| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Website (website) |
| Lines of code | 4039 |
| Technical Name |
flexigo_nis2_cybersecurity_compliance_toolkit |
| License | OPL-1 |
| Website | https://flexigotech.com |
| Versions | 17.0 18.0 19.0 |
NIS2 Cybersecurity Compliance Toolkit for Odoo 19
Turn NIS2 cybersecurity governance, risk management, incident readiness, supplier oversight and management accountability into one traceable, audit-ready workspace inside Odoo. Free and open source under LGPL‑3.
The problem NIS2-covered organizations face today
Companies in scope of NIS2 often manage cybersecurity compliance across disconnected spreadsheets, policy folders, ticketing tools and external GRC software. Controls may exist, but management approval, supplier risk records, training evidence, incident reporting timelines and remediation ownership are scattered. The organization can say it has measures in place, but it cannot easily show who approved them, which risks they address, when effectiveness was assessed, what evidence supports them, and what remains open.
NIS2 raises the stakes: national transpositions can impose administrative fines of up to EUR 10,000,000 or 2% of total worldwide annual turnover on essential entities, and management bodies can be held personally accountable for overseeing cybersecurity risk-management measures. Reconstructing an audit trail after the fact is slow, expensive and stressful.
How the NIS2 Cybersecurity Compliance Toolkit solves it
The toolkit gives management, compliance, IT and auditors a structured evidence workspace aligned to the NIS2 Directive (EU) 2022/2555 and the EU implementing regulation for specified digital and ICT service entities. It connects applicability profiles, Article 21(2) controls, risks, incidents, suppliers, evidence, training and corrective actions in the same Odoo backend your departments already use. It does not replace legal counsel, a SIEM, an EDR or a vulnerability scanner, and it does not file reports with any authority — it keeps your NIS2 programme continuously documented and audit-ready.
Key features
Applicability profiles per entity
Document NIS2 scope for each legal entity: sector, size band, essential or important candidacy, implementing-regulation relevance and national review status — with a guided applicability wizard.
Article 21(2) control library
Map cybersecurity measures to the categories NIS2 lists — risk analysis, incident handling, business continuity, supply‑chain security and more — each with owner, evidence, review cadence and maturity status.
Cybersecurity risk register
Track risks across draft, under review, accepted and closed states with likelihood, impact and residual-risk acceptance, linked to the controls that address them.
Incident readiness pipeline
Move incidents through detection, triage, significant-incident assessment and a reportable decision, aligned to the Article 23 early-warning, notification and final-report milestones — without auto-filing to any authority.
Supplier and ICT dependency oversight
Document supplier cybersecurity reviews and dependency criticality across not reviewed, under review, approved, exception, rejected and expired states for Article 21(2)(d) supply‑chain security.
Management accountability and evidence vault
Record management approval and oversight per Article 20, keep an evidence vault of policies, test reports and attestations, track training, and generate board packs, audit packs and incident timelines.
Watch the walkthrough
English — product walkthrough
Español — recorrido del producto
Deutsch — Produktrundgang
See it inside Odoo
Who it is for
- Compliance officers, DPOs and legal counsel assessing NIS2 applicability and obligations.
- CISOs and IT security managers maintaining controls, risks, incidents, evidence and remediation.
- General managers and board members who must approve and oversee cybersecurity measures.
- Procurement and vendor managers documenting supplier cybersecurity evidence.
- Odoo partners delivering NIS2 readiness projects for mid-market customers.
Compatibility
Odoo 19 Community and Enterprise. Built on standard Odoo (base, mail, website, web) — no external SaaS, no mandatory API integration. Uses Odoo employees, attachments and activities where available. EU baseline plus country overlays for national transposition references.
Pricing
Free
Open source under LGPL‑3
No licence fee and no per-database price. Install it, own it, and extend it inside your Odoo. Optional paid services are available for applicability assessment, control mapping, incident-readiness and audit-pack preparation.
Frequently asked questions
How do I install the NIS2 Cybersecurity Compliance Toolkit on Odoo 19?
Add the module to your addons path or install it from the Apps list, then open the NIS2 Compliance menu. It depends only on standard Odoo (base, mail, website, web), so there is no external service to configure first.
Does it work on Odoo Community?
Yes. The toolkit runs on Odoo 19 Community and Enterprise. It does not require any Enterprise-only dependency.
Does this module make my company NIS2 compliant or file reports for me?
No. It is an evidence and governance workspace. It does not guarantee legal compliance, does not provide legal advice, and does not submit incident reports to CSIRTs or competent authorities. Final applicability, entity classification, incident reportability and notification destination depend on national transposition and competent authority guidance.
How does it handle NIS2 incident reporting timelines?
The incident workflow tracks the Article 23 milestones — an early warning, an incident notification and a final report — and helps you record the significant-incident decision and supporting evidence. You still send the actual notifications through your national channel.
What about DORA and CER overlap?
You can flag DORA or CER overlap on an entity profile. The toolkit warns that sector-specific Union law may partially displace or run in parallel with NIS2 and keeps the NIS2-specific language separate so obligations are not merged without legal review.
What languages are supported?
The interface follows your Odoo language. Marketing and walkthrough materials are provided in English, Spanish and German, and the EU baseline supports country overlays for national references.
Can I customise it for my company?
Yes. It is LGPL‑3 open source, so you can adapt controls, country overlays, review cadences and reports. FlexigoTech also offers paid services to tailor it to your programme.
Build your NIS2 evidence trail in Odoo
Install the free toolkit, document applicability, controls, risks, incidents and suppliers in one place, and stay audit-ready.
Contact FlexigoTech — comercial@flexigobe.com| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Website (website) |
| Lines of code | 4039 |
| Technical Name |
flexigo_nis2_cybersecurity_compliance_toolkit |
| License | OPL-1 |
| Website | https://flexigotech.com |
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module