Services
Services

NIS-2 Guideline

NIS-2 Guideline

With NIS 2, affected companies must take strict security precautions by fall 2024 that not only increase protection against cyberattacks, but also ensure compliance with specific security standards and the continuous updating of their systems.

With NIS 2, affected companies must take strict security precautions by fall 2024 that not only increase protection against cyberattacks, but also ensure compliance with specific security standards and the continuous updating of their systems.

Companies are constantly faced with the challenge of strengthening their cyber resilience. The EU NIS 2 Directive, which has been in force since January 2023, aims to protect critical and important companies in the EU by prescribing comprehensive and tightened security measures. These regulations now apply to a wider range of organizations.

Accompio is ready to guide your organization through this complex process and ensure that you successfully meet the requirements of the NIS 2 directive.

Successfully mastering the NIS 2 directive for companies with IT service provider accompio

  • Directive to strengthen cyber resilience
  • Protecting critical and important infrastructures from cyber attacks

  • Implementation by October 2024

  • Competitive advantage in dealing securely with digital threats

  • Significantly increase the security level of companies

  • Accompio as NIS 2 IT service provider for the realization and implementation of necessary measures

  • Self-check as an initial impulse with regard to relevance

We support you with the implementation of NIS-2

Understand the basics: What is the NIS 2 directive?

The NIS 2 Directive (Network and Information Security 2) is a central component of the European strategy to strengthen the cyber resilience of critical and important infrastructures. As a further development of the first NIS Directive from 2016, NIS 2 aims to create a robust and uniform cybersecurity landscape in all Member States. The directive recognizes the need for companies to not only react to cyberattacks, but to actively take precautions to anticipate and effectively defend against such threats.

With its implementation in January 2023, NIS 2 sets new standards in terms of security and compliance. The previous requirements, which were considered too abstract and inconsistently implemented, will be replaced by clearer and more comprehensive regulations. This affects an extended group of companies that are now obliged to meet the requirements of the NIS 2 directive by October 17, 2024.

Which companies are affected by the NIS 2 Directive?

In principle, any company that is considered a critical infrastructure operator is covered by this directive. Such infrastructures include facilities and systems that are essential for the functioning of society, national security and the economy. A failure or disruption in sectors such as energy, water, telecommunications, food supply, transportation, logistics, finance or healthcare can have far-reaching and serious consequences.

With the transposition of the NIS 2 Directive into national law by October 2024 at the latest, each EU member state will specifically determine which companies are classified as critical infrastructure operators. In Germany, for example, the Federal Office for Civil Protection will take on this task and define which sectors and facilities fall under the category of critical infrastructure.

Therefore, small companies can also apply to the NIS 2 Directive

Although NIS 2 does not apply to companies with fewer than 50 employees and an annual turnover or balance sheet total of no more than ten million euros, there are important exceptions. In particular, providers of DNS services, TLD name registries and operators of public electronic communications networks or services are subject to the requirements of the NIS 2 Directive, regardless of their size.

In addition, the NIS 2 Directive may also indirectly affect medium-sized and small companies if they act as service providers or suppliers for directly affected organizations. In such cases, they may be forced to implement similarly stringent security measures to ensure the integrity of the entire supply chain. Small businesses are therefore well advised to familiarize themselves with the requirements of NIS 2 and take appropriate security measures.

How to master the NIS 2 guideline as a company

With a clear understanding of the requirements and a proactive approach, your company can not only achieve compliance, but also secure a competitive advantage in dealing securely with digital threats.

Your path to NIS 2 compliance: How companies can implement the NIS 2 guideline

The NIS 2 guideline requires organizations to take a proactive role in securing their network and information systems. To successfully implement the NIS 2 requirements, organizations should consider the following steps:

  • 1

    Risk analysis and security concepts
    Implement comprehensive risk analysis procedures and develop security concepts that are tailored to all your information systems. Dies ist der Grundstein für eine solide Cybersicherheitsstrategie.a

  • 2

    Evaluation of risk management
    The methods and processes of your risk management should be evaluated regularly to ensure their effectiveness and make adjustments where necessary.

  • 3

    Incident management
    Create a robust concept for dealing with security incidents. This should include clear instructions on how to react in the event of an incident, as well as guidelines for reporting and resolving the situation.

  • 4

    Backup and crisis management
    Implement strategies and systems for backup management and disaster recovery. Effective crisis management is crucial to maintain operations even under difficult conditions.

  • 5

    Set up reporting systems
    A transparent and efficient reporting system for security incidents is essential in order to meet the requirements of the NIS 2 directive and to be able to react quickly.

