Thinking About : digital service providers should prepare for the NIS Directive

Thinking About : digital service providers should prepare for the NIS Directive
Many organisations are focused on the EU General Data Protection Regulation(GDPR), but this May sees another EU legislation coming into effect: the Directive on security of network and information systems (NIS Directive).
In the UK, the NIS Directive applies to operators of essential services (OES) and digital service providers (DSPs) involved in:
  • Drinking water supply and distribution;
  • Energy;
  • Digital infrastructure;
  • The health sector; and
  • Transport.
There are slight differences in the way OES and DSPs need to prepare for the Directive, but guidance is coming thick and fast.
Last year, the European Commission published a draft implementation regulationfor DSPs, which Elizabeth Denham, the UK’s information commissioner, commented on. She criticised “the overly rigid parameters” of the regulation, which “may be undesirable and may lead to a failure to report incidents which nevertheless have a substantial impact on the users of the service and which should, by the nature of the impact, be considered for regulatory action”.
The European Commission has since approved the final draft, and the UK government has released the findings of a public consultation on how it should implement and regulate the NIS Directive. IT Governance has also published a compliance guide.
Each of these documents will help you understand where the NIS Directive fits into the cyber security landscape. DSPs will have to be particularly organised, as they are expected to define their own information security measures proportionate and appropriate to the potential risks they face. These measures must address:

Information security

  • The systematic management of network and information systems, which will require organisations to map their information systems and set up appropriate policies, covering risk analysis, human resources, security of operations, security architecture, system lifecycle management and, where applicable, encryption.
  • Physical and environmental security, protecting against environmental damage and accidental or malicious actors.
  • Security policies to ensure that service functionality supplies are accessible.
  • Access control measures to ensure that physical and logical access is “authorised and restricted based on business and security requirements”.

Incident management

  • Detection processes and procedures, which should be regularly monitored to ensure that they are up to data and effective.
  • Processes and policies for reporting vulnerabilities and security incidents.
  • Procedures for documenting the response to cyber security incidents.
  • Incident analyses to assess an incident’s severity and collect information for the organisation’s continual improvement process.

Business continuity

  • Contingency plans based on a business impact analysis, ensuring the continuity of services.
  • Disaster recovery plans appropriate to the potential risks.

Monitoring, auditing and testing

  • Planned monitoring to assess whether information systems are working as they should.
  • Auditing and measurements to monitor whether the organisation is complying with relevant standards or guidelines.
  • Processes aimed at revealing flaws in security systems, covering both technology and the people involved in the security system.

Get started with the NIS Directive

Those who want help preparing for the NIS Directive should consider our cyber resilience solutions. An effective cyber resilience strategy can mitigate the risk of cyber incidents and enables you to respond to attacks, containing any damage and allowing you to promptly return to ‘business as usual’.


  1. That is really fascinating, You're a very skilled blogger.
    I've joined your rss feed and stay up for in search
    of more of your excellent post. Additionally, I've shared your site
    in my social networks 바카라사이트

  2. Wonderful article! We are linking to this particularly great content on our
    website. 토토사이트
    Keep up the great writing.

  3. 스포츠토토 Hi there, You have done a great job. I will definitely digg it and
    personally recommend to my friends. I am confident they will be benefited from this web site.

  4. In the 21st century, if anyone has a security risk from anyone, it is only from cyber attacks. I am the owner of a firm and I really want to protect my clients' data from cyber attacks. So, I have decided to use NIS Directive. Coursework Writing Service

  5. I was very impressed to see this post, the steps to activate using then it’s good to read the latest articles and blog posts on our page. Click on The Link:- Change Roadrunner Email Password

  6. Best Strategies for 먹튀커뮤니티, Roulette & 3 More Games

  7. Such precisely written and explained! I love the idea behind your concept as many people fail to represent the main aim behind their whole story. So I appreciate it and I connect to every word. Looking forward to more words from your side. Cheers!
    Source: jade green lyrics

