| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Website (website) |
| Lines of code | 4033 |
| Technical Name |
flexigo_nis2_cybersecurity_compliance_toolkit |
| License | LGPL-3 |
| Website | https://flexigotech.com |
| Versions | 17.0 18.0 19.0 |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
•
Discuss (mail)
• Website (website) |
| Lines of code | 4033 |
| Technical Name |
flexigo_nis2_cybersecurity_compliance_toolkit |
| License | LGPL-3 |
| Website | https://flexigotech.com |
| Versions | 17.0 18.0 19.0 |
NIS2 Cybersecurity Compliance Toolkit for Odoo 19
Turn NIS2 cybersecurity governance, risk management, incident readiness, supplier oversight and management accountability into one traceable, audit-ready workspace inside Odoo. Free and open source under LGPL‑3.
The problem NIS2-covered organizations face today
Companies in scope of NIS2 often manage cybersecurity compliance across disconnected spreadsheets, policy folders, ticketing tools and external GRC software. Controls may exist, but management approval, supplier risk records, training evidence, incident reporting timelines and remediation ownership are scattered. The organization can say it has measures in place, but it cannot easily show who approved them, which risks they address, when effectiveness was assessed, what evidence supports them, and what remains open.
NIS2 raises the stakes: national transpositions can impose administrative fines of up to EUR 10,000,000 or 2% of total worldwide annual turnover on essential entities, and management bodies can be held personally accountable for overseeing cybersecurity risk-management measures. Reconstructing an audit trail after the fact is slow, expensive and stressful.
How the NIS2 Cybersecurity Compliance Toolkit solves it
The toolkit gives management, compliance, IT and auditors a structured evidence workspace aligned to the NIS2 Directive (EU) 2022/2555 and the EU implementing regulation for specified digital and ICT service entities. It connects applicability profiles, Article 21(2) controls, risks, incidents, suppliers, evidence, training and corrective actions in the same Odoo backend your departments already use. It does not replace legal counsel, a SIEM, an EDR or a vulnerability scanner, and it does not file reports with any authority — it keeps your NIS2 programme continuously documented and audit-ready.
Key features
Applicability profiles per entity
Document NIS2 scope for each legal entity: sector, size band, essential or important candidacy, implementing-regulation relevance and national review status — with a guided applicability wizard.
Article 21(2) control library
Map cybersecurity measures to the categories NIS2 lists — risk analysis, incident handling, business continuity, supply‑chain security and more — each with owner, evidence, review cadence and maturity status.
Cybersecurity risk register
Track risks across draft, under review, accepted and closed states with likelihood, impact and residual-risk acceptance, linked to the controls that address them.
Incident readiness pipeline
Move incidents through detection, triage, significant-incident assessment and a reportable decision, aligned to the Article 23 early-warning, notification and final-report milestones — without auto-filing to any authority.
Supplier and ICT dependency oversight
Document supplier cybersecurity reviews and dependency criticality across not reviewed, under review, approved, exception, rejected and expired states for Article 21(2)(d) supply‑chain security.
Management accountability and evidence vault
Record management approval and oversight per Article 20, keep an evidence vault of policies, test reports and attestations, track training, and generate board packs, audit packs and incident timelines.
Watch the walkthrough
English — product walkthrough
Español — recorrido del producto
Deutsch — Produktrundgang
See it inside Odoo
Who it is for
- Compliance officers, DPOs and legal counsel assessing NIS2 applicability and obligations.
- CISOs and IT security managers maintaining controls, risks, incidents, evidence and remediation.
- General managers and board members who must approve and oversee cybersecurity measures.
- Procurement and vendor managers documenting supplier cybersecurity evidence.
- Odoo partners delivering NIS2 readiness projects for mid-market customers.
Compatibility
Odoo 19 Community and Enterprise. Built on standard Odoo (base, mail, website, web) — no external SaaS, no mandatory API integration. Uses Odoo employees, attachments and activities where available. EU baseline plus country overlays for national transposition references.
Pricing
Free
Open source under LGPL‑3
No licence fee and no per-database price. Install it, own it, and extend it inside your Odoo. Optional paid services are available for applicability assessment, control mapping, incident-readiness and audit-pack preparation.
Frequently asked questions
How do I install the NIS2 Cybersecurity Compliance Toolkit on Odoo 19?
Add the module to your addons path or install it from the Apps list, then open the NIS2 Compliance menu. It depends only on standard Odoo (base, mail, website, web), so there is no external service to configure first.
Does it work on Odoo Community?
Yes. The toolkit runs on Odoo 19 Community and Enterprise. It does not require any Enterprise-only dependency.
Does this module make my company NIS2 compliant or file reports for me?
No. It is an evidence and governance workspace. It does not guarantee legal compliance, does not provide legal advice, and does not submit incident reports to CSIRTs or competent authorities. Final applicability, entity classification, incident reportability and notification destination depend on national transposition and competent authority guidance.
How does it handle NIS2 incident reporting timelines?
The incident workflow tracks the Article 23 milestones — an early warning, an incident notification and a final report — and helps you record the significant-incident decision and supporting evidence. You still send the actual notifications through your national channel.
What about DORA and CER overlap?
You can flag DORA or CER overlap on an entity profile. The toolkit warns that sector-specific Union law may partially displace or run in parallel with NIS2 and keeps the NIS2-specific language separate so obligations are not merged without legal review.
What languages are supported?
The interface follows your Odoo language. Marketing and walkthrough materials are provided in English, Spanish and German, and the EU baseline supports country overlays for national references.
Can I customise it for my company?
Yes. It is LGPL‑3 open source, so you can adapt controls, country overlays, review cadences and reports. FlexigoTech also offers paid services to tailor it to your programme.
Build your NIS2 evidence trail in Odoo
Install the free toolkit, document applicability, controls, risks, incidents and suppliers in one place, and stay audit-ready.
Contact FlexigoTech — comercial@flexigobe.com
Please log in to comment on this module