NIS2-Compliance
Is your organisation ready to be compliant with NIS2?
The challenges of the NIS2 Implementation Act
With the NIS2 Implementation Act now in force, affected companies should start implementing the NIS2 requirements at a technical and organisational level now at the latest. As part of risk management, particular attention should be paid to the handling of IT security incidents, the supply chain and the Cyber Resilience Act (CRA). In addition, training for the entire management team – managing directors, members of the executive board and other members of the company management responsible for strategic decisions – will become mandatory for affected companies. The aim is to raise awareness among management of cyber security risks and the implementation of legal requirements. Training must take place at least every three years and should cover risk management, technical and organisational measures, reporting obligations and personal liability. The implementation of the NIS2 Act presents companies with a number of complex challenges, as it sets binding minimum standards for cybersecurity and has far-reaching implications for numerous institutions. Medium-sized and large organisations are particularly affected by this Act, which covers the following sectors that are considered critical to the economy and society:
- Energy
- Transport
- Healthcare
- Drinking water supply and distribution
- Digital infrastructure
- Food supply
- Financial market infrastructure
- Public administration
- Space travel
- Chemical industry
- Postal and courier services
- Waste management
- Telecommunications
- Research facilities
- Educational institutions
- Media
- E-commerce platforms
- Digital service providers
These sectors must meet certain security requirements and implement risk mitigation measures to ensure the resilience of their network and information systems. In addition to implementing basic technical measures, it is necessary to conduct regular training for employees and establish effective emergency management. Failure to comply with the requirements can result in substantial fines. Many companies are unsure how to implement the requirements of the NIS2 Act. There is often a lack of clarity about which areas require action and what investments are necessary in cyber and information security and to achieve NIS2 compliance.
Is your company ready for the NIS2 Implementation Act?
Many companies have already prepared for the NIS2 Implementation Act, for example by introducing an information security management system (ISMS) in accordance with ISO 27001. An ISMS is a sensible measure that can be used to achieve NIS2 compliance to a large extent. In some cases, however, the NIS2 requirements go beyond an ISMS. Our NIS2 Readiness Assessment enables companies to gain clarity about the current status of their NIS2 compliance and to draw up an action plan if necessary.
The SAMA PARTNERS NIS2 Readiness Assessment
Status Check
Questionnaire for your NIS2 compliance assessment
Gap Analysis
Comprehensive identification of deviations
Recommended Actions
Necessary measures to achieve NIS2 readiness
In our NIS2 readiness assessment, we first conduct a comprehensive analysis of your current NIS2 compliance using a standardised questionnaire. In a subsequent workshop, we discuss any open questions from the questionnaire, present the results and analyse the identified deviations. In the next step, we work with you to develop tailor-made solutions and strategies to remedy the deviations. We use interactive methods to convey the content in a way that is both understandable and clear. Realistic scenarios enable us to transfer the theoretical concepts into the practical context of your organisation. After the workshop, you will receive a detailed gap analysis and a prioritised checklist with recommendations for action. These documents not only provide you with information about the areas in which you are already well positioned, but also about those areas where further action is needed. This gives you an individual roadmap for successfully achieving your NIS2 compliance.
Get your business ready for NIS2!
Our NIS2 Readiness Assessment enables companies to gain clarity about their current level of NIS2 compliance and to identify those areas where action is needed.