What do I need to do with NIS2? - cetin.cz
What do I need to do with NIS2?
The new NIS2 regulation brings several new obligations for more than 6 000 organisations to ensure a high common level of cyber security across the European Union. The specific obligations, i.e. organisational and technical measures, will be set out in an amendment to the existing Cyber Security Act.
How to prepare for NIS2?
For many organisations, the new obligations arising from European legislation will be administratively and procedurally very demanding.
Proper information and cyber security audit are always required before any activity that will lead an organisation to implement NIS2 measures. It aims to establish the state of the organisation.
New requirements in an original form?
For organisations that are currently already compliant with Act No. 181/2014 Coll., on cyber security, these are just the old requirements. However, for organisations newly affected by NIS2, this is a revolution in information and cyber security.
To determine whether an organisation is already complying with any of the NIS2 obligations, it is advisable to conduct an initial analysis. This involves several steps:
Identify which organisational units, departments, divisions, and subsidiaries fall within the scope of NIS2.
Assess the current state of risk management and cyber security in your organisation, and identify gaps that need to be addressed to comply with the legislative requirements.
Discuss with experts the timeline and strategy for ensuring compliance with NIS2.
Contact your supply chain to ensure they are aware of the NIS2 directive. You will need to work together to address the new supply chain requirements and supply chain risk management under NIS2.
Obligations arising from the new legislation are financially, administratively, and procedurally challenging for organisations, not least because of the complexity of interpreting the legislation.