NIS2: How to become compliant quickly
What is NIS2?
The NIS2 (Network and Information Systems) Directive is the EU-wide legislation on Cybersecurity. It provides legal measures for organisations to improve the overall level of cybersecurity in the EU. Not all organisations are subject to NIS2 though. The scope prioritises organisations that are of higher importance to society.
There are several frameworks available that guide organisations to NIS2 compliance with the most important ones being the ISO 27001 standard and the CyberFundamentals (CyFun) framework.
By taking proactive measures to understand and address the requirements of NIS 2, you can ensure your organisation remains compliant, minimises risks, and continues to thrive.
Get detailed insights and guidance on NIS2 by downloading our eBook
Our eBook offers a clear, concise, and actionable guide to understanding NIS 2, its potential impact on you and your organisation, and the essential steps to take in order to prepare
What is the scope of NIS2?
The NIS2 Directive applies to organisations that are part of certain sectors (listed in annexes I and II of the EU NIS2 Law) and that exceed certain thresholds in size. These factors also determine whether an organisation is deemed ‘Important’ or ‘Essential’. This classification determines which measures an organisation needs to take to be NIS2 compliant.
Which sectors fall in the scope of NIS2?
When it comes to the sectors that NIS2 applies to, there is a distinction between ‘High-Critical’ sectors and ‘Other Critical’ sectors. Organisations of High Critical sectors, depending on their size, can be either Important or Essential organisations, whereas organisations from Other Critical sectors are, at the most, Important. Though the following list is not exhaustive, it provides a decent overview of the different sectors and their classification:
High-Critical sectors
- Energy
- Transport
- Financial Market Institutions
- Digital Infrastructure
- Banking
- Healthcare
- IT Service Management
- Space
- Public Administration
- Waste Water
- Drinking Water
Other Critical sectors
- Postal & Courier services
- Manufacturing
- Chemicals
- Research
- Waste Management
- Food production, processing & distribution
- Computers & Electronics
Which organisation sizes fall in the scope of NIS2?
When it comes to organisation size, the NIS2 directive takes into account: number of Full-Time Employees (FTEs), Annual Turnover and Annual Balance Sheet Total. Want to find out if your organisation is deemed ‘Essential’ or ‘Important under NIS2? Reach out to find out.
How do we support NIS2 compliance?
At Cingulum, we typically approach each project in a similar, structured way: The Cingulum Journey.
The same goes for NIS2 projects.
The Journey
1. High-level security scan:
We start with an assessment of your internet-facing vulnerabilities and internal security organisation.
2. Maturity assessment:
Our comprehensive evaluation covers 11 key areas of your security posture, to prepare you for regulations like NIS2.
3. Standard-based risk assessment:
We deliver a prioritised risk register and mitigation roadmap based on standards like ISO27K, CyFun, TISAX, DORA, and CRA.
4. Build to maturity:
We guide you through implementing necessary security measures, vendor management, and overseeing the entire process.
5. Internal audit & management review:
We prepare you for external audits with support from our trusted consultants and independent auditors.
6. External audit and certification:
We help you achieve certification, demonstrating your security excellence.
Benefits of partnering with Cingulum
Seasoned experts
Our consultants are tried and tested with multiple years of experience, ensuring quality and speed.
Cross-industry experience
Our customers come from all sectors, so we think our chances are very high that we know your sector specifics.
Customer-centric approach
Cingulum goes beyond just reciting rules. We analyse set up an implementation plan that works for you.
Vast partner network
We have excellent partners to take care of any technical implementations, wherever necessary.
Cost-effectiveness
We pride ourselves in delivering great value, as we believe it is the only way to build sustainable relationships.
Get in touch
Find out more about our NIS2 services and talk to one of our seasoned experts.