Combine a public domain scan with a short questionnaire to get a clear picture of where you stand — without installing anything, signing contracts, or running a full audit.
The NIS2 Selfcheck follows a simple, transparent path. Each step builds on the previous one and gives you something useful in return.
Enter your domain and complete a short 12-question survey. The public scan runs in parallel — no installation, no internal access required.
A free report delivered by email with your overall NIS2 score, top three technical findings and top three organizational attention points.
Optionally request a paid detailed report, a remediation package or ongoing monitoring. Re-scan anytime to prove measurable improvement.
The public domain scan reviews eight categories of visible technical risk and combines those results with your questionnaire answers for full context.
SPF, DKIM, DMARC and MX configuration to prevent spoofing and invoice fraud.
SPF · DKIM · DMARCCertificate validity, expiry windows and protocol strength for trusted connections.
TLS 1.2+ · HSTSCSP, X-Frame-Options, Referrer-Policy and other browser protection headers.
CSP · XFO · HSTSDNS records, redirects, deprecated services and other configuration cleanliness.
DNS · MX · CNAMECookie banners, tracking scripts and privacy policy visibility on your domain.
GDPR signalsOpen ports, exposed services, subdomains and forgotten test environments.
Ports · SubdomainsCMS, server software and framework versions visible to outside observers.
CMS · Server · JSPublicly accessible login portals, admin panels and management interfaces.
/wp-admin · /loginWalk through a sample scan and questionnaire — no email required, no data stored. The full flow takes under a minute.
We only scan publicly visible information. Nothing intrusive, no login attempts, no exploits.
A few quick questions to interpret your scan results in context. The full questionnaire has 12 questions — we'll show you three here.
Checking publicly visible information across all eight categories…
For acme-logistics.eu — sector: Logistics · scanned just now
Moderate — review needed
Get the detailed report with all findings, evidence, business impact and a step-by-step remediation plan.
Six packages cover the full journey — from first scan to ongoing monitoring. Choose what fits and combine packages as needed.
Domain scan + 12-question survey + basic report by email. The starting point.
Full evidence, branch-specific interpretation and a step-by-step remediation plan.
We fix the most urgent technical issues found in the scan. Fast, measurable improvement.
Hands-on remediation across email, web, admin and attack surface — from diagnosis to validation.
A 90-minute expert session walking through your results and a roadmap for improvement.
Recurring scans, change alerts and periodic questionnaire refreshes. Stay ahead, not behind.
Plain-language explanations, branch-specific context and concrete next steps — designed so leadership, IT and external suppliers can act on it together.
What separates the Selfcheck from a generic security scanner.
Public technical evidence is combined with organizational context from the questionnaire. The same finding can be low or critical depending on your sector and dependencies — and we treat it that way.
Every finding is explained in plain language, with its business impact and NIS2 relevance. No jargon walls. Reports are designed for both IT teams and non-technical decision-makers.
The Selfcheck doesn't stop at identifying risks. Remediation packages, advisory sessions and re-scans turn diagnosis into measurable improvement — at your pace.
The Selfcheck does not certify NIS2 compliance, replace a legal audit or run penetration tests. We say so up front — and explain exactly what the service does and doesn't cover.
Built for European organizations from day one. No data leaves the EU, all processing is GDPR-aligned and the questionnaire is sector-aware for European business realities.
Every improvement can be re-scanned and proven with a before-and-after report — useful for management updates, supplier discussions and internal documentation.
Findings are weighed and prioritized against the realities of your branch — because a CMS version exposure is not the same risk for a hospital and a print shop.
If something isn't here, just ask. We'd rather over-explain than overpromise.
Free scan. No commitment. Results in minutes. The first step is always the easiest.