en

NIS2 directive

Are you impacted by the NIS2 directive which came into force last year October? Yes? Or maybe you are not yet 100% sure? In these cases it is important to make yourself familiar with the directive and ensure that, if you are falling under the directive (and that chance is bigger than you might think!) take appropriate measures to ensure compliancy. Not sure where to start? Kazarma Consulting is here to assist you.

Board Presentation

.A good starting point would be to schedule a board presentation. Research conducted by Kazarma last year shows that plenty entities who fall under the NIS2 directive are not fully informed on the consequences. NIS2 however makes board members (and management bodies) personally liable for non conformity.

A good first step therefore is asking Kazarma Consulting to prepare a board presentation on the NIS2 directive.

What does this entail?

  • Kazarma will do some research on your market sector and specifics regarding NIS2 / IT security risks

  • An introductory (teams) meeting with the CISO/CIO

  • A tailored board presentation for your organization of 30-minutes

  • A personalized certificate of attendance for compliancy purposes

After this session you will have the necessary knowledge of the NIS2 directive to help you decide on the way forwards and needed steps.


Gap Assessment Analysis

Chances are that your organisation falls under the NIS2 directive or that you decide to voluntarily comply with its (most important) guidelines and recommendations. 

In such a case the next logical step will be a requesting a Gap Assessment to be carried out.

Depending on your organization's size, sector, activities and maturity, this assessment will vary in scope and duration, but usually it can be performed in a 2-4 day period, depending on availability of the right staff eg: 

  • Quality 

  • IT Management

  • Security

  • HR

The assessment report will score your current organization's controls against the expected measures under the NIS2 directive and assist you in making the right choices as well as prioritizing them.

With this report in hand you have a good view on what steps are needed next in order to be compliant.

Implementation

The last step is implementing the necessary steps as lined out in the Gap Assessment report.

The scope of this project is of course fully dependent on the content of the Gap Analysis Report. It is usually the case that our consultants will be working closely together with your (ICT) suppliers and your management. 

Some examples of possible internal actions which might be needed for your organization are:

  • Implementing a Risk Register which is auditable and kept up-to-date

  • Implementing auditable  Access Controls

  • Writing a screening policy for personnel for HR

  • Ensuring there is a decent Information Security Policy in place which is effective.

Potential actions together with (external) suppliers  could be:

  • Implementing encryption on all data at rest and data in transit

  • Looking at vulnerability management in the supply chain

  • Setting up a disaster recovery site for production

As you can see, the scope of actions to be taken can vary widely and implementation time therefore can vary accordingly. Of course not everything has to be done at once, but knowing what has to be done and which actions should be prioritized is already a big step forward for most organizations.




Request our services

Please leave us your details and we'll get back to you as soon as possible.

Contact us

www.kazarmaconsulting.eu

+32 (0)488 665759

marcel@kazarmaconsulting.eu