In an increasingly digital world, cyber threats are on the rise, placing higher demands on companies and organizations to strengthen their cybersecurity. A crucial step in this development is the EU directive NIS2, which will come into effect in Sweden later this year.
NIS2 aims to establish a common high level of cybersecurity across the EU. Unlike its predecessor, NIS1, this directive covers more sectors and has stricter requirements for the sectors that were already covered.
Is your organization uncertain about how to comply with the NIS2 directive? Here are some key insights and actions to take before the law comes into force.
- Determine whether and how your business is affected by NIS2
However, many businesses are indirectly affected through contracts and collaborations with entities within these sectors. For example, if your business is a supplier to a public entity, you may also need to comply with the new requirements.
2. Identify necessary measures and activities to meet the requirements
To comply with NIS2, your business or organization should identify and prioritize the most relevant measures. A checklist can be a valuable tool for ensuring transparency within the organization and securing the implementation of critical initiatives, such as:
-
- Management and staff trainings
- Implementing and maintaining procedures for systematic information security management
- Establishing/updating incident management plans
- Reporting to the supervisory authority (if directly affected)
3. Define responsibilities and roles
Implementing identified measures requires collaboration between various stakeholders, such as business operations, the Chief Information Security Officer (CISO), technology developers, and the management team. Defining clear roles and assigning responsibility for the identified measures is crucial to successfully implementing necessary changes. Additionally, securing a budget is essential to ensure that sufficient resources are available. Each responsible party should then develop a plan for implementing the identified measures.
4. Establishing communication and decision-making processes
Managing the implementation of identified measures requires effective communication channels and decision-making forums. This can be structured as a separate project or program or integrated into an existing framework or forum, for example, by incorporating it into the current operational structure.
5. Monitoring and handling deviations
Regular follow-ups are essential to ensure progress and identify potential deviations so they can be addressed in time. By continuously evaluating and adjusting security procedures, your organization can develop a long-term and sustainable cybersecurity strategy.
Is your organization prepared to meet the NIS2 requirements?
At Montell & Partners, we can support you throughout the entire transformation process – from analysis and strategy development to implementation and follow-up. Contact us to discuss how we can help you navigate the new cybersecurity requirements and mitigate your cybersecurity risks.
More information on NIS2 and its application in Sweden is available from MSB (Swedish Civil Contingencies Agency).
Recent Comments