First version: 2023-11-03
Last update: -
Last change(s): -
NIS2 Update
The NIS2 directive is upcoming and as you have come to know, anDREa B.V. is keeping a close eye on what this means and how organizations can prepare for this. Recently, we wrote
this blog article about possible preparation steps and (hefty) sanctions for non-compliance. NIS2 is gaining rightfully more attention but how do we keep up?
Inspired by our visit to CyberSec The Netherlands, where NIS2 was a major point of interest, we have a small, yet interesting update on the NIS2 we would like to share with you.
The Netherlands will implement NIS2 as-is
Interesting side-note : NIS2 is among others needed for making sure everyone has the same base level of cybersecurity on an European level. In turn, this should promote international collaborations. However, as noted in the webinar, the guideline leaves room to implement additional requirements on a national level. In our opinion, this is quite contradictory. If you would think in terms of our Workspaces and the international collaborations that take place. It could very well be that there would be additional measures needed for one country but not in the Netherlands. We are very curious how this will play out.
Mapping table NIS2 to ISO27001
Nevertheless, preparation is key. In our previous blog, we noted that if your organization is ISO27001 certified, you are well on your way to be NIS2-compliant. For your convenience, we have compiled a mapping table from NIS2 article 21 to ISO27001:2017 and ISO27001:2022. Note that ISO27001:2022 is the latest version, however as anDREa is ISO27001:2017 certified, we provide the mapping table from NIS2 to ISO27001:2017 with some convenient links to our own public policies and controls. Annex controls and clauses for ISO27001:2017 correspond on the same row with their ISO27001:2022 counterparts.
We value your feedback! Please let us know if these blog articles and updates are helpful to you and/or your organization.
Sources: