| Industry | Energy · Utilities |
| Company size | 50–250 employees |
| Headquarters | Central Europe |
| Operations | Energy distribution and supply to business and residential customers |
| NIS2 classification | Important entity — energy sector |
| SEDIVIO product used | Cyrima |
| Challenge | NIS2 obligations with no structured programme, no named owners, audit anxiety |
| Result | NIS2-ready, ISO 27001 controls tracked in Jira |
↓ 60%
reduction in time spent preparing for compliance audits and regulatory reviews
100%
of NIS2 and ISO 27001 controls tracked with a named owner and documented evidence
The Challenge
NIS2 applies. The regulator is watching. There is no programme in place.
The client is a mid-market energy operator distributing and supplying energy to business and residential customers across Central Europe. As an energy sector company above the NIS2 size thresholds, it is classified as an important entity — meaning direct compliance obligations apply, with the national regulator as the supervisory authority.
NIS2 brought with it specific obligations that the company had not previously faced at this level of formality: documented risk management processes, structured incident reporting procedures, supply chain security requirements and evidence of continuous compliance monitoring. The organisation understood what was required — but had no structured way to manage it.
Compliance tasks lived in email threads and spreadsheets. There was no consistent ownership per control, no process for producing evidence, and no visibility into the overall compliance posture between audit cycles. Every regulatory deadline or supplier assessment triggered a reactive scramble that pulled team resources away from core operations.
Before Cyrima
- NIS2 obligations understood but not structurally addressed
- Compliance tasks tracked in spreadsheets and email threads
- No named owner per control or regulatory requirement
- Evidence gathered reactively before audits and regulatory reviews
- No real-time visibility into overall compliance posture
After Cyrima
- All controls managed as Jira tasks alongside regular operations
- Every control assigned to a named owner with a deadline
- Evidence captured continuously inside Jira tickets
- NIS2 and ISO 27001 managed in one unified backlog
- Live compliance posture visible to the team at any point
We knew NIS2 applied to us. What we did not know was where to start — or who in the team was actually responsible for what
The Solution
NIS2 compliance that runs inside the team’s existing workflow.
SEDIVIO implemented Cyrima — a Jira Cloud plugin that translates NIS2 and ISO 27001 requirements into project-level tasks automatically, based on project type and risk profile. For this client, that meant regulatory obligations were broken down into sprint-ready Jira tasks, assigned to specific team members, and tracked as part of normal operational work — without a separate compliance system or additional headcount.
Risk analysis and scoping
Cyrima mapped the operator’s project types — infrastructure changes, system updates, supplier integrations, customer-facing platforms — against NIS2 and ISO 27001 requirements. Controls were prioritised by actual risk level, not blanket coverage of every possible framework item.
Compliance backlog in Jira
Each requirement became a structured Jira task — scoped, assigned to a named team member, and integrated into regular sprint planning. The team worked compliance the same way they worked any other operational task, in the tool they already used every day
Continuous evidence capture
As tasks were completed, evidence was recorded inside the ticket automatically. When the national regulator or internal auditors requested documentation, the team could respond immediately from a live, structured evidence base — not a last-minute document sprint.
Real-time compliance visibility
Management and the operations team could see open controls, completed evidence and overall compliance posture across active projects at any point in time — not just in the weeks before a regulatory review.
Setting the standard, together.
From public institutions to innovation leaders – together we build a safer digital environment.
See how Cyrima works for your team.
Book a meeting and we’ll map your ISO 27001 or NIS2 requirements to a Cyrima implementation plan — no obligation.
Omar Szarif Mamuzai
Head of Sales
