Network & Information Systems Directive
We are all well versed in GDPR but it was not the only piece of European regulation relating to data security which came into force in May. It’s lesser known friend the
EU Directive on the security of Network and Information Systems (NIS) took effect on 10th May 2018.
NIS impacts on all organisations deemed to be an ‘Operator of Essential Services - think electricity, water, healthcare, transport services, banking. It also applies to some Digital Service Providers who offer services within the EU. A cyber-attack on these systems could have a severe impact on the infrastructure of entire countries and the regulations aim to ensure that services in the EU have robust defences in place.
Digital Service Providers are included if they employ more than 50 people and/or their balance sheet totals more than €10 million. It covers providers of services such as:
- Search engines
- Cloud computing services
- Online marketplaces
Services must take technical and organisational measures they consider proportionate to manage the security risks and they are required to consider key elements including business continuity management and incident handling procedures. Like GDPR there will be punitive fines if organisations fail to demonstrate that their cyber security systems are secure.
The regulations specifically encourage “the use of European or internationally accepted standards and specifications relevant to the security of network and information systems”. So, internationally recognised security standards such as ISO27001 are likely to see a rise in interest. All services impacted will be responsible for the resilience of their suppliers and supply chain security, so requirements are likely to have a knock on effect to other organisations. So, if you are a supplier or aspire to be a supplier of any of these organisations, then now is a good time to review your cyber security strategy and at the very least get your Cyber Essentials certification in place, if you haven’t already.
Our technical consultants can advise on all aspects of your cyber security systems and provide guidance on which security standards meet your business needs.
Contact us today for more information.
RedMosquito provide Managed IT Support Services across, Glasgow, Edinburgh, Stirling and throughout Scotland.