Cybersecurity is no longer optional
NIS2, ENS and ISO 27001 are now mandatory for thousands of Catalan SMEs. If your company has more than 50 employees, turns over more than €10 M, or supplies an essential entity, compliance is required — the EU has set the obligations and Spain is completing the transposition.
At Funhelps we guide you from the initial audit through to ongoing compliance year after year. No unnecessary paperwork and a single point of contact.
What we do for you
- Gap analysis and compliance roadmap against NIS2, ENS or ISO 27001 — we know exactly where you stand and where you need to get to.
- Implementation of the technical and organisational measures required by regulation.
- Complete documentation for audits and inspections — from the security policy to the incident register.
- Virtual CISO from €600/month — your external security director, without a full-time hire.
- Incident response plan with 24-hour notification (mandatory under NIS2).
- Board-level training — mandatory under NIS2 and recommended under ENS and ISO 27001.
Does NIS2 apply to me?
NIS2 affects companies with 50+ employees or more than €10 M turnover across 18 sectors — energy, health, ICT, logistics, food, and many others. But there is a third route many SMEs overlook: if you supply an essential entity, NIS2 most likely applies to you too.
NIS2 provides for fines of up to €10 million or 2% of global turnover, with personal liability for directors. The EU has set the obligations and Spain is finalising the transposition framework: affected companies should prepare now to avoid last-minute scrambles and ensure they have documentary evidence.
Our model: three levels of control over your data
When we implement cybersecurity measures, you decide where your data lives:
Level 1 — Your environment: the solution is installed on your servers. We only access it when you call us. Recommended for healthcare, legal or financial data.
Level 2 — Hybrid: sensitive data is processed in your environment; the rest runs on our segregated infrastructure.
Level 3 — Managed by Funhelps: your fully segregated instance on our infrastructure. Ideal for processes involving less sensitive data.
We guide Catalan SMEs through NIS2, ENS and ISO 27001 compliance
15 years protecting businesses in Catalonia. We are in the process of accreditation as ISO 27001 Lead Auditor. Our team understands the reality of the Catalan SME: limited resources, growing obligations and the need for solutions that actually work.
Take the free NIS2 diagnostic — in 5 minutes you’ll know whether it applies to you and where you stand.
Frequently asked questions about NIS2 and cybersecurity
If you have more than 50 employees, turn over more than €10 M, supply an essential entity, or belong to a critical sector (energy, healthcare, finance, transport, food, digital, etc.), NIS2 applies to you. Take our free 5-minute diagnostic to find out for certain.
NIS2 provides for fines of up to €10 M or 2% of annual global turnover for essential entities, and up to €7 M or 1.4% for important entities. In addition, directors may be held personally liable.
Member states were required to transpose NIS2 by 17 October 2024. In Spain, enforcement began in 2026. There is no grace period: compliance has been enforceable since transposition.
NIS2 is a European directive mandatory for critical sectors. ENS (National Security Framework) is a Spanish scheme that applies to public administrations and their suppliers. ISO 27001 is voluntary, international, and serves to certify an information security management system to clients and auditors.
Yes. Our vCISO package (Virtual CISO from €600/month) acts as your external security officer: it defines the strategy, carries out the gap analysis, implements controls and manages incidents. You don’t need to hire a full-time person to cover the role.
Start by knowing where you stand
The 5-minute NIS2 diagnostic tells you whether you are obligated, what your risk level is, and what the first 3 steps are. Free, no strings attached.