---
title: NIS2 Remediation Roadmap (ID.IM-01) Guide
description: How to build an approvable NIS2 remediation roadmap (Piano di Adeguamento, ID.IM-01). Practical guide with prioritization, timeline, and board approval steps.
canonical: https://www.aegister.com/en/cms/insights/nis2-remediation-roadmap-id-im-01/
url: /en/cms/insights/nis2-remediation-roadmap-id-im-01/
lang: en
---

![](/static/images/header-contact.webp)

# NIS2 remediation roadmap (Piano di Adeguamento): practical guide for ID.IM-01 approval

---

![NIS2 remediation roadmap (Piano di Adeguamento): practical guide for ID.IM-01 approval](/static/images/cms/nis2-requisiti-di-base.webp)

## NIS2 remediation roadmap (Piano di Adeguamento): practical guide for ID.IM-01 approval

January 30, 2026

[NIS2](/en/cms/keyword/nis2/)
[remediation roadmap](/en/cms/keyword/remediation-roadmap/)
[piano di adeguamento](/en/cms/keyword/piano-di-adeguamento/)
[ID.IM-01](/en/cms/keyword/idim-01/)
+5

The remediation roadmap (“Piano di Adeguamento”) is a mandatory Appendix C document and requires governing/management approval under **ID.IM-01 point 1**. In practice, this plan should convert risk, audit, and incident findings into sequenced implementation work with clear owners, deadlines, and closure evidence.

## Key takeaways

- The remediation plan is an approval-required governance instrument, not a technical to-do list.
- It should consolidate gaps from risk assessment, control reviews, incidents, and compliance checks.
- Milestones should be aligned with the first-application baseline deadline (**October 2026**).
- Effective plans enforce accountability, dependency mapping, and measurable closure criteria.

## Timeline context for planning discipline

| Obligation | First-application timing | Planning impact |
| --- | --- | --- |
| Incident-notification obligations | January 2026 (9-month milestone) | Already live; remediation should include immediate operational stabilization |
| Baseline security-measure adoption | October 2026 (18-month milestone) | Roadmap must drive closure of remaining baseline gaps before deadline |

## What an approvable ID.IM-01 roadmap must show

| Objective | Minimum output | Evidence |
| --- | --- | --- |
| Gap consolidation | Unified list of findings and obligations | Consolidated gap register |
| Prioritization | Risk/impact-based sequencing | Priority model and rationale |
| Delivery governance | Owner, milestone, due date, status | Program tracker and steering notes |
| Closure control | Objective completion criteria | Closure evidence log |

## Practical remediation-plan structure

### 1. Purpose, scope, and references

Define scope of remediation and legal/ACN reference model.

### 2. Input sources and baseline gap inventory

List where gaps come from: assessments, reviews, incidents, audits, and authority requirements.

### 3. Prioritization framework

Define how actions are ranked (risk, regulatory urgency, dependency, effort).

### 4. Workstreams and milestones

Group actions by domain and assign delivery milestones up to October 2026.

### 5. Ownership and escalation

Assign accountable owners and define escalation thresholds for delays.

### 6. Closure and verification model

Define acceptance criteria and required evidence for each action closure.

### 7. Governance reporting cycle

Set steering cadence, KPI set, and re-prioritization triggers.

## Frequent remediation-plan failures

1. Too many actions with no prioritization logic.
2. Deadlines without dependency mapping.
3. Actions closed with no verifiable evidence.
4. No explicit accountability for delayed or blocked items.
5. Plan not updated after incidents or risk reassessment.

## 20-day hardening checklist

1. Consolidate all open findings into one remediation register.
2. Apply a documented prioritization model.
3. Define milestones and dependency chains through October 2026.
4. Assign accountable owners and escalation paths.
5. Set closure criteria and required evidence per action.
6. Submit roadmap for governing-body approval and monthly review.

## FAQ

### Is the remediation roadmap mandatory for approval?

Yes. Appendix C lists “Piano di adeguamento” with reference ID.IM-01 point 1.

### Can the remediation plan be merged with risk treatment?

It can be linked tightly, but should remain clear as a governance roadmap with milestone and closure discipline.

