With NIS-2, ISMS becomes a management responsibility for many organizations. We show how to implement information security in a structured, practical and audit-ready way while achieving certification readiness.