Frequently Asked Questions

FIND ANSWERS TO FREQUENTLY ASKED QUESTIONS

We have prepared a series of frequently asked questions about NIS2, cybersecurity, digital transformation, and energy optimization.

Who must comply with NIS2 and register with the authorities?

It applies to organizations in the targeted sectors (essential/critical services) and those with a relevant role in the ecosystem.
In practice, supply chain providers may also receive contractual security requirements.

If I did not register on time, can I still achieve compliance?

Yes. The obligation remains valid, and late registration is better than non-registration.
Recommended: phased action plan + evidence of implementation.

Does NIS2 apply even if I am not "in a critical sector"?

Yes, in certain situations. Even if you are not directly an essential or important entity, you may fall within the scope of requirements through your role in the supply chain, through contracts, or through requirements imposed by partners and clients.

What, in practice, do the authorities check during an inspection?

In general, the existence of the risk management framework, security policies and procedures, technical measures in place, operational continuity, test records and incident reporting shall be monitored.

What is the difference between essential and important entities?

The main difference lies in the supervisory regime and the potential impact on services or infrastructures. In both cases, however, the basic security and governance obligations remain serious.

How do I know if I am "essential" or "important"?

Framing is by sector, size and type of service, as per the NIS2 framework.
BDHS does initial assessment and gap analysis for rapid clarification.

How soon can you do an initial NIS2 assessment?

The BDHS can deliver the initial assessment quickly, followed by confirmation of the fit and prioritization.
Then build the realistic implementation roadmap

What documents are usually required for compliance?

Set of policies and procedures (more than 10 common categories), tailored to your organization.
Plus clauses for suppliers and file for registration/checks.

What is the risk if we have "just documents" but have not tested anything?

Big risk. Policies without evidence of implementation and without real testing (backup, disaster recovery, incident drills, technical checks) are among the most common weaknesses in audits and controls.

What is "24h" incident reporting?

It means the submission of an initial notification promptly after the identification of the significant incident, followed by updates and the final report in accordance with applicable procedures.

If I have implemented only part of the technical measures, am I considered compliant?

Not complete. Compliance is not just tick-box technical solutions, but a coherent set of governance, measures, processes, testing, monitoring and evidence that they work in practice.

We have critical suppliers. Do they need to be evaluated?

Yes. NIS2 also emphasizes supply chain risks. This means supplier assessment, appropriate contractual clauses, minimum security requirements and a clear understanding of operational dependencies.

Why would a company use an external consultant or vCISO?

For clarity, speed and practical experience. An external partner can speed up the analysis, documentation, implementation of measures, liaison with authorities and prioritization of investments, without unnecessarily burdening the internal team.

What does digital transformation actually mean for a company?

It means more than new software. It means replacing manual processes with automated digital workflows, integrating systems with secure access from anywhere, and making decisions based on real-time data.

What should we start with: software, process or strategy?

Usually with analysis of business processes and objectives. Technology has real impact when deployed over a clear flow, not undefined problems.

What is a DMS and when is it worth implementing?

A DMS (Document Management System) is a solution for centralized management of documents, versions, approvals, and internal workflows. It becomes essential when documents are numerous, circulate between departments, and need to be controlled, tracked, and archived efficiently. It eliminates time wasted searching, reduces errors, and ensures GDPR + NIS2 compliance.

Which processes are easiest to automate in the beginning?

Usually repetitive and predictable processes: internal approvals, document circuit, notifications, data extraction and validation, report generation, ticketing, etc.

Do we need to give up old systems to digitize?

Not necessarily. In many projects, a realistic approach is incremental modernization: keep what works, integrate where you can, and replace only the areas that block efficiency or scalability.

Do you use AI in automation and operational efficiency?

Yes, when it adds value: efficiency, process optimization, and reduced working time.
AI is implemented in a controlled manner, on clear workflows and quality data. [arhitectavid.ro]

How do we ensure that digitization does not create new security risks?

By getting it right from the start: secure architecture, access control, audit trail, backup, testing, secure integration, and ideally DevSecOps principles applied from the design phase.

How can a company realistically reduce its energy costs?

By measurement and analysis before investment. Typically, optimization starts with identifying major consumers, wastage, inefficient operating schedules and opportunities for automation or in-house production.

When does an investment in photovoltaics make sense?

It makes sense when the consumption profile, available space, payback horizon and company goals support the project. A proper analysis must take into account both consumption and technical integration into the existing infrastructure.

What is energy monitoring and why is it important?

It means collecting and interpreting data about consumption, load, variation and performance so that decisions are made on real data, not estimates. Without visibility, optimization remains incomplete.

What role for digitization in the energy sector?

It enables data collection and analysis, automating consumption and efficiency-based decision-making.

What services does BDHS offer in the energy area, in concrete terms?

Design, implementation and maintenance for electrical installations, protection and automation.
Includes SCADA/BMS infrastructures and intelligent consumption control solutions.

Do you offer photovoltaic and energy management solutions?

Yes. We implement and maintain photovoltaic panels together with energy management systems.

Didn't find your question in the list?

Some situations are specific to each organization. Send us your question and we will get back to you with an answer as soon as possible.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Frequently Asked Questions

Home

Questions

FIND ANSWERS TO FREQUENTLY ASKED QUESTIONS

Didn't find your question in the list?