This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

NIS Directive Consultancy

The EU Directive on Security of Network and Information Systems (NIS Directive) requires operators of essential services and digital service providers to implement “appropriate and proportionate technical and organisational measures” to manage the risks posed to the security of the network and information systems they use in their operations.

IT Governance can help you implement and maintain the measures you need to ensure the security and continuity of your systems, in compliance with the new law.

Speak to an expert


How we can help you comply with the NIS Directive

Operators of essential services and digital service providers can demonstrate that they have applied the measures required by the Directive by implementing an organisational cyber resilience programme that combines information security and business continuity best practice.

Article 19 of the Directive states that member states should “encourage the use of European or internationally accepted standards and specifications relevant to the security of network and information systems”.

An integrated management system based on international standards

There are two relevant international standards that we recommend: ISO/IEC 27001:2013, the international standard for an information security management system (ISMS), and ISO 22301:2012, the international standard for a business continuity management system (BCMS).

An integrated management system (IMS) based on these two best-practice standards will protect your networks and information systems from the majority of threats, and help you recover quickly and efficiently if and when an incident occurs.

Drawing on our unique blend of practical information security know-how and proven management system consultancy expertise, our team will help you implement an IMS that combines the best of ISO 27001 and ISO 22301.


ISO 27001

An ISO 27001-compliant ISMS addresses information security risks in all forms, and encompasses people, processes and technology, in line with the Directive’s requirement for a “culture of risk management, involving risk assessment and the implementation of security measures appropriate to the risks faced”.

Better still, ISO 27001 is the only relevant international standard against which organisations can achieve independently audited certification, which will demonstrate that you have taken the “appropriate and proportionate technical and organisational measures to manage the risks posed to the information systems” you use in your operations.

Download our ISO 27001 consultancy brochure >>

Find out about our ISO 27001 consultancy services >>


ISO 22301

The NIS Directive’s incident reporting requirements are not limited to cyber security incidents, but include any incident that affects the security of network and information systems, including physical events.

A BCMS that conforms to ISO 22301 provides a well-defined incident response structure that ensures that when an incident occurs, responses are escalated in a timely manner and the right people take the right actions to respond effectively.

An important aspect of ISO 22301 is the need to plan to return to business as usual after an incident.

Find out about our ISO 22301 consultancy services >>


Penetration testing

Many cyber attacks could easily be prevented by keeping software and systems up to date. Vulnerabilities are discovered and exploited all the time by opportunistic criminal hackers who use automated scans to identify targets. Making sure you close these security gaps and fix vulnerabilities as soon as they become known is essential to keeping your networks and information systems safe and secure.

Regular penetration testing is the most effective way of identifying exploitable vulnerabilities in your infrastructure, allowing appropriate mitigation to be applied.

Find out about our CREST-accredited penetration testing services >>


Why use IT Governance for your NIS Directive compliance needs?

We offer a hassle-free service and transparent pricing.


Our methodology and tools have been honed over 15 years.


We support independently accredited certification – you can use the certification body you want.


Our team led the world’s first successful certification to BS 7799, the forerunner of ISO 27001.


Our implementation approach and methodology is pragmatic, proven and straightforward.


You receive crucial input to help you develop a business case, allowing you to secure the necessary information security investment.


You receive a 100% guarantee of successful certification.



How we’ve helped companies just like yours implement best-practice management systems

Read our case studies to discover how we’ve helped organisations across the globe achieve compliance with management system standards..

View all case studies >>


Some of our clients

We’ve helped hundreds of organisations across many different industries and sectors improve their information security and business continuity practices.


What our clients say

“Having IT Governance on hand to guide our swift adoption of the ISO 27001 standard and provide ongoing expert support has been invaluable. They really understood the needs of a technology enterprise like ours.”

- Paul Green, Wirefast


“I would have no hesitation in recommending IT Governance to others. The main advantage was their flexibility. IT Governance tailored their services, (whether it be training or consultancy) to our specific needs.”

- Paul Berry, Senior Project Manager, Martin Dawes Solutions


“On behalf of myself and colleagues, a sincere thank you for all your input helping us achieve certification to the ISO 27001 standard. Here we are, just 6 months after we started the project and the outcome has been described by the auditor as ‘a delight to audit’. Much of this has been down to the mentoring and coaching style IT Governance has used to steer us to our goal.”

- David Gilbert, Global Business Development Manager at Goal Group of Companies


For more client testimonials and details of projects we’ve undertaken, please see our consultancy case studies page >>


Our credentials

IT Governance is widely recognised as a leading consultancy by certification bodies such as BSI, NQA, LRQA and DNV.


Deep technical expertise. Business-focused results.

We combine deep technical expertise and ISO 27001 best practice with a practical understanding of the realities of running a business. We’ll help you transform your information security by working closely with you to achieve your goals. Download our ISO 27001 consultancy brochure here >>


Let’s work together to get things moving

Whatever the nature or size of your problem, we are here to help. Click the button below to request a call and one of our experts will get in touch as soon as possible.


Speak to an expert

Please contact us for further information or to speak to an expert.

Contact us