NIS-2

The NIS 2 Directive (Network and Information Security Directive 2) is an updated EU directive on cybersecurity that aims to improve the protection of critical infrastructure in the member states. It sets out minimum requirements for cybersecurity measures and reporting obligations for companies and organisations operating in key sectors such as energy, transport, finance, healthcare and digital infrastructure. The aim is to strengthen resilience and responsiveness to cyber threats and create a harmonised security basis within the EU.

Benefits

  • The implementation of the NIS 2 measures leads to increased cyber security and protects against cyber attacks and threats.

  • Conformity through compliance with the NIS 2 Directive and avoidance of penalties.

  • Business continuity by ensuring operational capability even in the event of security incidents.

  • Compliance with NIS-2 strengthens the trust of customers and partners as well as the company’s reputation.

Technical & organisational measures

  • Creation and communication of information security guidelines.

  • Preparation and evaluation of the effectiveness of risk management.

  • Organisation of regular employee training.

  • Close scrutiny of suppliers and service providers along the supply chain, including security-related aspects of the relationship.

  • Management of information security incidents.

Customized solutions

ISMS for Confluence

ISMS for Confluence is a ready-to-use and customizable ISMS solution for Atlassian Confluence™. It includes all the necessary content, templates, and processes to meet the requirements of the NIS-2 Directive. However, to optimally tailor the management system to the specific needs of your company, individual adjustments must be made by you to best support your internal processes and structures.

Learn more about the ISMS solution here.

Adjustments and corrections are essential components of a dynamic ISMS. We also provide advisory support when implementing an ISMS. Whether your company is developing new projects, products, or processes, these often lead to changes in the ISMS or necessitate its implementation. Such changes impact internal workflows and can introduce new risks for your organization. We assist you in both the implementation and ongoing adaptation of your management system to ensure it remains flexible and meets the requirements of the standards.

What we can do for you:
• Consulting on the implementation of an ISMS tailored to your company’s needs
• Conducting risk assessments for consistent risk evaluation
• Effective risk treatment according to established priorities
• Support in planning effective and cost-efficient risk mitigation measures
• Guidance, review, and implementation of necessary changes
• Raising awareness among your employees about the importance of information security in the organization

As part of the gap analysis, we conduct a detailed examination of your company’s current situation to assess the efforts required for implementation. We analyze the measures required by the standards in relation to your company’s circumstances and evaluate whether they can be integrated into your business structure and workflows.

Similar to an internal audit, we work together with you to identify which requirements are already met and in which areas further measures are necessary to realistically plan for potential efforts.

What we can do for you:
• Identification of relevant business processes
• Definition of the certification scope
• Review of the current state
• Planning of adjustments
• Estimation of implementation efforts