NIS Directive Compliance
The EU Directive on security of network and information systems (NIS Directive) requires operators of essential services and digital service providers to implement appropriate security measures to protect, and ensure the continuity of, services that are essential to the national infrastructure.
The Directive entered into force in August 2016. EU member states, including the UK, have until May 2018 to translate it into national laws and a further six months to identify the "operators of essential services and digital service providers" it applies to.
This page links to everything you need to comply with the NIS Directive.
The EU Network and Information Security (NIS) Directive sets out the first EU-wide rules on cyber security. This is in addition to the new requirements for data protection as detailed in the General Data Protection Regulation (GDPR).
Among other provisions, the Directive requires operators of essential services (private or public organisations that provide services in critical sectors such as energy, transport, banking, finance and health) and digital service providers (online marketplaces, search engines and Cloud computing services) to implement appropriate security measures to protect, and ensure the continuity of, the network and information systems used to support “essential services”.
The Directive entered into force in August 2016. EU member states – including the UK – have until May 2018 to translate the Directive into national laws, and a further six months to identify the “operators of essential services and digital service providers” it applies to.
Penalties for non-compliance will be “effective, proportionate and dissuasive”.
Download our free green papers:
Click here for all available green papers >>
Products and services
The NIS Directive states that "Member States shall [...] encourage the use of European or internationally accepted standards and specifications relevant to the security of network and information systems."
The only relevant international standards are ISO 27001 and ISO 22301, which we’ve been helping organizations to implement for over a decade.
Here are a few ways we can help meet your NIS Directive compliance needs.
Our consultants have over a decade’s experience of information security management and cybersecurity projects. We’ve led more than 400 successful ISO 27001 certification projects alone, and we offer a 100% guarantee of successful certification.
Follow the links below for more information on how our consultants can help you.
The NIS Directive states that, for operators of essential services and digital service providers alike, technical and organizational security measures should be appropriate and proportionate to identified risks.
vsRisk™ is the industry-leading ISO 27001-compliant risk assessment tool.
Click here for more information about vsRisk >>
IT Governance’s training program is built on the foundations of our extensive practical experience designing and implementing management systems.
All of our training courses are available in classroom and Live Online formats.
To discuss your ISO 27001 requirements, please call us on 1 877 317 3454 or email email@example.com.