  • 6

    Employee training
    Provide your employees with regular cyber security training. A well-informed team is one of your best lines of defense against cyber threats.

  • 7

    Security of the supply chain
    Ensure the security of your supply chain by reviewing and assessing the cybersecurity measures of your direct suppliers.

  • 1

    Risk analysis and security concepts
    Implement comprehensive risk analysis procedures and develop security concepts that are tailored to all your information systems. Dies ist der Grundstein für eine solide Cybersicherheitsstrategie.a

  • 2

    Evaluation of risk management
    The methods and processes of your risk management should be evaluated regularly to ensure their effectiveness and make adjustments where necessary.

  • 3

    Incident management
    Create a robust concept for dealing with security incidents. This should include clear instructions on how to react in the event of an incident, as well as guidelines for reporting and resolving the situation.

  • 4

    Backup and crisis management
    Implement strategies and systems for backup management and disaster recovery. Effective crisis management is crucial to maintain operations even under difficult conditions.

  • 5

    Set up reporting systems
    A transparent and efficient reporting system for security incidents is essential in order to meet the requirements of the NIS 2 directive and to be able to react quickly.

  • 6

    Employee training
    Provide your employees with regular cyber security training. A well-informed team is one of your best lines of defense against cyber threats.

  • 7

    Security of the supply chain
    Ensure the security of your supply chain by reviewing and assessing the cybersecurity measures of your direct suppliers.

By taking these steps systematically, you can not only meet the requirements of the NIS 2 directive, but also significantly increase the overall security level of your company. Accompio will be happy to help you implement these measures effectively and thus ensure your NIS 2 compliance.

How accompio can support you as an IT service provider in implementing the NIS 2 requirements

As the implementation date of the NIS 2 directive approaches, organizations are faced with the task of strengthening their cyber resilience and implementing comprehensive security practices. Accompio understands the complexity and urgency of this challenge and positions itself as your trusted partner to guide you through this process. Our goal is not only to help you meet the requirements of the directive, but also to build a more secure and resilient digital future for your organization.

Our approach at accompio includes a range of bespoke services specifically designed to facilitate and secure compliance with the NIS 2 Directive. We offer a tailored solution that not only ensures compliance, but also builds confidence in your digital security. Let’s tackle this challenge together and create a secure foundation for your digital future.

What is our NIS 2 self-check and what does it do for users?

The NIS-2 Directive (Network and Information Security) sets out measures to ensure a high common level of cybersecurity across the Union in order to improve the functioning of the internal market. To this end, the Directive lays down the following:

  • The obligation for all member states to adopt national cybersecurity strategies and to designate or establish national competent authorities, cyber crisis management authorities, cybersecurity focal points and computer emergency response teams.
  • Cybersecurity risk management and reporting obligations for entities that are Critical, Particularly Important or Important Entities or part of the supply chain.
  • Cybersecurity information sharing requirements and obligations
  • Supervisory and enforcement obligations for member states.

NIS-2 Directive must be transposed into national law by 17.10.2024 and 17.10.2025 is the deadline for the registration of important / particularly important facilities. Failure to comply with the directive could result in fines, loss of reputation and operational restrictions. The authorities’ powers include on-site inspections, regular security audits, ad hoc audits, security scans, information requests, data access, proof of implementation and, in the case of enforcement: warnings, instructions, fines, temporary exclusion of management personnel, checking whether management is monitoring measures, etc.

Your message to accompio

* Required

Your message

FAQs about NIS 2 guideline

The NIS 2 Directive (Network and Information Security 2) is an updated EU Directive that aims to ensure a high common level of security for network and information systems across the European Union. It extends and strengthens the requirements of the original NIS Directive to better protect critical and important infrastructures against cyber threats. The directive includes requirements for risk management, incident reporting and other security measures.

The NIS 2 Directive applies to organizations that are considered operators of critical infrastructure, including sectors such as energy, transportation, healthcare, banking, digital infrastructure and many more. It may also affect medium and small companies that act as key suppliers or service providers to these critical organizations. Each EU member state will specifically determine which companies fall under this category.

The NIS 2 Directive has been in force throughout the EU since January 2023. However, the member states have until October 17, 2024 at the latest to transpose the directive into national law. From this date, the organizations concerned must comply with and implement the requirements of the NIS 2 Directive.

All organizations that fall under the definition of critical infrastructure operators under the NIS 2 Directive must implement it. This includes a large number of organizations in critical sectors as well as their key suppliers and service providers. The exact range of companies affected will be determined by the national implementation of the directive in the respective EU member states.

Jetzt NIS-2 Selbstcheck starten!