NIS2 compliance

Cybersecurity risk management measures specifically address physical security and the security of the network and information systems environment to protect them against system failures, human error, malicious acts or natural phenomena.

Cyber risk management

Entities will have to put in place legal, technical and organizational measures to manage risks that threaten the security of their networks and information systems.

Here are some measures (in particular from Articles 20 and 21 of the NIS 2 Directive):

• policies relating to risk analysis and information systems security;

• incident management;

• business continuity, for example backup management and disaster recovery, and crisis management;

• supply chain security, including security aspects relating to the relationships between each entity and its direct suppliers or service providers;

• the security of acquisition, development and maintenance of networks and information systems, including the treatment and disclosure of vulnerabilities;

• policies and procedures to assess the effectiveness of cybersecurity risk management measures;

• basic cyber hygiene practices and cybersecurity training;

• policies and procedures relating to the use of cryptography and, where applicable, encryption;

• human resources security, access control policies and asset management;

• the use of multi-factor authentication or continuous authentication solutions, secure voice, video and text communications and secure emergency communication systems within the entity, as needed.

• ...

SOCRATE® being compatible with this directive, all statuses and dashboards will indicate where you are in the requested security level and will facilitate your compliance efforts.

Personalized support is available to help you quickly become NIS2 compliant.

Back to certification page