Compliance in Practice: Making NIS2 and ISO 27001 Work in Daily Operations (denog17)

With NIS2, ISO 27001 and requirements of BNetzA raising the bar for security and operational compliance, many internet providers are asking the same question: *How do we meet these requirements without drowning in bureaucracy?* This talk bridges the gap between regulation and real-world implementation. Instead of focusing on theory or checklists, we’ll look at how to integrate compliance into the day-to-day work of running a network—with minimal friction. **Topics include:** - Turning compliance into a continuous, manageable process - Using a Single Source of Truth (SSoT) to manage documentation, assets, and controls - The “document once, but right” principle: reducing duplication and inconsistency - Assigning and tracking responsibilities that actually get done - Lessons from real-life audits and what works in lean teams - Tooling, automation, and pragmatic templates to stay compliant while staying sane We will demonstrate these concepts using open-source tools like: - **NetBox** for infrastructure inventory and network documentation - **Snipe-IT** for asset lifecycle management - **Zammad** for task and ticket tracking - **Eramba** for managing risk, controls, and policy compliance - **GitLab** for documentation, version control, and approval workflows These tools help create a practical compliance framework that integrates seamlessly into daily operations and supports both audit readiness and operational efficiency. This session is tailored for engineers, DevOps, and infrastructure managers at ISPs and hosting providers who want to build a compliant operation—without losing focus on uptime, performance, and business continuity. **You’ll walk away with concrete strategies and examples you can apply on Monday.** Licensed to the public under http://creativecommons.org/licenses/by/4.0 about this event: https://pretalx.com/denog17/talk/DUMD8G/