Are you ready for NIS2?
The new cybersecurity directive NIS2 will come into effect in less than a year, bringing new challenges and opportunities for companies in various sectors.
In this article, we explain how NIS2 will affect your business, and how we at NTT DATA Business Solutions are preparing to help you comply with the new requirements – based on best practices and insights from our successful implementation of GDPR, which serves as a model for our approach to NIS2.
It’s now less than a year until the new cybersecurity directive NIS2 goes into effect in the EU. The directive is in the process of being implemented as legislation, but there is no reason to wait for the release for you to get started on preparing to be compliant.
Many companies must prepare for a new reality with increased requirements for cybersecurity and for handling information security risks both internally and in the supply chain. Failure to comply with the requirements can result in quite significant sanctions.
A decisive point in NIS2 is that the responsibility for cybersecurity in the affected companies now clearly moves to the board and management. In addition, non-compliance can be costly. So there is every reason to take the task seriously.
In Denmark, 1079 companies across critical sectors are covered by the new complex requirements for IT-security procedure and data control, according to Dansk Industri
The NIS2 Directive defines some new requirements to several specific industries. NTT DATA Business Solutions can help you prepare your organization for NIS2.
Our offers vary from gap-analysis, implementation of best practices to penetrations tests and security breach monitoring as well as offering hosting services in a NIS2 compliant environment. These services are already in place for some of our customers.
With the establishment of a cross-organizational unit, we ensure that we cover every challenge, making the necessary additions and adaptations to your already existing IT-security programs, and at the same time ensure a foothold in all relevant part of your organization.
If you want to know more, contact our Nordic Sales Director in Managed Services, Dannie Havgaard at [email protected]
The arrival of the NIS2 directive does not mean that companies should panic. There is plenty of time to get in place – if you get started now.
We have chosen to use the same approach as when we had to implement GDPR. With the establishment of a cross-organizational unit, we ensure that we cover every challenge, making the necessary additions and adaptations to our already existing programs, and at the same time ensure a foothold in all relevant parts of the organization. An approach that the audit company PwC has recognized as a best practice. Read more about PwC’s approval of the GDPR implementation program in 2018 here.
NTT DATA Business Solutions has in that regard carried out a mapping of the requirements to which technical, organizational and communication processes must either be strengthened or established, and has on that basis established a provisional operating model for NIS2.
– «Although we obviously don’t know the specific requirements of the future sector requirements, we can nevertheless use those we know from, for example, the pharmaceutical industry, the financial sector and the supply industry as a starting point at an overall level», says Martin Hallengreen, Compliance Manager, NTT DATA Business Solution
– «The key to a successful implementation also lies partly in being able to present customers with a NIS2 program concept, which they can step directly into, similar to compliance with the GDPR, without having to deal with a lot of details about NTT DATA Business Solutions’ internal processor and controls, and without having to concern whether these controls are continued in relevant supply chains” says Martin Hallengreen, Compliance Manager, NTT DATA Business Solution
One of the important requirements in NIS2 will be the very short reporting obligation notice for incidents.
Therefore, a strongly interacted program through the supply chain becomes crucial for the implementation, both in terms of having continuous monitoring and having a competent emergency response team that is trained to react correctly. Therefore, NIS2 can never become a program that can be implemented without the involvement of its suppliers.
– «It is important for our customers and business partners, well before the NIS2 legislation comes into force, to be able to confidently trust us as a supplier. We have therefore decided, in line with our approach to GDPR, to have an independent third party audit statement produced that establishes our compliance with the requirements. This audit report will be a supplement to our existing ISAE 3402 Type II and ISAE 3000 (GDPR) Type II.»
EU NIS2 Directive Calling for Attention to SAP Application Security
PwC approves NTT DATA Business Solutions GDPR-program
Dansk Industri: 1079 companies across critical sectors are covered by the new complex requirements for IT-security procedure and data control