### What is the main governance KPI for this plan?

On-time closure rate of prioritized actions with valid evidence, not just task completion volume.

## Conclusion and next steps

A strong ID.IM-01 plan is the operational backbone of NIS closure toward October 2026. The immediate focus should be one integrated, evidence-driven roadmap that links risk decisions to accountable execution and verifiable outcomes.

## Related reading

- [NIS2 mandatory documents master guide: what must be approved by the board and what to prepare now](/en/cms/insights/nis2-mandatory-documents-master-guide-board-approval/)
- [NIS2 risk treatment plan: practical guide for ID.RA-06 approval](/en/cms/insights/nis2-risk-treatment-plan-id-ra-06/)
- [NIS2 KPIs and continuous improvement: operational metrics for resilient compliance](/en/cms/insights/nis2-kpis-continuous-improvement/)
- [Aegister NIS2 Compliance Service](/en/solutions/compliance/nis2/)
- [Free NIS2 Assessment](/en/assessment/)

## Official sources

- [ACN – Guida alla lettura delle specifiche di base](https://www.acn.gov.it/portale/documents/d/guest/guida-alla-lettura-specifiche-di-base)
- [ACN – Determinazione obblighi di base 379907/2025](https://www.acn.gov.it/portale/documents/d/guest/detacn_obblighi_2511-v3_signed)
- [ACN – Modalità e specifiche di base](https://www.acn.gov.it/portale/nis/modalita-specifiche-base)
- [Gazzetta Ufficiale – Decreto Legislativo 138/2024](https://www.gazzettaufficiale.it/eli/id/2024/10/01/24G00155/SG)

Share this post

## Related News

[![NIS2 mandatory documents master guide: what must be approved by the board and what to prepare now](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-mandatory-documents-master-guide-board-approval/)

[NIS2 mandatory documents master guide: what must be approved by the board and what to prepare now](/en/cms/insights/nis2-mandatory-documents-master-guide-board-approval/)

[Appendix C lists 11 documents requiring board-level approval under NIS2 baseline obligations. With incident notification already live and baseline measures due October 2026, this guide maps the full mandatory package and provides a 30-day board-ready activation checklist.](/en/cms/insights/nis2-mandatory-documents-master-guide-board-approval/)

[NIS2](/en/cms/keyword/nis2/)
[Appendix C](/en/cms/keyword/appendix-c/)
+7

[![NIS2 incident management and CSIRT notification plan: practical guide for an approvable RS.MA-01 document](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-incident-management-csirt-notification-plan-rs-ma-01/)

[NIS2 incident management and CSIRT notification plan: practical guide for an approvable RS.MA-01 document](/en/cms/insights/nis2-incident-management-csirt-notification-plan-rs-ma-01/)

[The incident management plan is mandatory under NIS2 Appendix C (RS.MA-01). This guide covers what an approvable plan must include, a practical template with CSIRT notification workflow and timing logic, common gaps, and a 20-day hardening checklist.](/en/cms/insights/nis2-incident-management-csirt-notification-plan-rs-ma-01/)

[NIS2](/en/cms/keyword/nis2/)
[Appendix C](/en/cms/keyword/appendix-c/)
+8

[![NIS2 crisis management plan: practical guide for an approvable ID.IM-04 document](/static/images/cms/nis2-requisiti-di-base.webp)](/en/cms/insights/nis2-crisis-management-plan-id-im-04/)

[NIS2 crisis management plan: practical guide for an approvable ID.IM-04 document](/en/cms/insights/nis2-crisis-management-plan-id-im-04/)

[The crisis management plan is mandatory under NIS2 Appendix C (ID.IM-04). This guide covers what an approvable plan must contain, a practical template with CMT roles and communication playbooks, common gaps, and a 20-day hardening checklist.](/en/cms/insights/nis2-crisis-management-plan-id-im-04/)

[NIS2](/en/cms/keyword/nis2/)
[Appendix C](/en/cms/keyword/appendix-c/)
+7

### NIS 2 Compliance with Aegister

Complete solutions for NIS 2 Directive compliance: expert consulting, implementation and ongoing support.

[Discover](/en/solutions/compliance/nis2/)