{"id":18789,"date":"2026-05-26T16:16:50","date_gmt":"2026-05-26T14:16:50","guid":{"rendered":""},"modified":"2026-05-26T16:16:50","modified_gmt":"2026-05-26T14:16:50","slug":"nis-2","status":"publish","type":"page","link":"https:\/\/www.grip-facility.com\/en\/platform\/nis-2\/","title":{"rendered":"NIS-2 Compliance for Healthcare and Education | GRIP \u2014 connecting contracts &#038; facility"},"content":{"rendered":"\n<style>\n.hero__btn--secondary{background:transparent;color:#fff;border:2px solid rgba(255,255,255,0.6)}.hero__btn--secondary:hover{background:rgba(255,255,255,0.12);border-color:#fff;transform:translateY(-2px);color:#fff}.nis2-eyebrow-pill{display:inline-block;background:rgba(255,75,42,0.15);color:#FF4B2A;font-size:0.72rem;font-weight:700;letter-spacing:0.08em;text-transform:uppercase;padding:4px 12px;border-radius:12px;border:1px solid rgba(255,75,42,0.25);margin-bottom:1rem}\n.nis2-pijlers{display:grid;grid-template-columns:repeat(3,1fr);gap:1.5rem;margin-top:2.5rem}\n.nis2-pc{background:#fff;border:1px solid #E5E7EB;border-radius:16px;padding:1.75rem;transition:box-shadow 0.2s;border-top:3px solid #006BFF}\n.nis2-pc:hover{box-shadow:0 8px 24px rgba(0,0,0,0.08)}\n.nis2-pc-num{font-size:0.7rem;font-weight:700;letter-spacing:0.12em;text-transform:uppercase;color:#006BFF;margin-bottom:0.6rem;font-family:\"Poppins\",sans-serif}\n.nis2-pc-title{font-size:1rem;font-weight:700;color:#0F172A;margin-bottom:0.5rem;font-family:\"Poppins\",sans-serif}\n.nis2-pc-desc{font-size:0.875rem;color:#64748B;line-height:1.6;margin-bottom:0.75rem;font-family:\"Poppins\",sans-serif}\n.nis2-pc-tag{display:inline-block;background:#EFF6FF;color:#006BFF;font-size:0.72rem;font-weight:600;padding:3px 10px;border-radius:12px;font-family:\"Poppins\",sans-serif}\n.nis2-pijlers-img{margin-top:2.5rem;border-radius:16px;overflow:hidden;box-shadow:0 4px 32px rgba(0,0,0,0.10)}\n.nis2-pijlers-img img{width:100%;display:block}\n.nis2-diff{background:linear-gradient(135deg,#0F172A 0%,#1E3A5F 100%);border-radius:20px;padding:2.5rem;margin-top:2.5rem;display:flex;gap:2rem;align-items:flex-start}\n.nis2-diff-icon{background:rgba(0,107,255,0.2);border-radius:12px;padding:1rem;flex-shrink:0;color:#60A5FA;font-size:1.5rem;line-height:1}\n.nis2-diff-title{font-size:1.15rem;font-weight:700;color:#fff;margin-bottom:0.5rem;font-family:\"Poppins\",sans-serif}\n.nis2-diff-text{font-size:0.9rem;color:rgba(255,255,255,0.8);line-height:1.65;font-family:\"Poppins\",sans-serif}\n.nis2-diff-badges{display:flex;gap:0.5rem;flex-wrap:wrap;margin-top:1rem}\n.nis2-diff-badge{background:rgba(255,255,255,0.1);color:rgba(255,255,255,0.85);font-size:0.75rem;font-weight:600;padding:4px 12px;border-radius:12px;border:1px solid rgba(255,255,255,0.15);font-family:\"Poppins\",sans-serif}\n.nis2-scan-placeholder{background:#F8FAFC;border:2px dashed #E2E8F0;border-radius:20px;padding:3rem 2rem;margin-top:2rem;text-align:center}.nis2-intro{font-size:1rem;font-weight:400;color:#475569;line-height:1.7;margin-bottom:0;text-transform:none;letter-spacing:0}\n@media(max-width:900px){.nis2-pijlers{grid-template-columns:1fr 1fr}.nis2-diff{flex-direction:column}}\n@media(max-width:600px){.nis2-pijlers{grid-template-columns:1fr}}\n<\/style>\n\n<section class=\"hero hero--blue\">\n  <div class=\"hero__overlay\">\n    <div class=\"hero__inner\">\n      <div class=\"hero__content\">\n        <span class=\"hero__eyebrow\">NIS-2 Compliance<\/span>\n        <span class=\"nis2-eyebrow-pill\">Cybersecurity Act &#8212; taking effect in Q2 2026<\/span>\n\n        <h1 class=\"hero__title\">\n          Make your contracts and suppliers <span class=\"highlight\">NIS-2 compliant<\/span>\n        <\/h1>\n\n        <p class=\"hero__subtitle\">\n          The Cybersecurity Act is coming. GRIP helps healthcare, education, and public sector organizations make their contracts and suppliers NIS-2 compliant, step by step &#8212; at your own pace.\n        <\/p>\n\n        <div class=\"hero__actions\">\n          <a href=\"#nis2-scan\" class=\"hero__btn hero__btn--primary\">Take the NIS-2 scan<\/a>\n          <a href=\"\/demo\/\" class=\"hero__btn hero__btn--secondary\">Book a demo<\/a>\n        <\/div>\n\n        <div class=\"hero__meta\">\n          <span class=\"hero__meta-pill\">Healthcare<\/span>\n          <span class=\"hero__meta-pill\">Education<\/span>\n          <span class=\"hero__meta-pill\">Public sector<\/span>\n          <span class=\"hero__meta-pill\">Energy &amp; transport<\/span>\n        <\/div>\n      <\/div>\n\n      <div class=\"hero__media\">\n        <div class=\"hero__media-frame\">\n          <img decoding=\"async\" src=\"\/wp-content\/uploads\/2026\/01\/contract-overview.png\" alt=\"Contract overview in GRIP\" class=\"hero__image\">\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n<\/section>\n\n\n\n\n\n<div style=\"max-width:1120px;margin:0 auto 0.5rem;padding:1rem 1.5rem;background:#F0F7FF;border-left:4px solid #006BFF;border-radius:6px;font-family:'Poppins',sans-serif;\">\n  <p style=\"margin:0;font-size:0.95rem;color:#0F172A;line-height:1.6;\">Want to understand what NIS-2 requires from your supplier contracts? Read the full explanation: <a href=\"https:\/\/www.grip-facility.com\/nis2-contractmanagement-leveranciers\/\" style=\"color:#006BFF;font-weight:600;text-decoration:underline;\">NIS-2 and contract management: control over your supplier risks<\/a>.<\/p>\n<\/div>\n\n\n\n\n\n<section class=\"kpi-section\">\n  <div class=\"kpi-grid\">\n    <div class=\"kpi-item\">\n      <div class=\"kpi-number\">Q2 2026<\/div>\n      <div class=\"kpi-label\">Cybersecurity Act in effect &#8212; no transition period<\/div>\n    <\/div>\n    <div class=\"kpi-item\">\n      <div class=\"kpi-number\">4-6 wk<\/div>\n      <div class=\"kpi-label\">average onboarding at GRIP &#8212; NIS-2 ready within one quarter<\/div>\n    <\/div>\n    <div class=\"kpi-item\">\n      <div class=\"kpi-number\">24 uur<\/div>\n      <div class=\"kpi-label\">first notification for a security incident &#8212; GRIP helps you streamline that process<\/div>\n    <\/div>\n    <div class=\"kpi-item\">\n      <div class=\"kpi-number\">268+<\/div>\n      <div class=\"kpi-label\">organizations already manage their contracts and suppliers in GRIP<\/div>\n    <\/div>\n  <\/div>\n<\/section>\n\n\n\n\n\n<section class=\"challenges-section\">\n  <div class=\"challenges-container\">\n    <span class=\"challenges-eyebrow\">NIS-2 in 60 seconds<\/span>\n    <h2 class=\"challenges-heading\">What the law requires &#8212; and where GRIP helps<\/h2>\n\n    <div class=\"challenges-grid\">\n      <div class=\"challenge-card\">\n        <div class=\"challenge-icon\">\n          <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewBox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" width=\"32\" height=\"32\">\n            <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M13.19 8.688a4.5 4.5 0 0 1 1.242 7.244l-4.5 4.5a4.5 4.5 0 0 1-6.364-6.364l1.757-1.757m13.35-.622 1.757-1.757a4.5 4.5 0 0 0-6.364-6.364l-4.5 4.5a4.5 4.5 0 0 0 1.242 7.244\" \/>\n          <\/svg>\n        <\/div>\n        <h3 class=\"challenge-title\">Supply chain security (art. 21)<\/h3>\n        <p class=\"challenge-desc\">Document security agreements per supplier: incident reporting obligations, audit rights, and minimum security policies. We make it workable.