NIS2, DORA, SEC cyber disclosure, ISO 27001, and NIST CSF — all in one platform. Cyber risk registers, policy management, incident workflows, vendor reviews, and board-level reporting.
ThemisIQ's incident response workflow triggers the right notification at the right time — so you never miss a regulatory deadline under pressure.
| Framework | Jurisdiction | Applies to | Status | ThemisIQ coverage |
|---|---|---|---|---|
| EU NIS2 Directive | European Union | Essential + important entities · 18 sectors | Active Oct 2024 | ✓ Full — gap assessment + incident workflow |
| EU DORA | EU financial services | Banks, insurers, investment firms, crypto | Active Jan 2025 | ✓ Full — ICT risk + CTPP register + testing |
| SEC Cybersecurity Rules | USA · public companies | NYSE / Nasdaq listed companies | Active Dec 2023 | ✓ Full — 8-K + 10-K disclosure workflow |
| ISO 27001:2022 | Global | Any organisation seeking ISMS certification | Voluntary / customer-required | ✓ Full — Annex A control mapping |
| NIST CSF 2.0 | USA (global adoption) | US federal + voluntary for all sectors | Active 2024 | ✓ Full — Govern, Identify, Protect, Detect, Respond, Recover |
| NIST 800-53 Rev.5 | USA federal | Federal agencies + contractors | Mandatory for federal | ✓ Partial — control mapping |
| SOC 2 Type II | USA (industry standard) | SaaS and technology companies | Customer-required | ✓ Partial — TSC alignment |
| UK Cyber Essentials | United Kingdom | UK government suppliers + voluntary | Active | ✓ Partial — basic controls mapping |
ThemisIQ's cyber governance gap assessment identifies where you stand against NIS2, DORA, and SEC cyber rules — and tells you exactly what to fix first.