The last 6 – 12 months has all been about the new data protection act that is coming in, the General Data Protection Regulation, otherwise known as the GDPR. However, there’s another directive that is coming into power in May, this directive has widely gone unnoticed and is called, NIS, or the EU Network and Information System Directive.
NIS is coming into play to try and further increase the level of security within networks and IT systems across the EU, by trying to get all parties to try and adopt widely known International and European standards. Primarily this directive is aimed at the organisations which serve critical/essential services to other parties, or which supply those who provide these services.
Unlike GDPR, NIS concentrates on how a business will protect itself from a cyber defence perspective, ensuring that they have the appropriate controls in place and that the layers of defence are in place and have been tested regularly.
As the NIS directive is aimed at tier one service providers, there shouldn’t be much need for businesses to worry about this on a day-to-day basis. However, any businesses which have ISO 27001 accreditation implemented and running in their business should be already compliant by ensuring that their incident management, business continuity and recovery plans and procedures are already in place and reviewed on a regular basis.
TeraByte can help your business undertake penetration tests, vulnerability assessments, security audits and more. For more information on our services, visit our website at: https://terabyteit.co.uk