<\/p>\n      <\/div>\n\n      <div class=\"challenge-card\">\n        <div class=\"challenge-icon\">\n          <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewBox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" width=\"32\" height=\"32\">\n            <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M12 6v6h4.5m4.5 0a9 9 0 1 1-18 0 9 9 0 0 1 18 0Z\" \/>\n          <\/svg>\n        <\/div>\n        <h3 class=\"challenge-title\">Incident reporting obligation (art. 23)<\/h3>\n        <p class=\"challenge-desc\">Security incidents must be reported within 24 hours (early warning), 72 hours (update), and 1 month (final report) to CSIRT. GRIP gives you the structure to meet those deadlines with ease.<\/p>\n      <\/div>\n\n      <div class=\"challenge-card\">\n        <div class=\"challenge-icon\">\n          <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewBox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" width=\"32\" height=\"32\">\n            <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M3.75 3v11.25A2.25 2.25 0 0 0 6 16.5h2.25M3.75 3h-1.5m1.5 0h16.5m0 0h1.5m-1.5 0v11.25A2.25 2.25 0 0 1 18 16.5h-2.25m-7.5 0h7.5m-7.5 0-1 3m8.5-3 1 3m0 0 .5 1.5m-.5-1.5h-9.5m0 0-.5 1.5m.75-9 3-3 2.148 2.148A12.061 12.061 0 0 1 16.5 7.605\" \/>\n          <\/svg>\n        <\/div>\n        <h3 class=\"challenge-title\">Risk management per supplier<\/h3>\n        <p class=\"challenge-desc\">A current risk register per supplier, with classification and mitigating measures. In GRIP you maintain that without extra spreadsheets.<\/p>\n      <\/div>\n\n      <div class=\"challenge-card\">\n        <div class=\"challenge-icon\">\n          <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewBox=\"0 0 24 24\" stroke-width=\"1.5\" stroke=\"currentColor\" width=\"32\" height=\"32\">\n            <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M19.5 14.25v-2.625a3.375 3.375 0 0 0-3.375-3.375h-1.5A1.125 1.125 0 0 1 13.5 7.125v-1.5a3.375 3.375 0 0 0-3.375-3.375H8.25m0 12.75h7.5m-7.5 3H12M10.5 2.25H5.625c-.621 0-1.125.504-1.125 1.125v17.25c0 .621.504 1.125 1.125 1.125h12.75c.621 0 1.125-.504 1.125-1.125V11.25a9 9 0 0 0-9-9Z\" \/>\n          <\/svg>\n        <\/div>\n        <h3 class=\"challenge-title\">Evidence for the regulator<\/h3>\n        <p class=\"challenge-desc\">During an inspection by IGJ or NCSC you quickly need a complete compliance file. GRIP generates that with one click &#8212; everything in one place.<\/p>\n      <\/div>\n    <\/div>\n  <\/div>\n<\/section>\n\n\n\n\n\n<section class=\"feature-section\" style=\"background:#F8FAFC;\" id=\"nis2-scan\">\n  <div class=\"feature-container\">\n    <h2 class=\"feature-heading\" style=\"text-align:center;\">Where do you stand with NIS-2?<\/h2>\n    <p class=\"nis2-intro\" style=\"text-align:center;max-width:680px;margin-left:auto;margin-right:auto;\">\n      Take the free scan and receive a personalized report within 2 minutes: where you stand strong, where work remains, and which step is best to take first. No sales pitch &#8212; just an honest picture.\n    <\/p>\n\n    <style>\n      .nis2w{--blue:#1E3A5F;--blue-soft:#F0F5FB;--orange:#FF4B2A;--ink:#0F172A;--muted:#64748B;--line:#E5E9F0;--soft:#F8FAFC;--green:#10B981;--amber:#F59E0B;--red:#EF4444;font-family:\"Poppins\",sans-serif;background:#fff;border:1px solid var(--line);border-radius:20px;padding:2.5rem;margin-top:2rem;box-shadow:0 4px 24px rgba(15,23,42,0.06);max-width:760px;margin-left:auto;margin-right:auto}\n      .nis2w *{box-sizing:border-box}\n      .nis2w-progress{display:flex;align-items:center;gap:0.75rem;margin-bottom:2rem;font-size:0.78rem;color:var(--muted);font-weight:600;letter-spacing:0.04em;text-transform:uppercase}\n      .nis2w-progress-bar{flex:1;height:3px;background:#EEF2F7;border-radius:2px;overflow:hidden}\n      .nis2w-progress-fill{height:100%;background:var(--blue);border-radius:2px;transition:width 0.4s ease}\n      .nis2w-step-label{flex-shrink:0}\n\n      .nis2w-q{padding:1.25rem 0;border-top:1px solid var(--line)}\n      .nis2w-q:first-child{border-top:none;padding-top:0}\n      .nis2w-q-label{font-size:0.98rem;font-weight:600;color:var(--ink);margin-bottom:0.85rem;line-height:1.45;display:flex;gap:0.6rem;align-items:flex-start}\n      .nis2w-q-num{flex-shrink:0;display:inline-flex;align-items:center;justify-content:center;width:1.6rem;height:1.6rem;background:var(--blue-soft);color:var(--blue);font-size:0.75rem;font-weight:700;border-radius:50%;margin-top:0.05rem}\n      .nis2w-q.is-answered .nis2w-q-num{background:var(--blue);color:#fff}\n      .nis2w-q.is-locked{opacity:0.45;pointer-events:none}\n\n      .nis2w-options{display:flex;flex-wrap:wrap;gap:0.5rem}\n      .nis2w-options.is-stack{flex-direction:column}\n      .nis2w-options.is-stack .nis2w-opt{width:100%;text-align:left}\n      .nis2w-opt{flex:1 1 auto;min-width:80px;padding:0.7rem 1rem;border:1.5px solid var(--line);border-radius:10px;background:#fff;font-family:inherit;font-size:0.9rem;font-weight:500;color:var(--ink);cursor:pointer;transition:all 0.15s ease;text-align:center}\n      .nis2w-opt:hover{border-color:var(--blue);background:var(--blue-soft)}\n      .nis2w-opt.is-selected{border-color:var(--blue);background:var(--blue);color:#fff;font-weight:600}\n\n      .nis2w-sub-block{margin-top:0.85rem;padding:1rem 1.1rem;background:var(--blue-soft);border-radius:10px}\n      .nis2w-sub-label{font-size:0.85rem;font-weight:600;color:var(--blue);margin-bottom:0.6rem}\n      .nis2w-sub-block .nis2w-options .nis2w-opt{background:#fff}\n      .nis2w-sub-block .nis2w-options .nis2w-opt.is-selected{background:var(--blue);color:#fff}\n\n      .nis2w-actions{display:flex;justify-content:space-between;align-items:center;gap:1rem;margin-top:2rem;padding-top:1.5rem;border-top:1px solid var(--line)}\n      .nis2w-btn{display:inline-block;padding:0.8rem 1.7rem;border-radius:10px;font-family:inherit;font-size:0.92rem;font-weight:600;cursor:pointer;border:none;transition:all 0.15s ease;text-decoration:none;text-align:center}\n      .nis2w-btn-primary{background:var(--blue);color:#fff}\n      .nis2w-btn-primary:hover{background:#152C4A;transform:translateY(-1px)}\n      .nis2w-btn-primary:disabled{background:#CBD5E1;color:#fff;cursor:not-allowed;transform:none}\n      .nis2w-btn-ghost{background:transparent;color:var(--muted);border:1px solid var(--line)}\n      .nis2w-btn-ghost:hover{color:var(--blue);border-color:var(--blue)}\n      .nis2w-counter{font-size:0.82rem;color:var(--muted)}\n\n      .nis2w-input{width:100%;padding:0.7rem 0.9rem;border:1.5px solid