NIS2 implementation

KonsensIT, a Part of CapMon

Are you ready for NIS2 implementation?

The EU member states have adopted an updated version of the Network and Information Security Directive (NIS2), which is a significant step toward ensuring higher levels of network and information security across the EU.

The deadline is approaching

Contact form

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

What is NIS2

The NIS2 Directive helps to establish the framework for securing a company’s assets. Compared to the previous NIS1, a significantly larger number of companies and sectors are now subject to the regulations.

The goal is to ensure that the security level is consistent across EU countries. This means you need to pay more attention to aspects such as risk management, control, and oversight.

With the NIS2 Directive, the requirements have been tightened, and the penalties for non-compliance have become stricter.

A range of risk-based measures must be implemented, including those for the prevention and management of security incidents, data storage and processing security, as well as plans for handling incidents in the event of a cyberattack.

Are your ready for NIS2 implementation?

Specifically, this means that companies need to implement a series of measures to meet the requirements of NIS2. These include, among other things, ensuring control over:

  • Risik analysis and security policy
  • Crisis management
  • Supply chain security and security-related aspects regarding the
  • connections between the company and its suppliers
  • Business continuity
  • Incident management (prevention, detection, and response to incidents)
  • Encryption
  • Policies and procedures (testing and auditing) to assess the effectiveness of measures for managing cybersecurity risks.

Focus on Management Responsibility

NIS2 is not an issue to be solved by the IT department alone – it is a management responsibility! Management must understand the requirements of the directive and lead the risk management efforts. They have direct accountability for ensuring compliance with these requirements.

Increased Requirements for Risk Management and Resilience:

The organization must implement measures to prevent and mitigate damage. This includes incident management, cyber security in supply chains, network security, access control, and encryption.

Business Continuity:

It is crucial to plan how the organization will maintain business operations following a major cyber security incident. This includes system recovery, emergency procedures, and the establishment of a crisis management team.

Reporting to Authorities:

  • Processes must be put in place for proper reporting to the relevant authorities.
  • Major incidents must be reported within 24 hours.

When shoud you start?

To avoid being caught in a pressured situation where both time and access to advisors may be limited, it is advisable to begin work NOW.

Like GDPR, authorities will oversee compliance and can issue orders or fines, which can reach up to €10,000,000 or 2% of the global annual turnover

How we can help you

The KonsensIT team, which is part CapMon, has extensive experience in managing security projects, including GDPR compliance, risk assessments, and contingency planning.

We draw on our experience from existing NIS2 projects and, in collaboration with you, will help create an overview of the various tasks involved. From there, we will develop a plan to ensure compliance with NIS2 regulations.

15 Questions Your Company Should Be Able to Answer Before NIS2 Takes Effect

Are you unsure about how NIS2 will impact your business and how to best prepare for the new requirements? Here are some example questions to consider:

1: “Who needs to comply with NIS2, and why?”

Answer: “Companies that provide critical societal services, as well as their subcontractors, must be prepared to handle cyber threats.”

2: ”What impact does NIS2 have on our company?”

Answer: “You need to determine whether your company is directly or indirectly involved in providing critical societal services.”

3: “What does NIS2 require from our Management and Board?”

Answer: “Top management will be held accountable for meeting cybersecurity obligations, including potential sanctions for non-compliance.”

We are ready to help you answer all your NIS2-related questions. We listen to your needs and concerns and offer practical solutions that are realistic and relevant for your organization.

 

Contact
Mail: jt@konsensit.dk
Tel: +45 4485 5070
Mobile: +45 2689 0088

Our partners

CapMon collaborates with partners in technology and sales to offer innovative and competitive solutions. We maintain close collaboration with our partners without compromising on quality, and we share a passion for IT security that creates happy and confident customers.

Sign up for our newsletter…

and get the latest news and updates