MilesGuard Logo
MilesGuard

Pilot Private pilot for MSPs: short-lived admin workspaces with WORM audit, NTS time-signing, and NIS2 24/72/30 reporting. Learn more

NIS2-ready Admin Workspaces & Incident Reporting — Pilot

Join the early access. Validate evidence-first admin operations for NIS2 end-to-end.

Multi-tenant admin workspaces (browser), immutable WORM evidence with cryptographic time, significance scoring aligned to (EU) 2024/2690, and one-click 24/72/30 reports.

NIS2 reporting timeline: incident detected → 24 h early warning → 72 h incident notification → final report ≤ 30 days; automation with timers, prefilled forms and evidence pack.

NIS2 24/72/30 reporting windows — automated timers, prefilled forms, evidence pack (Art. 23 NIS2).

Incident significance matrix (impact vs. duration); upper-right region indicates report required; lower-left monitor/prepare — aligned with (EU) 2024/2690.

Significance aligned with Commission Implementing Regulation (EU) 2024/2690; exact thresholds may vary by sector/authority.

Who this pilot is for

Managed Service Providers (MSPs) operating in the EU/CH with 50–500 employees and multi-tenant environments who:

  • Need provable controls and auditable trails for privileged administration.
  • Must meet NIS2 reporting windows (24h / 72h / ≤ 30 days) with consistent quality.
  • Prefer minimal change: integrate with existing IdP/PAM; no rip-and-replace.

What you’ll test (scope)

Evidence flow: admin workspace → session recording → WORM storage → hash manifest, NTS time proof → optional QTSP e-seal → evidence pack → authority portal.

Chain of custody with WORM immutability and cryptographic time (RFC 8915); optional qualified timestamp/e-seal.

  • Privileged Admin Workspaces (browser-first) SSO/MFA/Passkeys, just-in-time permissions, full session recording.

  • Evidence-first auditing WORM/append-only storage with hash manifests; Network Time Security (RFC 8915); optional qualified timestamps/e-seals.

  • NIS2 reporting automation Significance scoring aligned to (EU) 2024/2690, 24h/72h/30-day timers, prefilled templates, and exportable Evidence Packs (PDF/JSON).

  • Multi-tenant isolation Per-tenant gateways/VM boundaries and clear chain-of-custody.

What you get

Example evidence pack manifest with SHA-256 hash, NTS time, retention, and files; exportable PDF and JSON.

Evidence-first deliverable: standardized manifest and artifacts for authority-ready reporting.

Included in the pilot:

  1. Guided onboarding (90 minutes) - connect IdP (OIDC/SAML), configure one pilot tenant, enable recording, set WORM bucket.
  2. Templates & kits - DPIA starter, works council package (where relevant), NIS2 report templates, evidence mapping.
  3. Playbooks - “24h Early Warning” and “72h Incident Report” flows with field hints.
  4. Support - dedicated contact, Slack/Teams channel, weekly check-ins.
  5. Outcome pack - readiness brief (Art. 21 mapping & gaps) and KPI report.

Optional add-ons (on request):

  • Qualified timestamps/e-seal via QTSP, Transparency Log (e.g., Rekor), country authority connector samples.

Timeline & slots

  • Duration: 2–4 weeks hands-on testing.
  • Capacity: 3–5 design partners in the first wave.
  • Start: Rolling admissions (we’ll align start dates with your team).

Success criteria (how we measure impact)

  • Time to Draft Report (TtDR) ≤ 60 minutes for a regulator-ready first draft.
  • Time to Final (TtFR) ≤ 24 hours (final draft).
  • ≥ 95% of privileged admin actions are captured with WORM time evidence.
  • < 10% false-escalation rate from significance scoring (validated test cases).

Requirements (what we need from you)

  • Identity: Access to your IdP (OIDC or SAML; Passkeys/WebAuthn if available).
  • Pilot tenant: One representative customer/tenant for the test.
  • Storage: An S3-compatible bucket with Object Lock/immutability (or we provide one).
  • Testers: 3–5 admins who can perform typical privileged actions.
  • Consent & governance: Agreement to record pilot sessions; DPIA and internal comms templates provided.

How it works (quick flow)

  1. Sign in with Passkeys/SSO → grant just-in-time access to an admin workspace.
  2. Recording starts by default; evidence is written append-only (WORM) with hash manifests and time proofs.
  3. Significance engine evaluates impact (per EU 2024/2690 guidance) → triggers 24h/72h/30-day timers and checklists.
  4. Prefilled reports are generated; export Evidence Packs (PDF/JSON) incl. hash summary.
  5. Submit via your national portal (pilot provides field mapping & examples).

Trust, privacy & legal notes

  • Data minimisation and role-based access to recordings/evidence.
  • Short retention defaults for pilot data; you can set stricter policies.
  • WORM/immutability prevents deletion/overwrites within the lock window.
  • “Aligned, not certified.” We align to NIS2 Art. 21/23 and (EU) 2024/2690 formats without making certification claims.

FAQs

Do we need to replace our PAM/SSO? No. The pilot integrates with your existing IdP/PAM. We focus on evidence and reporting automation on top.

Will this slow down admins? Workspaces are short-lived and centrally managed; JIT access keeps friction low while ensuring full evidence capture.

Where is evidence stored? In an immutable (WORM) bucket you control (S3-compatible) or a pilot bucket we provide with clear retention settings.

Is this only for EU entities? Primary focus is EU/CH MSPs with EU customers. CH MSPs serving the EU can also join.

What does a good pilot look like? One tenant, 3–5 admins, 2–4 weeks, at least one simulated incident run-through producing a 24h draft and a 72h update.

Call to action

Ready to join the pilot? Request access - we’ll confirm scope, slots, and prerequisites.

Or email us directly: [email protected]