Templates
Field-tested templates for BAUER GROUP NIS2 compliance. All templates are starting points and should be adapted to the specific use case.
| Template | Purpose | NIS2 Reference |
|---|---|---|
| Risk Register | Recording and assessing all information security risks | §30(2) No. 1 |
| §32 Incident Report | Structured template for early warning, 72h update and final report | §30(2) No. 2 + §32 |
| Disaster Recovery Test Protocol | Documentation of regular DR tests | §30(2) No. 3 |
| Vendor Assessment | Security assessment of service providers and suppliers | §30(2) No. 4 |
| Cyber Hygiene Training Record | Attendance record for mandatory training | §30(2) No. 7 |
| Management Approval | Formal §38 approval of risk management measures | §38 BSIG |
| Lessons Learned Protocol | Post-incident review | §30(2) No. 6 |
Usage Notes
- Audit readiness: All completed templates are stored centrally (document management system) and produced on request during BSI audits.
- Retention period: At least 3 years; for §32 reports at least 5 years.
- Language: Templates are completed in the working language of the respective site; a German translation is attached if needed.
- Updates: Templates are reviewed at least annually or whenever the underlying measure changes.