verinice Risk Catalog (ISO 27001 / NIS2)

€649.74 *

Prices incl. VAT

Net price: €546.00

Free of shipping costs!

Available as download


  • VRC-EN.1
The NIS2 verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition is available for... more
Product information "verinice Risk Catalog (ISO 27001 / NIS2)"

The NIS2 verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition is available for download in the verinice.SHOP or in the customer repository for use in verinice from version 1.26.

The new NIS2 verinice risk catalog (ISO/IEC 27001:2022) is a file that can be imported directly into verinice and provides a comprehensive catalog of generic yet detailed threats, vulnerabilities and risk scenarios. It speeds up the risk analysis considerably. Also included is a list of sample assets and processes that can serve as a basis for your own risk assessment.

The original verinice risk catalog has been expanded to include requirements for important NIS2 facilities, which have been linked to suitable ISO/IEC 27001:2022 requirements. Based on the link type in verinice, it can be seen whether ISO/IEC 27001:20222 includes the NIS2 requirements or whether NIS2 goes beyond ISO/IEC 27001:20222 requirements.

Thanks to the cooperation with the VDMA, this mapping can be used as a working basis in verinice and can be individually adapted or extended.

NIS2 verinice Risk Catalog (ISO/IEC 27001:2022) - ISM Edition

This catalog contains original content from standards ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022, licenced from ISO via Beuth Verlag. Please refer to the copyright notice at the end of this text. The content has been expanded to include the requirements of NIS2 - DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL.The price of the single user license sold here in the shop is calculated according to the duration in years and number of users. For the "verinice.PRO "verinice.PRO" version please contact SerNet sales SerNet-Vertrieb for a graduated offer. Please note that due to Beuth Verlag’s licensing requirements, the contents of the original standards can only be read in the program and cannot be exported (PDF, Word, Excel, etc). See this catalog in action in our screencast (!

Your benefits at a glance

  • The new NIS2 verinice Risk Catalog - ISM Edition is a file (or optionally a second file based on the DIN ISO/IEC 27001:21017 standard) that can be imported directly into verinice and contains a comprehensive catalog of generic yet detailed threats, vulnerabilities and risk scenarios. The risk catalog also contains both the management requirements from chapters 4 to 10 and the controls from Annex A of ISO/IEC 27001:2002, including the extension to include the NIS2 requirements. In addition, you will also find placeholders for required documents that may be necessary for an ISMS.

  • verinice enables the collection of all information assets that are mandatory for certification and risk analysis. Assets are already predefined in this catalog.

  • Also included is a list of processes that can be used as a basis for your own risk analysis. The application of the PDCA cycle for all processes of the ISMS can be consistently implemented and verified with verinice.

The technical rules (DIN, EN, ISO and ISO/IEC standards) reproduced in this software are protected by copyright and licensed for use within the scope of this software by Beuth Verlag GmbH, Berlin. Any reproduction of the technical rules outside this software, for example by printing or saving, is prohibited. The technical rules can be purchased from Beuth Verlag GmbH (

scope of delivery / product content

The risk catalog is provided as an encrypted, ZIP-compressed verinice archive (.lic.vna) that you can unzip to a location of your choice and then import. In the unpacked folder you will find

  • The sample organization (VDMA_NIS2_Mapping_to_verinice_Risk_Catalogue_according_to_ISO_IEC_270012022_EN.lic.vna) based on ISO/IEC 27001:2022 for use in the ISM/ISO perspective.

  • A manual in PDF format.

For the implementation of the requirements in verinice, you must work within the ISM perspective and can therefore also use the standard functions of verinice. Please note that for the concrete work with the module you might also need the verinice manual as well as the original standards of ISO/IEC 27001:2022, ISO/IEC 27002:2022 and ISO/IEC 27005:2022.

180 generic risk scenarios, applicable to any organization, in the following categories:

  • Physical Damage

  • Inadequate Maintenance or Replacement

  • Unstable Power Grid and Other Electrical Issues

  • Staffing and Operational Issues

  • Telecommunication Failures

  • Cyber Attacks and Exploits

  • Information Theft and Disclosure

  • Tampering and Unauthorized Usage

  • Legal Violations and Insufficient Security Measures

  • Resource and Service Provider Failures

  • Violation of compliance requirements

Over 1000 relations between the above risk scenarios and the ISO/IEC 27001:2022 (Appendix A) controls designed to address those risks. All you need to do is complete the implementation status of your organization’s controls and adjust the relations as needed!

60 fundamental threats in the following categories

  • Compromise of functions or services

  • Human actions

  • Infrastructure failures

  • Natural threats

  • Organizational threats

  • Physical threats

  • Technical failures

  • Compliance infringements

84 inherent information processing vulnerabilities in the following categories

  • Hardware

  • Network

  • Organization

  • Personel

  • Site

  • Software

  • Compliance vulnerabilities

147 sample assets (linked to seven basic business processes) in the following categories

  • Hardware

  • Information

  • Network

  • Organization

  • Personnel

  • Software

  • Location

Support for the implementation of ISO/IEC 27001:2022, Annex A: Explanations and assistance for all 93 controls from ISO/IEC 27002:2022 with their purpose, guidance and other information.

In a separate group, you will find 24 NIS2 requirements that are linked to corresponding ISO/IEC 27001:2022 requirements and are therefore integrated into the sample organization. As ISO/IEC 27001:2022 requirements are linked to risk scenarios, NIS2 requirements are indirectly taken into account in the risk analysis.

List of 60 documents and records mandatory for ISO/IEC 27001:2022 certification. This includes placeholders as a checklist for guidelines, policies, and related documents required by chapters 4 through 10 of the standard or by the controls in Annex A.

Template catalog for an internal audit according to the ISA standard (Information Security Assessment). This facilitates a maturity level-oriented quick audit based on ISO/IEC 27001:2015 even without prior knowledge of the standards.

The VDA ISA standard in version 5.1 still references the old version of ISO 27001:2015. As soon as the VDA has revised the ISA standard, it will also be updated in the verinice Risk Catalog.

German mandatory copyright notice by Beuth Verlag: "Die in dieser Software wiedergegebenen technischen Regeln (DIN-, EN-, ISO- und ISO/IEC-Normen) sind urheberrechtlich geschützt und zur Nutzung im Rahmen dieser Software von der Beuth Verlag GmbH, Berlin, lizenziert. Jede Vervielfältigung der technischen Regeln außerhalb dieser Software, zum Beispiel durch Ausdruck oder Abspeichern, ist untersagt. Die technischen Regeln können bei der Beuth Verlag GmbH ( erworben werden."

Further information

Discussion in the verinice.FORUM:


Beuth Verlag GmbH
Saatwinkler Damm 42/43
13627 Berlin

SerNet Service Network GmbH
Bahnhofsallee 1b
37081 Göttingen

© 2022
DIN Deutsches Institut für Normung e. V.
Saatwinkler Damm 42/43
13627 Berlin

© 2023
SerNet Service Network GmbH
Bahnhofsallee 1b
37081 Göttingen

Related links to "verinice Risk Catalog (ISO 27001 / NIS2)"