NIS2 directive assessment and implementation

NIS2 is an upgraded version of introduced in July 2016 NIS1 directive on security network and information systems. It introduces more stringent requirements towards risk analysis, incidents handling, audits and cyber education in order to boost cybersecurity of organizations . Compliance with the directive is essential for companies identified in scope (sectors like Healthcare, Financial services, Transport and Logistics to name a few). We support our clients in embedding NIS2 requirements in their organizations.

To comply with the NIS2 directive, organizations must consider implementing the following services:

• Risk management - To comply with the new Directive, organizations must take measures to minimize cyber risks. These measures include incident management, stronger supply chain security, enhanced network security, better access control, and encryption.
• Corporate accountability - NIS2 requires corporate management to oversee, approve, and be trained on the entity’s cybersecurity measures and to address cyber risks. Breaches may result in penalties for management, including liability and a potential temporary ban from management roles.
• Reporting obligations - Essential and important entities must have processes in place for prompt reporting of security incidents with significant impact on their service provision or recipients. NIS2 sets specific notification deadlines, such as a 24-hour “early warning”.
• Business continuity - Organizations must plan for how they intend to ensure business continuity in the case of major cyber incidents. This plan should include considerations about system recovery, emergency procedures, and setting up a crisis response team.

Sii service covers: • NIS2 compliance check and audit services • Risk Management • Incident response and reporting • Threat detection and monitoring • Cybersecurity Education and Awareness • BCP planning

SII provides services based on the following Microsoft products: • Microsoft Defender solution (CSPM, XDR) • Microsoft Purview Compliance Manager and Insider Risk • Microsoft Sentinel • Microsoft Entra and DevOps • Microsoft Office 365 Phishing Simulation and Learning Paths • Microsoft Azure Network Security