var(--line);border-radius:10px;font-family:inherit;font-size:0.92rem;color:var(--ink);background:#fff;transition:border-color 0.15s}\n      .nis2w-input:focus{outline:none;border-color:var(--blue)}\n      .nis2w-field{margin-bottom:0.9rem}\n      .nis2w-field label{display:block;font-size:0.85rem;font-weight:600;color:var(--ink);margin-bottom:0.4rem}\n      .nis2w-grid2{display:grid;grid-template-columns:1fr 1fr;gap:1rem}\n      .nis2w-checkbox{display:flex;align-items:flex-start;gap:0.6rem;font-size:0.85rem;color:var(--muted);line-height:1.5;cursor:pointer;margin-top:0.5rem}\n      .nis2w-checkbox input{margin-top:0.2rem;flex-shrink:0}\n      .nis2w-error{font-size:0.85rem;color:var(--red);margin-top:0.6rem}\n\n      .nis2w-result-hero{text-align:center;padding:0.5rem 0 1.5rem 0}\n      .nis2w-ring{width:160px;height:160px;margin:0 auto 1.25rem auto;position:relative}\n      .nis2w-ring svg{transform:rotate(-90deg)}\n      .nis2w-ring-bg{fill:none;stroke:#EEF2F7;stroke-width:10}\n      .nis2w-ring-fg{fill:none;stroke-width:10;stroke-linecap:round;transition:stroke-dashoffset 0.6s ease,stroke 0.3s}\n      .nis2w-ring-text{position:absolute;inset:0;display:flex;flex-direction:column;align-items:center;justify-content:center}\n      .nis2w-ring-num{font-size:2.5rem;font-weight:700;color:var(--ink);line-height:1}\n      .nis2w-ring-of{font-size:0.78rem;color:var(--muted);margin-top:0.2rem}\n      .nis2w-verdict{font-size:1.1rem;font-weight:700;margin-bottom:0.4rem}\n      .nis2w-verdict-sub{font-size:0.92rem;color:var(--muted);max-width:520px;margin:0 auto;line-height:1.55}\n      .nis2w-subscores{display:grid;grid-template-columns:repeat(3,1fr);gap:0.75rem;margin:1.5rem 0}\n      .nis2w-sub-card{background:var(--soft);border-radius:12px;padding:1rem;text-align:center}\n      .nis2w-sub-name{font-size:0.72rem;font-weight:600;color:var(--muted);text-transform:uppercase;letter-spacing:0.05em;margin-bottom:0.4rem}\n      .nis2w-sub-val{font-size:1.4rem;font-weight:700;color:var(--ink)}\n      .nis2w-section-title{font-size:0.78rem;font-weight:700;color:var(--blue);text-transform:uppercase;letter-spacing:0.06em;margin:2rem 0 0.75rem 0}\n      .nis2w-issue{display:flex;gap:0.75rem;padding:0.85rem 1rem;background:var(--soft);border-left:3px solid var(--amber);border-radius:8px;margin-bottom:0.6rem}\n      .nis2w-issue.is-no{border-left-color:var(--red)}\n      .nis2w-issue-body{font-size:0.88rem;color:var(--ink);line-height:1.55}\n      .nis2w-issue-feature{display:block;font-size:0.78rem;color:var(--blue);font-weight:600;margin-top:0.25rem}\n      .nis2w-steps{counter-reset:step;list-style:none;padding:0;margin:0}\n      .nis2w-steps li{counter-increment:step;position:relative;padding:0.6rem 0 0.6rem 2.25rem;font-size:0.92rem;color:var(--ink);line-height:1.5}\n      .nis2w-steps li::before{content:counter(step);position:absolute;left:0;top:0.55rem;width:1.6rem;height:1.6rem;background:var(--blue);color:#fff;border-radius:50%;font-size:0.78rem;font-weight:700;display:flex;align-items:center;justify-content:center}\n      .nis2w-result-actions{display:flex;flex-wrap:wrap;gap:0.75rem;justify-content:center;margin-top:2rem;padding-top:1.5rem;border-top:1px solid var(--line)}\n      .nis2w-disclaimer{font-size:0.78rem;color:var(--muted);text-align:center;margin-top:1.5rem;font-style:italic;line-height:1.5}\n\n      @media(max-width:640px){\n        .nis2w{padding:1.5rem}\n        .nis2w-grid2{grid-template-columns:1fr}\n        .nis2w-subscores{grid-template-columns:1fr}\n        .nis2w-actions{flex-direction:column-reverse;align-items:stretch}\n        .nis2w-actions .nis2w-btn{width:100%}\n        .nis2w-counter{text-align:center}\n        .nis2w-opt{flex:1 1 calc(50% - 0.25rem)}\n      }\n    <\/style>\n\n    <div class=\"nis2w\" id=\"nis2-scan-widget\">\n      <div class=\"nis2w-progress\">\n        <span class=\"nis2w-step-label\" id=\"nis2w-step-label\">0 van 14 beantwoord<\/span>\n        <div class=\"nis2w-progress-bar\"><div class=\"nis2w-progress-fill\" id=\"nis2w-progress-fill\" style=\"width:0%\"><\/div><\/div>\n      <\/div>\n      <div id=\"nis2w-content\"><\/div>\n    <\/div>\n\n    <script>\n    (function(){\n      var widget = document.getElementById('nis2-scan-widget');\n      if(!widget) return;\n      var contentEl = document.getElementById('nis2w-content');\n      var stepLabel = document.getElementById('nis2w-step-label');\n      var progressFill = document.getElementById('nis2w-progress-fill');\n\n      var state = {\n        phase: 'questions', \/\/ 'questions' | 'lead' | 'result'\n        sectorMain: null,   \/\/ 'zorg' | 'onderwijs' | 'publiek' | 'anders'\n        sectorSub: null,    \/\/ 'cure' | 'care' | 'ho' | 'mbo' | 'vo' | 'energie' | 'overheid' | null\n        size: null,\n        suppliers: null,\n        answers: {},\n        lead: { name:'', role:'', org:'', email:'', phone:'', consent:false }\n      };\n\n      var sectorMainOpts = [\n        { value:'zorg', label:'Healthcare', subs:[\n          { value:'cure', label:'Cure (hospitals, clinics)' },\n          { value:'care', label:'Care (mental health, nursing homes, home care)' }\n        ]},\n        { value:'onderwijs', label:'Education', subs:[\n          { value:'ho', label:'Higher education (university\/college)' },\n          { value:'mbo', label:'Vocational education (MBO)' },\n          { value:'vo', label:'Secondary education' }\n        ]},\n        { value:'publiek', label:'Public sector', subs:[\n          { value:'overheid', label:'Municipality or province' },\n          { value:'energie', label:'Energy or transport' }\n        ]},\n        { value:'anders', label:'Other', subs:null }\n      ];\n\n      var sizeOpts = [\n        { value:'<50', label:'Fewer than 50' },\n        { value:'50-250', label:'50 to 250' },\n        { value:'250+', label:'More than 250' }\n      ];\n\n      var supplierOpts = [\n        { value:'<10', label:'Fewer than 10' },\n        { value:'10-50', label:'10 to 50' },\n        { value:'50+', label:'More than 50' }\n      ];\n\n      var nis2Questions = [\n        { id:'q1', cat:'supply', text:'Do you have a current overview of all your critical suppliers?', feature:'Supplier and contract register' },\n        { id:'q2', cat:'supply', text:'Do supplier contracts contain security clauses (reporting obligations, audits, minimum policies)?', feature:'Security clauses per contract' },\n        { id:'q3', cat:'supply', text:'Do you periodically verify that suppliers still comply with the agreements?', feature:'Annual supplier evaluation' },\n        { id:'q4', cat:'audit', text:'Do you have an audit trail of who changed what and when in contracts?', feature:'Change set + event log' },\n        { id:'q5', cat:'gov', text:'Do you have a documented process for incident reporting (24h\/72h\/1mo)?', feature:'Incident management module' },\n        { id:'q6', cat:'gov', text:'Is the board demonstrably involved in cybersecurity decisions?', feature:'NIS-2 KPI