NIS2 Update: Mapping NIS2 to ISO27001

NIS2 Update: Mapping NIS2 to ISO27001

First version: 2023-11-03
Last update: 2024-11-19
Last change(s): Updated the NIS2 mapping table

NIS2 Update


The NIS2 directive is upcoming and as you have come to know, anDREa B.V. is keeping a close eye on what this means and how organizations can prepare for this. Recently, we wrote this blog article about possible preparation steps and (hefty) sanctions for non-compliance. NIS2 is gaining rightfully more attention but how do we keep up?

Inspired by our visit to CyberSec The Netherlands, where NIS2 was a major point of interest, we have a small, yet interesting update on the NIS2 we would like to share with you.   

The Netherlands will implement NIS2 as-is


Firstly, in this (Dutch spoken) webinar by the Ministry of Economic Affairs and Climate (Ministerie van Economische Zaken en Klimaat) it was revealed that The Netherlands will adopt the NIS2 as-is with no additional measures (although it still has to pass ‘de Tweede Kamer’). This means that organizations don’t have any excuse anymore to start preparing for NIS2 . In the link at the top you can find some pointers on how to prepare. We are using these steps ourselves to prepare for NIS2.

Interesting side-note : NIS2 is among others needed for making sure everyone has the same base level of cybersecurity on an European level. In turn, this should promote international collaborations. However, as noted in the webinar, the guideline leaves room to implement additional requirements on a national level. In our opinion, this is quite contradictory. If you would think in terms of our Workspaces and the international collaborations that take place. It could very well be that there would be additional measures needed for one country but not in the Netherlands. We are very curious how this will play out.

Mapping table NIS2 to ISO27001


Nevertheless, preparation is key. In our previous blog, we noted that if your organization is ISO27001 certified, you are well on your way to be NIS2-compliant. For your convenience, we have compiled a mapping table from NIS2 article 21 to ISO27001:2017 and ISO27001:2022. Note that ISO27001:2022 is the latest version, however as anDREa is ISO27001:2017 certified, we provide the mapping table from NIS2 to ISO27001:2017 with some convenient links to our own public policies and controls. Annex controls and clauses for ISO27001:2017 correspond on the same row with their ISO27001:2022 counterparts.

We value your feedback!  Please let us know if these blog articles and updates are helpful to you and/or your organization.



Sources:

    • Related Articles

    • 2021-W33 Update from anDREa

      This should be the first of many where we will update you on released and upcoming features, things that are happening at anDREa, etc. Recently added features/improvements Type Description Bug Daily snapshot missing on some of the new and migrated ...

    • 2021-W51 anDREa Update

      Last weekly update from anDREa in 2021 The current year has been an exciting year for anDREa. Quite some researchers have been using the platform since the researchenvironment.org days, the DRE on the Radboudumc Azure cloud. In March 2021, mydre.org ...

    • myDRE is NOT vulnerable for CVE-2022-26809 - Serious Vulnerabilities in Microsoft Windows Workplaces and Servers

      Situation Last “patch Tuesday” Microsoft disclosed and fixed a large number of serious vulnerabilities in Microsoft Windows. One of these vulnerabilities is identified as CVE-2022-26809 with a CVSS score of 9.8 (scale 1-10). CVE-2022-26809 is a ...

    • 2021-W34 Update from anDREa

      General Holidays affect the development capacity, but we're moving nicely forward. The good thing is that Microsoft sent us an Azure Sponsorship Offer that will help to move some backend improvements forward. One such thing is multi-region support. ...

    • Weekly update: 2021-W42

      In this weeks update there are the following topics: ISO 27001 *** Does anDREa have access to data? *** Offboarding and Exit Strategy Read more at: Weekly update