Training NIS2 for Embedded: NIS2 for Embedded

ac6-formation, un département d'Ac6 SAS
 
Site displayed in English (USA)
Site affiché en English (USA)View the site in French
go-up

leftthintrapezium-20-008080 ac6 > ac6-formation > Programming > Safety and security > NIS2 for Embedded Inquire Download as PDF Call us Write us
SEC11NIS2 for Embedded
Objectives
  • Understand NIS2 scope, roles, and obligations for essential/important entities.
  • Translate Article 21 risk-management measures into an embedded/OT context.
  • Apply incident reporting timelines (24h/72h/1-month) with ready-to-use templates.
  • Build a 30/60/90-day compliance roadmap and evidence checklist.
  • Theoretical course
    • PDF course material (in English) supplemented by a printed version for face-to-face courses.
    • Online courses are dispensed using the Teams video-conferencing system.
    • The trainer answers trainees' questions during the training and provide technical and pedagogical assistance.
  • At the start of each session the trainer will interact with the trainees to ensure the course fits their expectations and correct if needed
  • Any embedded systems engineer or technician with the above prerequisites.
  • The prerequisites indicated above are assessed before the training by the technical supervision of the traineein his company, or by the trainee himself in the exceptional case of an individual trainee.
  • Trainee progress is assessed by quizzes offered at the end of various sections to verify that the trainees have assimilated the points presented
  • At the end of the training, each trainee receives a certificate attesting that they have successfully completed the course.
    • In the event of a problem, discovered during the course, due to a lack of prerequisites by the trainee a different or additional training is offered to them, generally to reinforce their prerequisites,in agreement with their company manager if applicable.

Course Outline

  • NIS2 at a glance
  • Sectors in scope & “size-cap” rule
  • Essential vs Important Entities (EEs vs IEs)
  • Roles, authorities, penalties
  • Management accountability
  • Security policy & risk ownership
  • Roles/RACI and coordination with product/OT teams
  • Business continuity & incident handling
  • Identity & Access and logging
  • Vulnerability management & secure development
  • OT/embedded specifics (segmentation, safety interplay)
  • From requirements to release (Dev → Test → Release → Update)
  • Secure updates & support periods (firmware/RTOS/toolchains)
  • Vulnerability intake, triage, remediation, and user communication
  • Evidence-by-design: what to capture during builds
  • Triggers & thresholds (significant incidents)
  • Timelines: 24h / 72h / 1-month reports
  • Internal playbook, contacts, escalation
  • Supplier due diligence & contractual expectations
  • Updates, disclosure programs, and support commitments
  • Evidence from vendors (SBOM/VEX, security posture)
  • Registers: risks, incidents, assets, suppliers, training
  • KPIs & dashboards for management
  • Preparing for audits/inspections
  • Quick wins
  • Priority controls & contracts
  • Exercises, metrics, internal audit
  • Key takeaways
  • Next steps & optional deep-dives (OT, IoT, CRA alignment)
Duration
1 day
Inquiry

This course can be scheduled upon request. Click the 'Inquire' button to contact us.

More

To book a training session or for more information, please contact us on info@ac6-training.com.

Registrations are accepted till one week before the start date for scheduled classes. For late registrations, please consult us.

You can also fill and send us the registration form

This course can be provided either remotely, in our Paris training center or worldwide on your premises.

Scheduled classes are confirmed as soon as there is two confirmed bookings. Bookings are accepted until 1 week before the course start.

Last update of course schedule: 16 October 2025

Booking one of our trainings is subject to our General Terms of Sales