Implementation of the NIS Directive
Requirements for key service operators and digital service providers
The regulations apply to entities listed in the Act as operators of key services and for digital service providers who were required to implement risk-based security management systems in information systems used to provide services.
The Directive was developed by the European Parliament in response to the growing threat of cyber-attacks on essential elements of the information and communication systems of the European Union countries and covers a number of issues relating to information security, business continuity, auditing systems, conducting penetration tests and responding to incidents. The requirements introduced show far-reaching synergies with the global standards ISO/IEC 27001 and ISO/IEC 27002, which define the framework of the Information Security Management System.
Through the implementation of the requirements described in the above mentioned standards and the performance of certification by an accredited entity, the company can demonstrate compliance with the obligations imposed by law on key service providers and digital service providers. Effective implementation of the standard also makes it easier to demonstrate compliance with the guidelines of the Regulation on the Protection of Personal Data (GDPR). Operators and suppliers that do not meet the requirements of the Act are subject to high financial penalties imposed by competent authorities for cybersecurity.
Based on several years of experience in the implementation, audits and maintenance of Information Security Management Systems and other management standards, SNP provides clients with the implementation of expectations arising from the Directive, in particular through expert help in the implementation of integrated information security systems based on the requirements of ISO 27001 and,TISAX, as well as extending the already implemented standards with the specific requirements of the above standards.