDIVIO product used | Cyrima |
| Challenge | NIS2 obligations with no structured programme, compliance tasks scattered across tools |
| Result | NIS2-ready, ISO 27001 controls tracked in Jira, audit preparation time reduced significantly |
↓ 65%
reduction in time spent preparing for compliance audits
100%
of NIS2 and ISO 27001 controls tracked with a named owner
The Challenge
NIS2 applies. Enterprise clients are asking. There is no structured programme in place.
The client is a mid-market industrial manufacturer supplying enterprise and public sector buyers across the EU. As a manufacturer of industrial equipment above the NIS2 size thresholds, the company falls within the important entity classification — meaning direct compliance obligations apply.
At the same time, the company’s enterprise clients had begun including ISO 27001 and NIS2 alignment requirements in their supplier contracts and renewal processes. Without documented controls and audit-ready evidence, those conversations were becoming harder to navigate — regardless of the quality of the products being supplied.
The company had no dedicated compliance function. Security and regulatory tasks lived in email threads and informal checklists, with no consistent ownership or process for producing evidence. Every audit or supplier assessment triggered a reactive scramble that pulled engineering time away from the core business.
Before SEDIVIO
- NIS2 obligations understood but not acted on structurally
- Compliance tasks tracked in email and informal checklists
- No named owner per control or regulatory requirement
- Evidence gathered reactively under audit or client pressure
- ISO 27001 and NIS2 treated as separate, unconnected problems
After SEDIVIO's help
- All controls managed as Jira tasks alongside regular work
- Every control assigned to a named owner with a deadline
- Evidence captured continuously inside Jira tickets
- ISO 27001 and NIS2 managed in one unified backlog
- Live compliance posture visible at any point in time
The Solution
Compliance that runs inside the workflow the team already uses.
SEDIVIO implemented Cyrima — a Jira Cloud plugin that maps NIS2 and ISO 27001 requirements to project-level tasks automatically, based on project type and risk profile. For this client, that meant regulatory obligations were translated into sprint-ready Jira tasks, assigned to specific team members, and tracked alongside regular operational work.
Risk analysis and scoping
Cyrima mapped the company’s project types — system development, infrastructure changes, supplier integrations — against NIS2 and ISO 27001 requirements. Controls were prioritised by actual risk, not blanket coverage across every possible framework item.
Compliance backlog in Jira
Each requirement became a structured Jira task — scoped, assigned to a role, and integrated into sprint planning. The team worked compliance the same way they worked any other operational task, without switching tools or processes.
Continuous evidence capture
As tasks were completed, evidence was recorded inside the ticket. When enterprise clients or auditors requested documentation, the team could respond immediately from a live, structured evidence base — not a last-minute document sprint.
Cyrima: NIS2 mapped to the Jira workflow
Cyrima mapped requirements to Jira tasks automatically. Each control was assigned to a team member and tracked alongside regular development work. Evidence was captured inside the ticket as tasks were completed.
Setting the standard, together.
From public institutions to innovation leaders – together we build a safer digital environment.
See how Cyrima and TestSec work together for your team.
Book a meeting with our team. We will listen to what you are working on and show you where SEDIVIO can help.
Omar Sharif Mamuzai
Head of Sales