theme board dashboard' },\n        { id:'q7', cat:'gov', text:'Do you have a current risk register per supplier?', feature:'Risk classification per contract' },\n        { id:'q8', cat:'audit', text:'Are contract changes reviewed before approval?', feature:'Change set approval workflow' },\n        { id:'q9', cat:'audit', text:'Do you have one central place for all contracts and attachments with version control?', feature:'Document vault' },\n        { id:'q10', cat:'audit', text:'Can you provide evidence within a week for a NIS-2 inspection?', feature:'Regulator report' }\n      ];\n\n      var answerOpts = [\n        { value:'ja', label:'Yes' },\n        { value:'deels', label:'Partly' },\n        { value:'nee', label:'No' }\n      ];\n\n      var TOTAL_STEPS = 13; \/\/ sector(+sub als 1 stap visueel) + size + suppliers + 10 vragen\n\n      function escapeHtml(s){\n        return String(s)\n          .split('&#038;').join('&amp;')\n          .split('<').join('&lt;')\n          .split('>').join('&gt;')\n          .split('\"').join('&quot;')\n          .split(\"'\").join('&#39;');\n      }\n\n      function countAnswered(){\n        var n = 0;\n        if(state.sectorMain){\n          var sm = sectorMainOpts.find(function(o){ return o.value === state.sectorMain; });\n          if(!sm.subs || state.sectorSub) n++;\n        }\n        if(state.size) n++;\n        if(state.suppliers) n++;\n        nis2Questions.forEach(function(q){ if(state.answers[q.id]) n++; });\n        return n;\n      }\n\n      function setProgress(){\n        if(state.phase === 'lead'){\n          stepLabel.textContent = 'Almost done';\n          progressFill.style.width = '95%';\n          return;\n        }\n        if(state.phase === 'result'){\n          stepLabel.textContent = 'Your report';\n          progressFill.style.width = '100%';\n          return;\n        }\n        var n = countAnswered();\n        stepLabel.textContent = n + ' of ' + TOTAL_STEPS + ' answered';\n        progressFill.style.width = Math.round((n \/ TOTAL_STEPS) * 100) + '%';\n      }\n\n      function render(){\n        setProgress();\n        if(state.phase === 'questions') renderQuestions();\n        else if(state.phase === 'lead') renderLead();\n        else if(state.phase === 'result') renderResult();\n      }\n\n      \/\/ Helper: render \u00c3\u00a9\u00c3\u00a9n vraag met opties\n      function questionBlock(num, label, optionsHtml, isAnswered, isLocked){\n        var cls = 'nis2w-q' + (isAnswered ? ' is-answered' : '') + (isLocked ? ' is-locked' : '');\n        return '<div class=\"' + cls + '\" data-qnum=\"' + num + '\">' +\n               '<div class=\"nis2w-q-label\"><span class=\"nis2w-q-num\">' + num + '<\/span><span>' + label + '<\/span><\/div>' +\n               optionsHtml +\n               '<\/div>';\n      }\n\n      function optionsHtml(groupKey, options, currentValue, stack){\n        var stackCls = stack ? ' is-stack' : '';\n        var html = '<div class=\"nis2w-options' + stackCls + '\" data-key=\"' + groupKey + '\">';\n        options.forEach(function(opt){\n          var selected = currentValue === opt.value ? ' is-selected' : '';\n          html += '<button type=\"button\" class=\"nis2w-opt' + selected + '\" data-value=\"' + escapeHtml(opt.value) + '\">' + opt.label + '<\/button>';\n        });\n        html += '<\/div>';\n        return html;\n      }\n\n      function renderQuestions(){\n        var html = '';\n        var num = 1;\n\n        \/\/ Question 1: sector\n        var sectorAnswered = !!state.sectorMain && (function(){\n          var sm = sectorMainOpts.find(function(o){ return o.value === state.sectorMain; });\n          return !sm.subs || state.sectorSub;\n        })();\n        var sectorHtml = optionsHtml('sectorMain', sectorMainOpts, state.sectorMain, false);\n        \/\/ Show sub-choice inline\n        if(state.sectorMain){\n          var sm = sectorMainOpts.find(function(o){ return o.value === state.sectorMain; });\n          if(sm && sm.subs){\n            sectorHtml += '<div class=\"nis2w-sub-block\">';\n            sectorHtml += '<div class=\"nis2w-sub-label\">Which specifically?<\/div>';\n            sectorHtml += optionsHtml('sectorSub', sm.subs, state.sectorSub, true);\n            sectorHtml += '<\/div>';\n          }\n        }\n        html += questionBlock(num, 'What sector is your organization in?', sectorHtml, sectorAnswered, false);\n        num++;\n\n        \/\/ Vraag 2: size \u00e2\u20ac\u201d alleen als sector beantwoord\n        if(sectorAnswered){\n          var sizeHtml = optionsHtml('size', sizeOpts, state.size, false);\n          html += questionBlock(num, 'How many employees does your organization have?', sizeHtml, !!state.size, false);\n        }\n        num++;\n\n        \/\/ Vraag 3: suppliers \u00e2\u20ac\u201d alleen als size beantwoord\n        if(sectorAnswered && state.size){\n          var supHtml = optionsHtml('suppliers', supplierOpts, state.suppliers, false);\n          html += questionBlock(num, 'How many critical suppliers do you have?', supHtml, !!state.suppliers, false);\n        }\n        num++;\n\n        \/\/ 10 NIS-2 vragen \u00e2\u20ac\u201d onthullen \u00c3\u00a9\u00c3\u00a9n voor \u00c3\u00a9\u00c3\u00a9n naarmate vorige beantwoord is\n        if(sectorAnswered && state.size && state.suppliers){\n          for(var i = 0; i < nis2Questions.length; i++){\n            var q = nis2Questions[i];\n            var prevAnswered = i === 0 ? true : !!state.answers[nis2Questions[i-1].id];\n            if(!prevAnswered) break;\n            var qOpts = optionsHtml('answer-' + q.id, answerOpts, state.answers[q.id], false);\n            html += questionBlock(num + i, q.text, qOpts, !!state.answers[q.id], false);\n          }\n        }\n\n        \/\/ Footer: button appears when all 13 are answered\n        var allAnswered = countAnswered() === TOTAL_STEPS;\n        html += '<div class=\"nis2w-actions\">';\n        html += '<span class=\"nis2w-counter\">' + (allAnswered ? 'All filled in &#8212; ready for your report' : 'Take your time answering &#8212; your answers are saved') + '<\/span>';\n        html += '<button type=\"button\" class=\"nis2w-btn nis2w-btn-primary\" id=\"nis2w-next\" ' + (allAnswered ? '' : 'disabled') + '>To my report &rarr;<\/button>';\n        html += '<\/div>';\n\n        contentEl.innerHTML = html;\n        bindQuestionHandlers();\n      }\n\n      function bindQuestionHandlers(){\n        contentEl.querySelectorAll('.nis2w-options').forEach(function(group){\n          var key = group.getAttribute('data-key');\n          group.querySelectorAll('.nis2w-opt').forEach(function(btn){\n            btn.addEventListener('click', function(){\n              var val = btn.getAttribute('data-value');\n              if(key === 'sectorMain'){\n                if(state.sectorMain !