Steps to NIS2 compliance

With the October 2024 deadline for incorporating the NIS 2 Directive into national law approaching, organizations must begin preparations without waiting for finalized legislation. Achieving compliance is particularly challenging for entities with lower cybersecurity maturity. Below are the key steps to prepare effectively:

1. Determine Applicability: Check if your organization falls under the directive’s scope by reviewing Annex I (critical sectors) and Annex II (important entities).
2. Conduct a Gap Assessment: Identify gaps between current cybersecurity practices and the directive’s requirements. Use recognized standards like ISO 27001:2022 for guidance, as it aligns closely with the directive’s measures.
3. Perform Risk Analysis: Analyze risks using the results from the gap assessment. Define risk management measures and establish a proportional action plan based on organizational needs and capabilities.
4. Initiate Compliance Projects: Address identified risks through targeted projects aimed at meeting the directive’s baseline requirements.
5. Develop Sustainable Processes: Establish ongoing cybersecurity processes and assign roles for monitoring and governance to ensure continuous improvement and adaptability to changes.

Read the full article on our International subsidiary’s website by clicking on the image.