Thinking About : digital service providers should prepare for the NIS Directive

Thinking About : digital service providers should prepare for the NIS Directive
Many organisations are focused on the EU General Data Protection Regulation(GDPR), but this May sees another EU legislation coming into effect: the Directive on security of network and information systems (NIS Directive).
In the UK, the NIS Directive applies to operators of essential services (OES) and digital service providers (DSPs) involved in:
  • Drinking water supply and distribution;
  • Energy;
  • Digital infrastructure;
  • The health sector; and
  • Transport.
There are slight differences in the way OES and DSPs need to prepare for the Directive, but guidance is coming thick and fast.
Last year, the European Commission published a draft implementation regulationfor DSPs, which Elizabeth Denham, the UK’s information commissioner, commented on. She criticised “the overly rigid parameters” of the regulation, which “may be undesirable and may lead to a failure to report incidents which nevertheless have a substantial impact on the users of the service and which should, by the nature of the impact, be considered for regulatory action”.
The European Commission has since approved the final draft, and the UK government has released the findings of a public consultation on how it should implement and regulate the NIS Directive. IT Governance has also published a compliance guide.
Each of these documents will help you understand where the NIS Directive fits into the cyber security landscape. DSPs will have to be particularly organised, as they are expected to define their own information security measures proportionate and appropriate to the potential risks they face. These measures must address:

Information security

  • The systematic management of network and information systems, which will require organisations to map their information systems and set up appropriate policies, covering risk analysis, human resources, security of operations, security architecture, system lifecycle management and, where applicable, encryption.
  • Physical and environmental security, protecting against environmental damage and accidental or malicious actors.
  • Security policies to ensure that service functionality supplies are accessible.
  • Access control measures to ensure that physical and logical access is “authorised and restricted based on business and security requirements”.

Incident management

  • Detection processes and procedures, which should be regularly monitored to ensure that they are up to data and effective.
  • Processes and policies for reporting vulnerabilities and security incidents.
  • Procedures for documenting the response to cyber security incidents.
  • Incident analyses to assess an incident’s severity and collect information for the organisation’s continual improvement process.

Business continuity

  • Contingency plans based on a business impact analysis, ensuring the continuity of services.
  • Disaster recovery plans appropriate to the potential risks.

Monitoring, auditing and testing

  • Planned monitoring to assess whether information systems are working as they should.
  • Auditing and measurements to monitor whether the organisation is complying with relevant standards or guidelines.
  • Processes aimed at revealing flaws in security systems, covering both technology and the people involved in the security system.

Get started with the NIS Directive

Those who want help preparing for the NIS Directive should consider our cyber resilience solutions. An effective cyber resilience strategy can mitigate the risk of cyber incidents and enables you to respond to attacks, containing any damage and allowing you to promptly return to ‘business as usual’.


  1. That is really fascinating, You're a very skilled blogger.
    I've joined your rss feed and stay up for in search
    of more of your excellent post. Additionally, I've shared your site
    in my social networks 바카라사이트

  2. Wonderful article! We are linking to this particularly great content on our
    website. 토토사이트
    Keep up the great writing.

  3. 스포츠토토 Hi there, You have done a great job. I will definitely digg it and
    personally recommend to my friends. I am confident they will be benefited from this web site.

  4. In the 21st century, if anyone has a security risk from anyone, it is only from cyber attacks. I am the owner of a firm and I really want to protect my clients' data from cyber attacks. So, I have decided to use NIS Directive. Coursework Writing Service

  5. I was very impressed to see this post, the steps to activate using then it’s good to read the latest articles and blog posts on our page. Click on The Link:- Change Roadrunner Email Password

  6. Best Strategies for 먹튀커뮤니티, Roulette & 3 More Games

  7. Such precisely written and explained! I love the idea behind your concept as many people fail to represent the main aim behind their whole story. So I appreciate it and I connect to every word. Looking forward to more words from your side. Cheers!
    Source: jade green lyrics

  8. any recommendation how to solve this issue.? MyFortiva

  9. This article is really amazing. Thanks for the sharing.

  10. I am trying to do this also and getting the same response. SurgeCardInfo

  11. I'll be sure to keep an eye on this thread. PointClickCare CNA

  12. Actually the article is very real. Arise Portal

  13. Exploring alternatives to FocusVision? Discover the top 10 contenders that can elevate your insights game! 📊🚀 #MarketResearchSolutions

    Embrace the future of data-driven decisions with Microsoft Power Platform 💡🔗 #DataDrivenInsights #PowerPlatform
    Which tools have you found most effective for harnessing market insights? Share your thoughts! 👇🤝 #MarketInsights #TechSolutions