  8. any recommendation how to solve this issue.? MyFortiva

  9. This article is really amazing. Thanks for the sharing.

  10. I am trying to do this also and getting the same response. SurgeCardInfo

  11. I'll be sure to keep an eye on this thread. PointClickCare CNA

  12. Actually the article is very real. Arise Portal

  13. Exploring alternatives to FocusVision? Discover the top 10 contenders that can elevate your insights game! 📊🚀 #MarketResearchSolutions

    Embrace the future of data-driven decisions with Microsoft Power Platform 💡🔗 #DataDrivenInsights #PowerPlatform
    Which tools have you found most effective for harnessing market insights? Share your thoughts! 👇🤝 #MarketInsights #TechSolutions

  14. In today's fast-paced environment, this essay really got me thinking about the revolutionary power of internet services. The way technology shapes our experiences is simply amazing. As a Help with Nursing Assignment. student, I couldn't help but ponder how these technological breakthroughs may improve healthcare and education. Imagine having a specialized digital service to assist with nursing duties; that would be revolutionary! There is enormous potential for individualized support, easy access to materials, and collaborative learning.

  15. As the digital landscape evolves, foresight is imperative, especially for Digital Service Providers gearing up for the NIS Directive. In this era of technological metamorphosis, preparation is key, and staying ahead requires strategic anticipation. The synergy of digital services and regulatory compliance is akin to the precision of USA embroidery digitizing—meticulous, forward-thinking, and adaptive. Just as digitizers navigate the intricacies of threads, providers must thread through regulatory frameworks. USA Embroidery Digitizing stands as a metaphor, symbolizing the need for meticulous preparation and innovation. Prepare for the NIS Directive like a skilled digitizer, where foresight weaves the fabric of digital resilience.

  16. A patient care software called PointClickCare CNA Login Portal enables agencies and nurses to personalize patient care plans. They can also routinely check current data so they can identify any changes in their condition as soon as they happen. Visit here Pointclickcare Cna Login

  17. Weis Markets has a survey program called WeisFeedback to get direct input from customers regarding Weis customer service. Send us your honest feedback at weisfeedback to stand a chance to win fantastic prizes.  Visit


  18. The AutoZone Customer Satisfaction Survey is an online survey that questions consumers about their experiences with the firm and how satisfied they are with it.

  19. Publix's dedication to listening to its customers and taking proactive steps to meet their needs and preferences.


  20. MyWingstopSurvey with its online ordering platform. After completing an order online,

  21. As we delve into the discussion about digital service providers preparing for the NIS Directive, it's crucial to highlight the significance of specialized and certified services in all sectors, including appliance repair. For instance, the demand for certified viking freezer repair services exemplifies the need for expertise and certification in the digital age. Providers of such specialized services must not only be adept in their craft but also ensure compliance with evolving regulations and standards, including cybersecurity measures under the NIS Directive. This intersection of digital preparedness and certified expertise underscores a broader trend towards enhanced security, reliability, and trust in service provision, reflecting the Directive's core objectives.

  22. Payroll Processing: A variety of payroll functions, such as tax, deduction, and wage calculation, are managed by ePayroll systems. By automating intricate computations, it minimizes human errors and conserves time. Visit EPAYROLL

  23. To gauge your satisfaction with the goods and services, an online survey is being conducted. These include the environment of the restaurant, the items that are presented, and the customer service provided. Click here

  24. Taking part in this client criticism survey is energetically suggested in the event that you have of late made a purchase from Holland and Barrett.
    Take MyHBVisit Survey

  25. Telljamba Although Jamba Juice is widely recognized for creating some of the greatest fruit and vegetable smoothies and beverages available, our investigation shows that there are a ton of other delectable choices as well. Click here Telljamba

  26. These initiatives may offer rewards, honors, and acknowledgement for outstanding work, customer relations, safety records, and other achievements. Visit MyTHDHR

  27. Emory Patient Gateway Login Rules
    Here are a few simple tasks you can take to get to your Emory Patient Gateway Login page. Emory Patient Portal Login