This is probably one of the questions you are now asking yourself for your company.
The guideline applies to public or private institutions in various sectors. It can be said in advance that more sectors (from 8 to 18) and more companies per sector will be affected than in the previous NIS guideline.
Medium-sized companies
Large companies
The NIS-2 directive contains extended mandatory security measures with specific minimum requirements for, among other things, concepts for risk analysis for information systems and security for information systems, crisis management and BCM, incident management, supply chain security, cyber hygiene and much more.
Have you already established a process for reporting cyber security incidents in your risk management system? Have you already developed concepts for risk management and the security of network and information systems?
Great! Then you are already well on your way. If these topics are still open for you and your company falls within the affected sectors and thresholds, our recommendation is to start implementing NIS 2 compliance as soon as possible.
Depending on which systems and processes are already in place, the project duration for the implementation of NIS 2 may take several months.
In the GRC platform CRISAM®, implementing the NIS 2 guideline is easy. Integrate NIS-2 into your existing ISMS and also use dashboards and customized reports to generate exactly the evaluation and documentation options you need at the touch of a button.
The implementation of the NIS 2 guideline should not be a “necessary evil” from a company’s point of view, but should rather be seen as an opportunity to send signals. This means that you meet the highest European standards in the area of cyber security and are optimally prepared for hacker attacks.
Business processes are better protected and the risk of data loss and operational downtime is significantly minimized.
In addition, you protect your company from severe penalties, which can range from seven to 10 million euros or 1.4-2% of total annual turnover (depending on which category your organization falls into).
Would you like more information? Do you have questions about the implementation of the new NIS-2 guideline?
To help you and your company prepare, we have implemented the EU directive in a catalog (NIS-2) in a building block (NIS-2 EU). These 35 control objectives will make it much easier for you to implement the new guideline.
Please feel free to contact us.
We will support you in this process with CRISAM® GRC!