== val){\n                  state.sectorMain = val;\n                  state.sectorSub = null;\n                }\n              } else if(key === 'sectorSub'){\n                state.sectorSub = val;\n              } else if(key === 'size'){\n                state.size = val;\n              } else if(key === 'suppliers'){\n                state.suppliers = val;\n              } else if(key.indexOf('answer-') === 0){\n                var qid = key.substring(7);\n                state.answers[qid] = val;\n              }\n              var prevHeight = widget.scrollHeight;\n              renderQuestions();\n              setProgress();\n              \/\/ Scroll to newly visible question (the last one)\n              setTimeout(function(){\n                var last = contentEl.querySelector('.nis2w-q:not(.is-answered)');\n                if(last && widget.scrollHeight > prevHeight){\n                  last.scrollIntoView({ behavior:'smooth', block:'center' });\n                }\n              }, 50);\n            });\n          });\n        });\n        var next = document.getElementById('nis2w-next');\n        if(next) next.addEventListener('click', function(){\n          if(countAnswered() === TOTAL_STEPS){\n            state.phase = 'lead';\n            render();\n            widget.scrollIntoView({ behavior:'smooth', block:'start' });\n          }\n        });\n      }\n\n      function renderLead(){\n        var html = '<h3 style=\"font-size:1.35rem;font-weight:700;color:var(--ink);margin:0 0 0.4rem 0;\">Almost done &#8212; where should we send the report?<\/h3>';\n        html += '<p style=\"font-size:0.95rem;color:var(--muted);line-height:1.55;margin:0 0 1.5rem 0;\">Your report will appear directly on screen. We will also send a copy to your inbox so you can share it with your IT department or board.<\/p>';\n        html += '<div class=\"nis2w-grid2\">';\n        html += '<div class=\"nis2w-field\"><label>Name<\/label><input type=\"text\" class=\"nis2w-input\" id=\"nis2w-name\" value=\"' + escapeHtml(state.lead.name) + '\" autocomplete=\"name\"><\/div>';\n        html += '<div class=\"nis2w-field\"><label>Role<\/label><input type=\"text\" class=\"nis2w-input\" id=\"nis2w-role\" value=\"' + escapeHtml(state.lead.role) + '\" autocomplete=\"organization-title\"><\/div>';\n        html += '<\/div>';\n        html += '<div class=\"nis2w-grid2\">';\n        html += '<div class=\"nis2w-field\"><label>Organization<\/label><input type=\"text\" class=\"nis2w-input\" id=\"nis2w-org\" value=\"' + escapeHtml(state.lead.org) + '\" autocomplete=\"organization\"><\/div>';\n        html += '<div class=\"nis2w-field\"><label>Email address<\/label><input type=\"email\" class=\"nis2w-input\" id=\"nis2w-email\" value=\"' + escapeHtml(state.lead.email) + '\" autocomplete=\"email\"><\/div>';\n        html += '<\/div>';\n        html += '<div class=\"nis2w-field\"><label>Phone number <span style=\"color:var(--muted);font-weight:400;\">(optional)<\/span><\/label><input type=\"tel\" class=\"nis2w-input\" id=\"nis2w-phone\" value=\"' + escapeHtml(state.lead.phone) + '\" autocomplete=\"tel\" placeholder=\"In case you want to speak with someone\"><\/div>';\n        html += '<label class=\"nis2w-checkbox\"><input type=\"checkbox\" id=\"nis2w-consent\"' + (state.lead.consent ? ' checked' : '') + '>';\n        html += '<span>I agree that GRIP may use my details to send the report and contact me once. No newsletter, no resale. See our <a href=\"\/privacy\/\" target=\"_blank\" rel=\"noopener\">privacy policy<\/a>.<\/span><\/label>';\n        html += '<div class=\"nis2w-error\" id=\"nis2w-lead-error\" style=\"display:none\"><\/div>';\n        html += '<div class=\"nis2w-actions\">';\n        html += '<button type=\"button\" class=\"nis2w-btn nis2w-btn-ghost\" id=\"nis2w-back\">&larr; Back<\/button>';\n        html += '<button type=\"button\" class=\"nis2w-btn nis2w-btn-primary\" id=\"nis2w-submit\">View my report &rarr;<\/button>';\n        html += '<\/div>';\n        contentEl.innerHTML = html;\n\n        ['name','role','org','email','phone'].forEach(function(f){\n          document.getElementById('nis2w-' + f).addEventListener('input', function(e){ state.lead[f] = e.target.value; });\n        });\n        document.getElementById('nis2w-consent').addEventListener('change', function(e){ state.lead.consent = e.target.checked; });\n        document.getElementById('nis2w-back').addEventListener('click', function(){ state.phase = 'questions'; render(); });\n        document.getElementById('nis2w-submit').addEventListener('click', submitLead);\n      }\n\n      function submitLead(){\n        var err = document.getElementById('nis2w-lead-error');\n        var submitBtn = document.getElementById('nis2w-submit');\n        var l = state.lead;\n        if(!l.name.trim() || !l.role.trim() || !l.org.trim() || !l.email.trim()){\n          err.textContent = 'Please fill in all fields.'; err.style.display = 'block'; return;\n        }\n        if(!\/^[^@\\s]+@[^@\\s]+\\.[^@\\s]+$\/.test(l.email)){\n          err.textContent = 'Please enter a valid email address.'; err.style.display = 'block'; return;\n        }\n        if(!l.consent){\n          err.textContent = 'Please agree to the privacy policy.'; err.style.display = 'block'; return;\n        }\n        err.style.display = 'none';\n        if(submitBtn){ submitBtn.disabled = true; submitBtn.textContent = 'Please wait...'; }\n        sendScanData(function(){\n          state.phase = 'result';\n          render();\n          widget.scrollIntoView({ behavior:'smooth', block:'start' });\n        });\n      }\n\n      function sendScanData(onDone){\n        var r = computeResult();\n        var payload = {\n          name: state.lead.name,\n          role: state.lead.role,\n          org: state.lead.org,\n          email: state.lead.email,\n          phone: state.lead.phone,\n          consent: state.lead.consent,\n          sector: state.sectorMain,\n          sectorSub: state.sectorSub,\n          size: state.size,\n          suppliers: state.suppliers,\n          score: r.score,\n          verdict: r.verdict,\n          color: r.color,\n          subs: r.subs,\n          answers: state.answers,\n          nextSteps: nextSteps(r.score)\n        };\n        var endpoint = '\/wp-json\/grip\/v1\/nis2-scan';\n        var done = false;\n        function finish(){ if(done) return; done = true; if(typeof onDone === 'function') onDone(); }\n        try {\n          fetch(endpoint, {\n            method: 'POST',\n            headers: { 'Content-Type': 'application\/json' },\n            body: JSON.stringify(payload)\n          }).then(function(){ finish(); }).catch(function(){ finish(); });\n        } catch(e){ finish(); }\n        setTimeout(finish, 4000); \/\/ safeguard: always continue after 4s\n      }\n\n      function computeResult(){\n        var pointMap = { ja:2, deels:1, nee:0 };\n        var raw = 0;\n        nis2Questions.forEach(function(q){ raw += pointMap[state.answers[q.id]] || 0; });\n        var score = Math.round((raw \/ 20) * 100);\n        if(state.sectorMain === 'zorg' && state.sectorSub === 'cure') score = Math.min(100, Math.floor(score * 1.1));\n\n        function subScore(cat, count){\n          var sum = 0;\n          nis2Questions.forEach(function(q){ if(q.cat === cat) sum += pointMap[state.answers[q.id]] || 0; });\n          return Math.round((sum \/ (count * 2)) * 100);\n        }\n        var subs = {\n          supply: subScore('supply', 3),\n          gov: subScore('gov', 3),\n          audit: subScore('audit', 4)\n        };\n\n        var verdict, verdictSub, color;\n        if(score < 40){\n          verdict = 'There is work to be done';\n          verdictSub = 'You are at the start of your NIS-2 journey. Good that you are doing this scan &#8212; now you know where to begin. The biggest gain lies in documenting contracts and suppliers.';\n          color = '#EF4444';\n        } else if(score < 70){\n          verdict = 'You are on your way, but not yet inspection-ready';\n          verdictSub = 'The foundation is partly in place &#8212; you have already taken steps, but evidence and process are still missing for the regulator. With targeted improvements you will be ready before Q2 2026.';\n          color = '#F59E0B';\n        } else {\n          verdict = 'Well done &#8212; you are in a strong position';\n          verdictSub = 'You have the basics in order. The remaining questions are mainly refinement: strengthening evidence, sharpening processes, and making sure every gap is closed before Q2 2026.';\n          color = '#10B981';\n        }\n        return { score:score, raw:raw, subs:subs, verdict:verdict, verdictSub:verdictSub, color:color };\n      }\n\n      function riskSentence(q){\n        var sentences = {\n          q1: 'Without a supplier overview you cannot assess chain risk &#8212; art. 21 requires this explicitly.',\n          q2: 'Without security clauses you have no legal basis if a supplier causes an incident.',\n          q3: 'Documenting once is not enough &#8212; NIS-2 requires periodic verification.',\n          q4: 'Without an audit trail the regulator cannot see during an inspection who changed what and when.',\n          q5: 'An undocumented incident process virtually guarantees missing the 24-hour deadline.',\n          q6: 'NIS-2 makes the board personally liable &#8212; demonstrable involvement is mandatory.',\n          q7: 'Without a risk register, risk management per supplier cannot be demonstrated.',\n          q8: 'Uncontrolled contract changes undermine your entire compliance file.',\n          q9: 'Scattered files make delivering evidence within a week virtually impossible.',\n          q10: 'One week of evidence is the practical test of NIS-2 &#8212; if that fails, you face inspection risk.'\n        };\n        return sentences[q.id] || '';\n      }\n\n      function nextSteps(score){\n        if(score < 40){\n          return [\n            'Start with a central supplier register &#8212; even a simple list is a first step.',\n            'Determine which suppliers are critical and which security clauses you want to include.',\n            'Schedule a meeting with your IT department and board to assign responsibility and budget.'\n          ];\n        } else if(score < 70){\n          return [\n            'Fill in the gaps that come from your report &#8212; especially the \"no\" answers need attention.',\n            'Update your risk register with classification and review data per supplier.',\n            'Test your incident reporting process with a tabletop exercise for the 24\/72-hour timeline.'\n          ];\n        }\n        return [\n          'Refine the \"partly\" answers &#8212; take the final steps to score a full \"yes\".',\n          'Set up a NIS-2 evidence file export and test whether you can deliver it within a week.',\n          'Keep your risk register and audit trail actively updated so you stay inspection-ready.'\n        ];\n      }\n\n      function renderResult(){\n        var r = computeResult();\n        var circumference = 2 * Math.PI * 70;\n        var offset = circumference - (r.score \/ 100) * circumference;\n\n        var html = '<div class=\"nis2w-result-hero\">';\n        html += '<div class=\"nis2w-ring\">';\n        html += '<svg width=\"160\" height=\"160\" viewBox=\"0 0 160 160\">';\n        html += '<circle class=\"nis2w-ring-bg\" cx=\"80\" cy=\"80\" r=\"70\"><\/circle>';\n        html += '<circle class=\"nis2w-ring-fg\" cx=\"80\" cy=\"80\" r=\"70\" style=\"stroke:' + r.color + ';stroke-dasharray:' + circumference + ';stroke-dashoffset:' + offset + '\"><\/circle>';\n        html += '<\/svg>';\n        html += '<div class=\"nis2w-ring-text\"><div class=\"nis2w-ring-num\">' + r.score + '<\/div><div class=\"nis2w-ring-of\">out of 100<\/div><\/div>';\n        html += '<\/div>';\n        html += '<div class=\"nis2w-verdict\" style=\"color:' + r.color + '\">' + r.verdict + '<\/div>';\n        html += '<div class=\"nis2w-verdict-sub\">' + r.verdictSub + '<\/div>';\n        html += '<\/div>';\n\n        html += '<div class=\"nis2w-subscores\">';\n        html += '<div class=\"nis2w-sub-card\"><div class=\"nis2w-sub-name\">Supply chain<\/div><div class=\"nis2w-sub-val\">' + r.subs.supply + '<\/div><\/div>';\n        html += '<div class=\"nis2w-sub-card\"><div class=\"nis2w-sub-name\">Governance<\/div><div class=\"nis2w-sub-val\">' + r.subs.gov + '<\/div><\/div>';\n        html += '<div class=\"nis2w-sub-card\"><div class=\"nis2w-sub-name\">Auditability<\/div><div class=\"nis2w-sub-val\">' + r.subs.audit + '<\/div><\/div>';\n        html += '<\/div>';\n\n        var issues = nis2Questions.filter(function(q){\n          var a = state.answers[q.id];\n          return a === 'nee' || a === 'deels';\n        });\n        if(issues.length){\n          html += '<div class=\"nis2w-section-title\">Where attention is needed<\/div>';\n          issues.forEach(function(q){\n            var a = state.answers[q.id];\n            var cls = a === 'nee' ? ' is-no' : '';\n            html += '<div class=\"nis2w-issue' + cls + '\">';\n            html += '<div class=\"nis2w-issue-body\">' + riskSentence(q);\n            html += '<span class=\"nis2w-issue-feature\">GRIP feature: ' + q.feature + '<\/span>';\n            html += '<\/div><\/div>';\n          });\n        }\n\n        html += '<div class=\"nis2w-section-title\">Three concrete next steps<\/div>';\n        html += '<ol class=\"nis2w-steps\">';\n        nextSteps(r.score).forEach(function(s){ html += '<li>' + s + '<\/li>'; });\n        html += '<\/ol>';\n\n        html += '<div class=\"nis2w-result-actions\">';\n        html += '<a href=\"\/demo\/\" class=\"nis2w-btn nis2w-btn-primary\">Book a demo<\/a>';\n        html += '<button type=\"button\" class=\"nis2w-btn nis2w-btn-ghost\" id=\"nis2w-restart\">Start over<\/button>';\n        html += '<\/div>';\n        html += '<p class=\"nis2w-disclaimer\">This scan is an indicative self-assessment based on your own answers and does not replace a formal NIS-2 audit or legal advice.