Home Onboarding Next steps after onboarding

Next steps after onboarding

Last updated on Jun 02, 2026

๐Ÿ’ก You've finished onboarding โ€” here's how to turn NexCyber into a steady compliance engine for your company.

Next steps after onboarding

You've created your account, set up your company profile, run your first assessment, and downloaded your first Trust Passport. Welcome to the calmer side of EU compliance.

This article is the bridge between "I'm set up" and "compliance is now a habit, not a fire drill". Here are the moves that take you from a one-off assessment to a steady compliance engine.

1. Address your top gaps

Your first assessment likely surfaced a handful of obligations marked Partial or Gap. The Workspace shows you the top 3 actions that close the most gaps in the least time.

Tips for tackling them:

  • Pick one gap per week. Compliance fatigue is real; small steady wins compound faster than heroic sprints.
  • Cross-regulation actions first. A vulnerability disclosure policy can close gaps in CRA, NIS2 and DORA simultaneously. Tackle those before single-regulation actions.
  • Assign owners. In the Workspace, click any action to assign it to a teammate. They'll get an email and an in-app notification.

2. Upload evidence

From the Launch plan onwards, you can upload evidence โ€” policies, certificates, SBOMs, incident response plans โ€” and attach it directly to obligations. Two big wins:

  • Higher accuracy โ€” your readiness score moves from self-assessed to evidence-backed.
  • Audit-ready โ€” an auditor can click straight through from an obligation to the document that proves it.

Go to /evidence to start uploading. Drag-and-drop is supported. If you have files larger than the upload limit, contact us via the chat and we'll help.

3. Track your deadlines

Each regulation has firm enforcement dates. NexCyber tracks them for you on your dashboard's Timeline widget. For each upcoming deadline:

  • See how many days remain.
  • See which obligations of yours are still in Partial or Gap status.
  • Click through to the relevant Workspace action.

You'll also get email reminders at 90, 60, 30, 14, 7 and 1 day before each deadline (configurable in your notification preferences).

4. Explore the Decision Center (Workspace)

The Workspace is where cross-regulation magic happens. It shows you obligations grouped by shared control rather than by regulation โ€” so you see at a glance that "publishing a coordinated vulnerability disclosure policy" satisfies CRA Art. 13, NIS2 Art. 21(2)(j) and DORA Art. 17 in a single move.

For most teams the Workspace becomes the daily landing page within 2 weeks.

5. Run a second regulation

Most NexCyber customers are subject to at least two regulations โ€” typically CRA + NIS2 (product companies), AI Act + GDPR (AI providers), or DORA + NIS2 (financial entities + ICT providers).

Running a second assessment usually takes less time than the first because:

  • Your company profile is already set up.
  • Many evidence items you uploaded are reusable.
  • The Workspace surfaces shared controls.

6. Subscribe to The Regulatory Signal

EU regulation moves. Implementing acts, RTSs, ENISA guidance, national transpositions โ€” there are dozens of relevant updates every year. The Regulatory Signal is our weekly newsletter that picks the 5 updates that actually matter for digital product makers, plus one curated deep-dive.

Subscribe from the signup form in the footer of any page on nexcyber-eu.vercel.app.

7. Schedule a quarterly check-in

For most companies, compliance is best treated as a quarterly cadence:

  • Q1 โ€” re-run assessments for any regulation with a deadline in the next 6 months.
  • Q2 โ€” update your evidence library (renewed certificates, updated policies, new product releases).
  • Q3 โ€” review your Trust Passport and renew if validity is below 60 days.
  • Q4 โ€” board update with the audit-ready PDF report.

Add a recurring calendar reminder, or ask us in the chat to set one up via your team's preferred tool.

8. Talk to us when you need a human

NexCyber's team is small, EU-based, and includes people who've worked inside regulators, big-4 audit and product companies. We respond to chat within 24 hours on business days, and to contact@nexcyber.eu the same way.

Command and Strategic plan customers have a dedicated Customer Success Manager available for regular review calls.

You're set

That's onboarding. The rest is steady work โ€” and you have the tools to keep it boring (in the best way).

Welcome to NexCyber. We're glad you're here.

๐Ÿ’ฌ Need help?

  • Reach out via our live chat (bottom-right) โ€” Captain AI replies instantly, human experts within business hours.
  • Email support@nexcyber.eu with [P1] for Command/Strategic priority issues.

โ„น๏ธ Disclaimer โ€” RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification.

Last reviewed: 2026-06-02 ยท NexCyber Help Center