- The EU legislators take action to increase cyber resilience in Europe: the second Network and Information Systems Directive (NIS2) entered into force on 16 January 2023.
- It affects a lot more organisations and business sectors than NIS1 and introduces stricter security requirements, more supervisory measures and tougher sanctions.
- Getting your company ISO 27001-certified is an excellent first step towards NIS2 compliance: it covers about 70% of NIS2 requirements.
How to prepare for NIS2
The EU member states have until 18 October 2024 to transfer the NIS2 Directive into national law. But affected companies must start acting now. Kivanc Semen explains why:
“I can say from hiring ourselves and knowing the demand for experts. It’s almost impossible to implement NIS2 on time yourself.
That’s the reason why starting early and getting the few resources on the market, going for a provider that can offer the technology on top of experts, is so important.”
“With ISO 27001, you should be ok.”
That’s because there are significant overlaps between ISO 27001 and NIS2 requirements:
So, where to start? As Kivanc Semen points out, a “22% budget increase is going to be needed for companies that haven’t done NIS2 before”.
If your company is affected by NIS2, that means the first steps are centred around raising awareness with the management to facilitate the necessary budget planning.
Our recommendations to our customers and you:
- Determine if your business is affected by NIS2
- Raise NIS2 awareness with senior management
- Educate management about cybersecurity risks
- Estimate expenses and plan budget
- Review NIS2 cybersecurity risk management measures
- Assess your supply chain
- Simplify incident reporting
- Develop business continuity and crisis management plan
- Implement an ISMS as per NIS2 criteria
- Ensure secure development practices
Want to know more about how ISO 27001 can help you with the new NIS2 regulation? Schedule a meeting with us.