<\/p>';\n        contentEl.innerHTML = html;\n\n        document.getElementById('nis2w-restart').addEventListener('click', function(){\n          state = { phase:'questions', sectorMain:null, sectorSub:null, size:null, suppliers:null, answers:{}, lead:{ name:'', role:'', org:'', email:'', phone:'', consent:false } };\n          render();\n        });\n      }\n\n      render();\n    })();\n    <\/script>\n  <\/div>\n<\/section>\n\n\n\n\n\n<section class=\"feature-section\">\n  <div class=\"feature-container\">\n    <h2 class=\"feature-heading\">How GRIP helps you become NIS-2 compliant<\/h2>\n    <p class=\"nis2-intro\">\n      You do not have to do it alone, and you do not need to be ready today. GRIP gives you the contractual foundation &#8212; and we walk alongside you, from supplier register to regulator report.\n    <\/p>\n\n    <div class=\"nis2-pijlers\">\n      <div class=\"nis2-pc\">\n        <div class=\"nis2-pc-num\">01<\/div>\n        <div class=\"nis2-pc-title\">Supplier and contract register<\/div>\n        <div class=\"nis2-pc-desc\">All suppliers and contracts centrally, with an owner per relationship. Always current, immediately searchable for the regulator.<\/div>\n        <span class=\"nis2-pc-tag\">NIS-2 art. 21(2)(d)<\/span>\n      <\/div>\n      <div class=\"nis2-pc\">\n        <div class=\"nis2-pc-num\">02<\/div>\n        <div class=\"nis2-pc-title\">Risk register per supplier<\/div>\n        <div class=\"nis2-pc-desc\">Risk classification low \/ medium \/ high \/ critical per supplier, with mitigating measures and review date.<\/div>\n        <span class=\"nis2-pc-tag\">NIS-2 risk management<\/span>\n      <\/div>\n      <div class=\"nis2-pc\">\n        <div class=\"nis2-pc-num\">03<\/div>\n        <div class=\"nis2-pc-title\">Security clauses in contracts<\/div>\n        <div class=\"nis2-pc-desc\">Document which security requirements apply per contract: reporting obligations, audit rights, data retention, and minimum security policies.<\/div>\n        <span class=\"nis2-pc-tag\">NIS-2 art. 21(2)(d)<\/span>\n      <\/div>\n      <div class=\"nis2-pc\">\n        <div class=\"nis2-pc-num\">04<\/div>\n        <div class=\"nis2-pc-title\">Incident management 24h\/72h<\/div>\n        <div class=\"nis2-pc-desc\">You record incidents with the full NIS-2 reporting timeline: 24-hour early warning, 72-hour update, 1-month final report. GRIP reminds you of the deadlines.<\/div>\n        <span class=\"nis2-pc-tag\">NIS-2 art. 23<\/span>\n      <\/div>\n      <div class=\"nis2-pc\">\n        <div class=\"nis2-pc-num\">05<\/div>\n        <div class=\"nis2-pc-title\">Audit trail and evidence<\/div>\n        <div class=\"nis2-pc-desc\">Every contract change is traceable with dual approval and event log. Attachments are version-bound in the document vault.<\/div>\n        <span class=\"nis2-pc-tag\">Accountability<\/span>\n      <\/div>\n      <div class=\"nis2-pc\">\n        <div class=\"nis2-pc-num\">06<\/div>\n        <div class=\"nis2-pc-title\">Regulator report<\/div>\n        <div class=\"nis2-pc-desc\">With one click a complete compliance report per contract or supplier &#8212; classification, changes, incidents, and clauses. Ready for IGJ or NCSC.<\/div>\n        <span class=\"nis2-pc-tag\">Evidence<\/span>\n      <\/div>\n    <\/div>\n\n    <div class=\"nis2-pijlers-img\">\n      <img decoding=\"async\" src=\"\/wp-content\/uploads\/2026\/01\/contract-details-1.png\" alt=\"Contract details in GRIP &#8212; security clauses and risk management\">\n    <\/div>\n\n    <div class=\"nis2-diff\">\n      <div class=\"nis2-diff-icon\">&#9733;<\/div>\n      <div>\n        <div class=\"nis2-diff-title\">GRIP leads the way in compliance<\/div>\n        <div class=\"nis2-diff-text\">ISO 27001:2022 certified, our own pen-test cycle, and internal controls that cover NIS-2 obligations one-to-one. We know from our own experience what compliance requires &#8212; that is why GRIP is built to help you with it.<\/div>\n        <div class=\"nis2-diff-badges\">\n          <span class=\"nis2-diff-badge\">ISO 27001:2022<\/span>\n          <span class=\"nis2-diff-badge\">Own ISMS<\/span>\n          <span class=\"nis2-diff-badge\">Annual pen-test<\/span>\n          <span class=\"nis2-diff-badge\">Data within Europe<\/span>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n<\/section>\n\n<section style=\"padding:3rem 1.5rem;background:#F8FAFC;font-family:'Poppins',sans-serif;\">\n  <div style=\"max-width:1120px;margin:0 auto;\">\n    <p style=\"font-size:0.75rem;font-weight:700;text-transform:uppercase;letter-spacing:0.1em;color:#006BFF;margin-bottom:0.6rem;\">Further reading<\/p>\n    <h2 style=\"font-size:1.5rem;font-weight:700;color:#0F172A;margin-bottom:1.5rem;\">Read more about NIS-2 and contract management<\/h2>\n    <div class=\"grip-nis2-cards-grid\" style=\"display:grid;grid-template-columns:repeat(3,1fr);gap:1.25rem;\">\n      <a href=\"https:\/\/www.grip-facility.com\/nis2-contractmanagement-leveranciers\/\" style=\"display:block;background:#fff;border:1px solid #E2E8F0;border-top:3px solid #006BFF;border-radius:12px;padding:1.5rem;text-decoration:none;\">\n        <p style=\"font-size:0.72rem;font-weight:600;text-transform:uppercase;letter-spacing:0.08em;color:#006BFF;margin:0 0 0.5rem;\">Pillar<\/p>\n        <p style=\"font-size:1rem;font-weight:700;color:#0F172A;margin:0 0 0.5rem;line-height:1.35;\">NIS-2 and contract management: control over your supplier risks<\/p>\n        <p style=\"font-size:0.875rem;color:#64748B;margin:0;line-height:1.55;\">Which suppliers are covered, what belongs in each contract, and how to demonstrate compliance.<\/p>\n      <\/a>\n      <a href=\"https:\/\/www.grip-facility.com\/contractmanagement-niet-mogelijk-in-erp-systeem\/\" style=\"display:block;background:#fff;border:1px solid #E2E8F0;border-top:3px solid #0F172A;border-radius:12px;padding:1.5rem;text-decoration:none;\">\n        <p style=\"font-size:0.72rem;font-weight:600;text-transform:uppercase;letter-spacing:0.08em;color:#64748B;margin:0 0 0.5rem;\">Article<\/p>\n        <p style=\"font-size:1rem;font-weight:700;color:#0F172A;margin:0 0 0.5rem;line-height:1.35;\">Why contract management does not work in your ERP system<\/p>\n        <p style=\"font-size:0.875rem;color:#64748B;margin:0;line-height:1.55;\">ERP registers contracts. Active management and NIS-2 evidence requires more.<\/p>\n      <\/a>\n      <a href=\"https:\/\/www.grip-facility.com\/8-functies-contractmanagement-software\/\" style=\"display:block;background:#fff;border:1px solid #E2E8F0;border-top:3px solid #FF4B2A;border-radius:12px;padding:1.5rem;text-decoration:none;\">\n        <p style=\"font-size:0.72rem;font-weight:600;text-transform:uppercase;letter-spacing:0.08em;color:#64748B;margin:0 0 0.5rem;\">Article<\/p>\n        <p style=\"font-size:1rem;font-weight:700;color:#0F172A;margin:0 0 0.5rem;line-height:1.35;\">The 8 functions of contract management software<\/p>\n        <p style=\"font-size:0.875rem;color:#64748B;margin:0;line-height:1.55;\">From supplier register to audit trail: what good software does for NIS-2.