This website uses cookies. View our cookie policy
USA
Select regional store:

NIS Directive Compliance

The EU Directive on security of network and information systems (NIS Directive) requires operators of essential services and digital service providers to implement appropriate security measures to protect, and ensure the continuity of, services that are essential to the national infrastructure.

The Directive entered into force in August 2016. EU member states, including the UK, have until May 2018 to translate it into national laws and a further six months to identify the "operators of essential services and digital service providers" it applies to.

This page links to everything you need to comply with the NIS Directive.

 

Information

The EU Network and Information Security (NIS) Directive sets out the first EU-wide rules on cyber security. This is in addition to the new requirements for data protection as detailed in the General Data Protection Regulation (GDPR).

Among other provisions, the Directive requires operators of essential services (private or public organisations that provide services in critical sectors such as energy, transport, banking, finance and health) and digital service providers (online marketplaces, search engines and Cloud computing services) to implement appropriate security measures to protect, and ensure the continuity of, the network and information systems used to support “essential services”.

The Directive entered into force in August 2016. EU member states – including the UK – have until May 2018 to translate the Directive into national laws, and a further six months to identify the “operators of essential services and digital service providers” it applies to.

Penalties for non-compliance will be “effective, proportionate and dissuasive”.

 

Green papers

Download our free green papers:

Click here for all available green papers >>

 

Products and services

The NIS Directive states that "Member States shall [...] encourage the use of European or internationally accepted standards and specifications relevant to the security of network and information systems."

The only relevant international standards are ISO 27001 and ISO 22301, which we’ve been helping organizations to implement for over a decade.

Here are a few ways we can help meet your NIS Directive compliance needs.

 

  • Software

    The NIS Directive states that, for operators of essential services and digital service providers alike, technical and organizational security measures should be appropriate and proportionate to identified risks.

    vsRisk™ is the industry-leading ISO 27001-compliant risk assessment tool.

    Click here for more information about vsRisk >>

 

Contact us

To discuss your ISO 27001 requirements, please call us on 1 877 317 3454 or email servicecenter@itgovernanceusa.com.