NIS-2
NIS-2 & ISMS: Elementary security for your company
From the NIS-2 From compliance to a customized information security management system (ISMS): We reliably protect your company against cyber threats.
We accompany you from analysis to implementation - legally compliant, practical and future-oriented.
What is NIS-2 and what is required?
NIS-2: Requirements
With the NIS-2 Directive (Network and Information Security Directive 2) of the EU will tighten cyber security requirements for companies and organizations in numerous industries. In particular, companies that offer critical services or process sensitive data will be forced to comply with new standards, which will result in significant penalties for non-compliance. Particular attention must be paid to the following areas under the NIS 2 Directive in future.
Risk management
Identity & Access Management (IAM)
Business Continuity Management (BCM)
Security incident management
Supplier management
Asset management
Employee sensitization
Cryptography
Asset management
Secure communication
Reporting & registration obligations
Management training
The predecessors of NIS-2 - ISMS at international level
Legal basis
Over three decades, the principles, guidelines and legal standards for the design of an information security management system have continued to evolve internationally. At European level, the NIS 2 Directive forms the overarching benchmark for a common level of cyber security in the EU. It has yet to be transposed into German law.
- 1995: BS 7799
BS 7799 is a British standard that defines a code of practice and a specification for an information security management system (ISMS).
- 2000: ISO/IEC 17799
ISO/IEC 17799 is an international standard for an information security management system (ISMS) based on the BS 7799 standard.
- 2005: ISO/IEC 27001
International standard for an information security management system (ISMS), which emerged from part 2 of the BS 7799 standard.
- 2007: ISO/IEC 27002
International standard for an information security management system (ISMS), which emerged from ISO/IEC 17799.
- 2017: TISAX®
TISAX® is a standard for an information security management system (ISMS) (automotive industry) that was derived from the ISO/IEC 27001 standard, but has since developed independently.
- 2022: NIS-2
European Directive for a high common level of cybersecurity in the EU.
- 2025: NIS-2 implementation in Germany
Transposition into national law still pending (NIS2UmsuCG)
Impact assessment
If you answer the following questions with "Yes" answer, your company is very likely to be affected by the NIS 2 Directive.
01. CRITIS
Are you a critical infrastructure operator?
02. number of employees
Do you employ more than 50 people?
03. annual turnover
Is your annual turnover higher than € 10 million?
What does the
NIS-2 Directive
for
Your company?
High penalties for non-compliance
NIS-2 provides for severe penalties of up to 2% of global annual sales of the company. A breach could therefore not only damage the company's image, but also have financial consequences that could threaten its existence.
Expansion of the areas of responsibility
The new directive covers many more companies than the previous one. Medium-sized companies may also be affected if they provide critical infrastructure for the European economy. This increases the likelihood that a company will actually fall under the NIS 2 Directive.
Liability of the management
NIS-2 also makes Board members and managing directors liable for the implementation of the safety standards. Companies that fail to comply with these standards risk personal consequences for their senior executives. This point can be particularly worrying for senior management.
Increased cyber risks and responsibility
Cybercrime is constantly on the rise, and the threat situation is increasing as networking grows. Companies without sufficient protective measures are easy targets for attackers. NIS-2 therefore forces companies to carry out comprehensive and regular risk analyses and proactively eliminate security gaps.
Regular audits and inspections
Companies must be prepared for regular Audits and inspections. Failures or inadequate safety measures are detected more quickly and can result in immediate sanctions.
Loss of image and trust in the event of violations
Cyber incidents or breaches of the NIS 2 Directive can lead to a immense loss of confidence with customers and partners. Compliance with the NIS 2 directive can therefore be seen as a benchmark for the trustworthiness of a company.
Urgency of implementation
The NIS 2 Directive is already in force and companies must have implemented the requirements in the foreseeable future. Postponing is not an option and companies that react too late run the risk of being legally sanctioned.
Reporting deadline for security incidents
A significant security incident must be reported within 24 hours be reported. An initial assessment must be completed within 72 hours take place. Failure to comply with these deadlines will be penalized with an infringement.
Cyber Security
Cyber Risiko Check
We audit your company and expose security gaps:
With the official Cyber risk check according to DIN SPEC 27076 you are on the safe side.
Our offer
Your package
The optimum scope of services for your requirements.
PROBasic
PROFlex
PROSecure
More individual
NIS-2 check
Templates:
Guidelines, processes &
Documents
More detailed
Implementation plan
1-to-1 consulting
in the fulfillment of the
NIS-2 requirements
Detailed implementation
the NIS-2 requirements
Structure of ISMS
according to ISO 27001
External information
safety officer
Implementation
internal audit
Inspection
on site
Support with
the certification
Optional: Permanent
ISMS operation
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Trust is good.
NIS 2 compliance is better!
Become active now
Are you interested?
Early and correct implementation of the NIS 2 requirements is a good investment in the future of your company!
