Lately we are often talking about NIS2, resilience, legislation, to lead your company towards a more "safe and protected" future, but none (or few) propose a real plan to comply with the legislation and avoid sanctions.
This is what we propose, the checklist that you find below is what we can offer you, with these 18 points you will be protected from any sanctions but above all you will have made a step forward in securing your company.
1. Determine the application of NIS2
Identify the Sector of Membership:
Evaluate the size of the company:
2. Allocation of Liability
Designate an Information Security Officer (CISO):
Define Roles and Responsibility:
3. Risk Assessment
Conduct a Complete Risk Analysis:
Documenting identified risks:
4. Implementation of Technical and Organizational Measures
Security Policy Information:
Access Controls:
Encryption of Data:
Patch and Update Management:
Monitoring and Logging:
5. Accident Management
Response Plan to Accidents:
Accident Response Team:
Notification procedures:
6. Operational Continuity and Emergency Recovery
Operational Continuity Plan (BCP):
Disaster Recovery Plan (DRP):
Periodic Plan Tests:
7. Supply Chain Management
Evaluation of Suppliers:
Contractual Security Clauses:
Continuous Monitoring:
8. Training and Awareness
Training programmes:
Awareness campaigns:
Evaluation of Skills:
9. Documented policies and procedures
Security Manual Information:
Standard Operating Procedures (SOP):
Management of Amendments:
10. Compliance and Audit
Internal Compliance Checks:
Third Party Audit:
Non-Conformity Management:
11. Cooperation with the Authorities
Registration with the Competent Authorities:
Proactive Communication:
Participation in National Initiatives/EU:
12. Protection of Personal Data
GDPR compliance:
Data Protection Impact Assessments (DPIA):
Appointment of a Data Protection Officer (DPO):
13. Innovation and Continuous Update
Monitoring of Emerse Threats:
Updating Technologies:
Feedback and Improvement:
14. Human Resources Management
Staff Screening:
Contract clauses:
Output Process:
15. Communications management
Secure Communication Channels:
Personal Device Usage Policies (BYOD):
Email Management:
16. Documentation and Registration
Register of Accidents:
Access log:
Secure Data Storage:
17. Evaluation and Improvement of Performance
Key Performance Indicators (KPIs):
Periodic Reports:
Improvement plans:
18. Implementation of Standard and Best Practice
Adoption of International Standards:
Alignment with ENISA Guidelines:
Benchmarking:
Important note: Compliance with NIS2 requires an integrated approach involving people, processes and technologies.
Contact us, call us, we have time and energy to dedicate to you, don't hesitate and don't think of "not being a possible target" we're all targets, it's not about SE but WHEN.
