Build compliance that lasts and get full guidance in your CyFun® journey
We help you assess & upgrade your maturity level against the CyberFundamental Framework with confidence
-
Access every CyFun® task, policy, and control, plus additional frameworks when needed
-
Guided implementation of the CyFun® framework in our platform
-
Track progress, assign tasks, and collect proof
4.9/5.0 stars on G2 | 8.000+ companies trust our products
Simplifying NIS2 compliance leveraging CCB’s official CyberFundamental frameworks
The Belgian transposition of the NIS2 Directive introduces the CyberFundamentals (CyFun®) framework, overseen by the Belgian Centre for Cybersecurity (CCB). CyFun® sets a clear path for organizations to manage cybersecurity risks and demonstrate compliance with NIS2
NIS2 Directive
NIS2 Directive is the European Basis for the Belgian Law (not legally directly binding)
Belgian Law
The Belgian Law incorporates the NIS2 directive into Belgium’s Legal Structure (legally binding)
CyFun®
CyFun® can be seen as a practical guide to help companies comply with Belgian Law and therefore the original NIS2 directive this law transposes
CyFun® sets a clear path for organisations to manage cybersecurity risks and demonstrate compliance with NIS2
To meet these requirements, organisations must:
-
Adopt suitable cybersecurity measures
-
Timely notification of significant incidents
-
Register with the CCB platform
-
Train management members (sec. 3.11)
-
Regular conformity assessments (mandatory for essential entities and voluntary for important)
-
Share information and collaborate with authorities
Depending on your entity type, compliance with CyFun® can provide:
Essential entities
Mandatory certification and regular compliance assessment that grant, if obtained, legal presumption of compliance with Belgian Law implementing NIS2
Important entities
Optional verification that strengthens your compliance posture and prepares you for audits.
The CCB considers that a full implementation of CyFun® Essentials level allows you to counter 100% of most commons attacks within your industry.
We'll support your journey to NIS2 compliance and CyFun® verification/certification in a manageable, transparent, and actionable way
Control Frameworks & Implementation Guides
Build CyFun® compliance efficiently with clear frameworks and step-by-step guidance
-
Inclusion of the official pre-defined CyFun® frameworks for Basic, Important & Essential levels
-
Standard implementation guide to simplify setup in the platform
-
Set of recurring tasks to ensure ongoing maintenance of your compliance program
Incident & Risk Management
Manage incidents and risks systematically to stay prepared for verification and audits
-
Incident notification questionnaire based on the CCB incident reporting form
-
Support custom risk assessment aligned with the CCB guidelines
-
Helps maintain compliance and readiness for verification audits
Controls Maturity & Auditing
Track control effectiveness and simplify audits with automated assessments and report templates
-
Custom fields and automation for Controls Maturity Assessment
-
Define your custom audit templates to easily defend your assessment
-
Easily shareable with auditors via guest access to review evidence
Policies & Templates
Save time and ensure consistency with ready-to-use, compliant policy templates
-
All CBB-official basic policy templates available
-
Ability to build and distribute custom policy training questionnaires
-
Ensures compliance documents are structured and consistent
All CyFun® obligations, across all tiers, delivered in one platform
No matter your tier, our platform covers every policy, task, and control you need for CyFun® compliance, giving you complete coverage and guidance
Basic
- 30+ measures
- Equivalent of "baseline hygiene" for most SMEs
- Protects against ~82% of common attacks
- Covers: Governance, Incident Handling, Recovery, Monitoring, Training
Important
- 110+ measures
- For medium-to-large or high-risk orgs
- Protects against ~94% of historical attack patterns
- Adds strong focus on: Supply Chain, Business Continuity, Vulnerability Management, Audits
Essential
- 140+ measures
- For critical sectors & highest assurance
- Nearly complete NIS2 coverage
- Covers: All obligations comprehensively, with evidence for certification
We are here to support your compliance journey from A-Z
Maturity Assessment
Self-Audit your maturity levels against your relevant CyFun® level and evidence your results
Remediation Actions Implementation
Implement and keep track of progress of required corrective action
Management Report
Report all of your results to management
Official verification or certification
Transfer your audit results to the CCB’s self-assessment tool and prepare for third-party certification.
Maintain your CyFun compliance program
Keep your CyFun® compliance up to date with other frameworks
CyFun ®
Cybersecurity Fundamental Framework
Disclaimer
The CyFun® Framework is a framework owned by the Centre for Cybersecurity Belgium (CCB), operating under the authority of the Prime Minister of Belgium. The abbreviation “CyFun®” stands for “CyberFundamentals Framework” and is a registered trademark owned by the CCB.
The CyFun® Framework and CyFun® Conformity Assessment Scheme (CAS) are available on www.cyfun.eu, which is their only authentic source.
The services offered by Formalize ApS may contribute to third party assessments, but they do not replace nor fulfill any accredited third-party assessment as described by the CyFun® Framework. Therefore, Formalize ApS can never claim that its services fully meet the requirements of the CyFun® Framework and the services cannot be considered for use in conformity assessments resulting in obtaining a presumption of conformity with the NIS2 Directive and its Belgian transposition. If there is any discrepancy between the products and services offered by Formalize ApS and the documents on the website, only the latest version of the documents on the website is deemed authentic.