This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

NIS Regulations Consultancy

IT Governance can help you implement and maintain a comprehensive compliance programme, based on best-practice frameworks and international standards, that will ensure the security and continuity of your systems to enable your organisation to comply with the Cyber Assessment Framework (for operators of essential services (OES)) and the Implementing Act (for DSPs).

A cyber resilience management system based on international standards

Article 19 of the NIS Directive states that member states should “encourage the use of European or internationally accepted standards and specifications relevant to the security of network and information systems”. The associated guidance by the National Cyber Security Centre (NCSC) heavily references ISO 27002, which provides practical information supporting the international standard for an information security management system (ISMS), ISO 27001

Solutions for complying with the NIS Regulations

Drawing on our unique blend of practical information security know-how and proven management system consultancy expertise, IT Governance offers a comprehensive range of solutions to help you implement a cyber resilience programme in line with the NCSC’s 14 high-level principles and meet the requirements of the Cyber Assessment Framework (for OES).

We can also help DSPs meet the Commission Implementing Regulation and ENISA’s “Technical Guidelines for the implementation of minimum security measures for Digital Service Providers”.

Get started now


NIS Regulations Gap Analysis

Assess your cyber security posture against the requirements of the NIS Regulations and identify a practical route to implementing your compliance project. Suitable for both OES and DSPs.

Get started with your NIS Regulations compliance project with a gap analysis >>


Cyber Assessment Framework

Manage security risk

  • Risk management
  • Governance
  • Asset management
  • Supply chain management

How we can help: Implement an ISMS aligned with ISO 27001, and ISO 27002, ISO 27035 and ISO 27036

Protect against cyber attacks

  • Data security
  • Identity and access control
  • System security
  • Resilient networks
  • Service protection policies
  • Staff training

How we can help: 

Implement a comprehensive security awareness programme

Undertake routine penetration testing


Detect cyber security events

  • Security monitoring
  • Proactive security event discovery

How we can help:  Implement a cyber incident response management programme

Minimise the impact of incident

  • Lessons learnt
  • Response and recovery planning

How we can help: Implement a business continuity management programme

Why use IT Governance for your NIS Regulations compliance needs?

  • Our consultants are all experienced information security/cyber security specialists, possessing detailed knowledge of global frameworks and standards such as ISO 27001, ISO 27035, ISO 22301, ISO 27036, etc. 
  • Our unique combination of technical expertise and solid track record in international management system standards means we can deliver a complete solution for NIS Regulations compliance and manage the project from start to finish. 
  • We have managed hundreds of projects across all industries, including healthcare, energy, transport, water, defence and aerospace. 
  • We have multi-disciplinary teams that can undertake rigorous penetration testing of your systems and networks, project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop a suitable risk mitigation strategy. 
  • We deliver practical advice and work according to your budget and organisational needs.   
  • We deliver the entire suite of consultancy, training, tests and tools needed for NIS Regulations compliance. 
  • We are a CREST-approved penetration testing organisation and a Cyber Essentials certification body. 
  • Our team of experts can attend your site to support your organisation during an audit by a competent authority. We are also available to conduct mock compliance inspections and audits. 
  • We have led more than 600 ISO 27001 certification and implementation projects globally, making us a pioneer of ISO 27001, which forms a significant portion of both the ENISA and NCSC recommendations of suitable frameworks to follow. 

Some of our clients

We’ve helped hundreds of organisations across many different industries and sectors improve their information security and business continuity practices.

What our clients say

“Having IT Governance on hand to guide our swift adoption of the ISO 27001 standard and provide ongoing expert support has been invaluable. They really understood the needs of a technology enterprise like ours.”

- Paul Green, Wirefast


“I would have no hesitation in recommending IT Governance to others. The main advantage was their flexibility. IT Governance tailored their services, (whether it be training or consultancy) to our specific needs.”

- Paul Berry, Senior Project Manager, Martin Dawes Solutions


“On behalf of myself and colleagues, a sincere thank you for all your input helping us achieve certification to the ISO 27001 standard. Here we are, just 6 months after we started the project and the outcome has been described by the auditor as ‘a delight to audit’. Much of this has been down to the mentoring and coaching style IT Governance has used to steer us to our goal.”

- David Gilbert, Global Business Development Manager, Goal Group of Companies

Read our case studies to discover how we’ve helped organisations across the globe achieve compliance with management system standards.

View all case studies >>

Our credentials

IT Governance is widely recognised as a leading consultancy by certification bodies such as BSI, NQA, LRQA and DNV.

Speak to an expert

Please contact our NIS Regulations team today for more information on our products and services.