Is your organization covered by the NIS2 directive (in the Netherlands: Cybebeveiligingswet)? Then you must meet the strict requirements for cyber resilience and cyber security. The specialists of Digital Security Institute help by bringing your cyber security to the required level.
If you work in one of the sectors in scope of the NIS2, you must register as a NIS2 entity with the NCSC (National Cyber Security Center).
Duty of care
Duty of care for 'appropriate and proportionate technical, operational and organizational measures'. is a key element in NIS2. In addition to your own measures, you must also ensure the cybersecurity of your direct suppliers. The duty of care was recently further elaborated in the Cyberbeveiligingsbesluit.
Governance
Directors must have sufficient knowledge of cybersecurity and IT risk management (see our boardroom training ). Secondly, the board must approve the cyber measures and monitor their implementation.
Reporting obligation
Your organization must be prepared to report significant incidents in a timely manner and in accordance with regulations.
Supervision
Be prepared for regulatory oversight. Your industry regulator will monitor NIS2 enforcement and may conduct security scans or an independent audit.
Onze diensten
NIS2 support
Digital Security Institute helps you to meet the NIS2 requirements to improve your digital resilience.
The following steps are essential in the process of becoming NIS2 compliant. If you already have security certifications (such as ISO27001), that helps, but the scope is certainly not 100% the same. You will need to investigate where additional measures are required.
Strategic risk assessment
Cybersecurity measures must be appropriate for the risks of your organization and sector. A risk analysis is therefore central to various control measures (from the cybersecuritybesluit).
Baseline gap assessment
Even if you are already ISO27001 certified, it is necessary to check which parts of NIS2 are not yet covered. This could be in areas such as security logging and monitoring, incident reporting or supplier management.
NIS2 implementation
A gap assessment will show what still needs to be done to become NIS2 compliant. Based on an implementation plan, the missing measures can be implemented or strengthened.
Suppliers
As a NIS2 organization you need to manage the dependency and security of your supply chain. Who are your most important suppliers, how do they influence your digital resilience and how is the cybersecurity of the chain guaranteed?
Before starting a NIS2 compliance initiative, we advise you to first follow a boardroom training. This will make clear what the role, responsibility and liability of the board is for IT Risk Management, digital resilience and cybersecurity. Insight and understanding of digital resilience of the board ensures the right starting position and support for an improvement initiative.
.png)