<\/p>\n      <\/a>\n    <\/div>\n  <\/div>\n  <style>@media(max-width:700px){.grip-nis2-cards-grid{grid-template-columns:1fr !important}}<\/style>\n<\/section>\n\n\n\n\n\n<section class=\"grip-faq-section\">\n  <div class=\"grip-faq-container\">\n    <h2 class=\"grip-faq-title\">\n      <span class=\"grip-faq-highlight\">Frequently asked questions<\/span> about NIS-2 and GRIP\n    <\/h2>\n\n    <div class=\"grip-faq-list\">\n      <div class=\"grip-faq-item\">\n        <button class=\"grip-faq-question\" aria-expanded=\"false\">\n          <span>Does my organization fall under NIS-2?<\/span>\n          <span class=\"grip-faq-icon\">+<\/span>\n        <\/button>\n        <div class=\"grip-faq-answer\" hidden>\n          <p>Healthcare (cure &amp; care), higher education, vocational education, municipalities, provinces, and critical infrastructure (energy, water, transport) are almost all covered by the Cybersecurity Act. Organizations with 50+ employees or more than &#8364;10M turnover are obligated entities. With 250+ employees or more than &#8364;50M turnover you are an &#8220;essential entity&#8221; and stricter supervision applies. Unsure? Take the scan &#8212; it gives you clarity in 2 minutes.<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"grip-faq-item\">\n        <button class=\"grip-faq-question\" aria-expanded=\"false\">\n          <span>When does the Cybersecurity Act take effect?<\/span>\n          <span class=\"grip-faq-icon\">+<\/span>\n        <\/button>\n        <div class=\"grip-faq-answer\" hidden>\n          <p>The expectation is Q2 2026. There is no transition period, so it pays to start now without rush. Organizations that bring their contracts and suppliers in order step by step will not face a last-minute scramble.<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"grip-faq-item\">\n        <button class=\"grip-faq-question\" aria-expanded=\"false\">\n          <span>Which NIS-2 areas does GRIP cover and not cover?<\/span>\n          <span class=\"grip-faq-icon\">+<\/span>\n        <\/button>\n        <div class=\"grip-faq-answer\" hidden>\n          <p>GRIP covers the contractual foundation of NIS-2: supplier register, risk register, security clauses, audit trail, incident registration, and regulator reporting. GRIP does not cover SIEM\/logging tooling, MFA implementation, or security awareness training &#8212; for those you work with your IT partners. GRIP and your IT security partner complement each other.<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"grip-faq-item\">\n        <button class=\"grip-faq-question\" aria-expanded=\"false\">\n          <span>What is the difference between NIS-2 and DORA?<\/span>\n          <span class=\"grip-faq-icon\">+<\/span>\n        <\/button>\n        <div class=\"grip-faq-answer\" hidden>\n          <p>NIS-2 applies broadly to critical sectors (healthcare, education, energy, etc.). DORA focuses specifically on the financial sector (banks, insurers, fintech). There is overlap in supply chain security requirements, but DORA imposes additional requirements on ICT risk management in finance.<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"grip-faq-item\">\n        <button class=\"grip-faq-question\" aria-expanded=\"false\">\n          <span>Is GRIP itself NIS-2 compliant?<\/span>\n          <span class=\"grip-faq-icon\">+<\/span>\n        <\/button>\n        <div class=\"grip-faq-answer\" hidden>\n          <p>Yes. GRIP is ISO 27001:2022 certified. Our internal controls for ICT supply chain management (A.5.21) and legal and contractual requirements (A.5.31) map one-to-one onto NIS-2 article 21. We conduct an annual external pen-test and store all data within Europe.<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"grip-faq-item\">\n        <button class=\"grip-faq-question\" aria-expanded=\"false\">\n          <span>How quickly can you become compliant with GRIP?<\/span>\n          <span class=\"grip-faq-icon\">+<\/span>\n        <\/button>\n        <div class=\"grip-faq-answer\" hidden>\n          <p>GRIP onboarding takes an average of 4 to 6 weeks. In the first week you already have the basic registration in order: suppliers, contracts, and responsible owners. After that you build the rest of the NIS-2 foundation step by step &#8212; risk register, security clauses, and incident process. This is very achievable before Q2 2026 if you start now.<\/p>\n        <\/div>\n      <\/div>\n\n      <div class=\"grip-faq-item\">\n        <button class=\"grip-faq-question\" aria-expanded=\"false\">\n          <span>Can we export a NIS-2 evidence file for the inspection?<\/span>\n          <span class=\"grip-faq-icon\">+<\/span>\n        <\/button>\n        <div class=\"grip-faq-answer\" hidden>\n          <p>Yes. GRIP generates with one click a complete report per contract or supplier: risk classification, all contract changes with approval history, security clauses, registered incidents, and linked documents. Ready to present to IGJ or NCSC.<\/p>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n<\/section>\n\n\n\n\n\n<section class=\"platform-cta\">\n  <div class=\"platform-cta__inner\">\n    <h2 class=\"platform-cta__title\">Start at your own pace &#8212; we will help you along<\/h2>\n    <p class=\"platform-cta__subtitle\">Book a no-obligation demo and we will show you how GRIP fits where you are now. Or take the free scan first, so you know where you stand.<\/p>\n    <div class=\"platform-cta__actions\">\n      <a href=\"\/demo\/\" class=\"platform-cta__btn platform-cta__btn--primary\">Book a demo<\/a>\n      <a href=\"#nis2-scan\" class=\"platform-cta__btn platform-cta__btn--secondary\">Take the NIS-2 scan<\/a>\n    <\/div>\n  <\/div>\n<\/section>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n","protected":false},"excerpt":{"rendered":"<p>NIS-2 Compliance Cybersecurity Act &#8212; taking effect in Q2 2026 Make your contracts and suppliers NIS-2 compliant The Cybersecurity Act is coming. GRIP helps healthcare, education, and public sector organizations make their contracts and suppliers NIS-2 compliant, step by step &#8212; at your own pace. Take the NIS-2 scan Book a demo Healthcare Education Public [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":17086,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-18789","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/pages\/18789","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/comments?post=18789"}],"version-history":[{"count":0,"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/pages\/18789\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/pages\/17086"}],"wp:attachment":[{"href":"https:\/\/www.grip-facility.com\/en\/wp-json\/wp\/v2\/media?parent=18789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}