Skip to Main Content
This website uses cookies. View our cookie policy
Close
0
United Kingdom
Select regional store:
Please enter more than 3 characters
Will you survive a cyber attack? Conquer cyber risks by mapping your path to cyber resilience. Take the self-assessment >>
NIS Directive > NIS Regulations Gap Analysis
NIS Regulations Gap Analysis

NIS Regulations Gap Analysis

SKU: 4970
Format: Consultancy
(0 reviews)

Get a true picture of how your current cyber security arrangements measure up against the requirements of the Network and Information Systems Regulations 2018 (NIS Regulations). Applicable to both DSP and OES.

For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service
Description

NIS Regulations Gap Analysis

The NIS Regulations Gap Analysis is suitable for both operators of essential services (OES) and digital service providers (DSPs), and will assess your organisation’s current level of compliance against the NIS Regulations’ requirements, in line with the guidance issued:

  • For OES, the analysis will be based on the ‘indicators of good practice’ (IGPs) in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC).
  • For DSPs, the analysis will be based on the security requirements outlined in the European Commission’s Implementing Regulation for DSPs, and ENISA’s “Technical Guidelines for the implementation of minimum security measures for Digital Service Providers”.

What your NIS Regulations gap analysis will deliver

A NIS Regulations specialist will interview key managers and individuals within your organisation to assess your current cyber security arrangements, as well as your existing policies and procedures to analyse and pinpoint any areas of non-compliance against the NIS Regulations’ requirements.

Our NIS Regulations gap analysis will provide you with an informed assessment of:

  • Gaps in your current cyber security arrangements against the requirements of the NIS Regulations;
  • The proposed scope of your NIS Regulations compliance project;
  • Internal resource requirements for successfully deploying a compliance project; and
  • A potential timeline for achieving compliance

The gap analysis report includes:

  • An analysis of the overall state and maturity of your cyber security and resilience arrangements;
  • Specific details of the gaps between the requirements of the NIS Regulations and your current cyber security arrangements in accordance with either the CAF (for OES) or ENISA’s guidance (for DSPs;
  • An action plan that outlines and indicates the level of internal management effort required to implement and maintain a compliance project;
  • Recommendations for compliance solutions, including resource requirements and proposed timelines.

Download the full service description >>

What makes a customised gap analysis more effective?

A gap analysis performed by one of our specialist consultants provides you with a high level of expert analysis and detailed insights that you would not receive by self-assessing against the requirements of the CAF or recommendations by ENISA.

With an in-person gap analysis, you will:

  • Have a clear idea of the proposed requirements for achieving compliance;
  • Be able to set informed and realistic project expectations based on the specific requirements of your organisation; and
  • Obtain detailed and customised information necessary to develop a strong business case for securing the necessary investment required for your compliance project.
Why choose IT Governance?

Why choose IT Governance?

  • Our consultants are all experienced information/cyber security specialists, possessing detailed knowledge of global frameworks and standards such as ISO 27001, ISO 27035, ISO 22301 and ISO 27002
  • Our unique combination of technical expertise and solid track record in international management system standards means we can deliver a complete solution for NIS Regulations compliance and manage the project from start to finish.
  • We have managed hundreds of projects across all industries, including healthcare, energy, transport, water, defence and aerospace.
  • We have multi-disciplinary teams that can undertake rigorous penetration testing of your systems and networks, project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop a suitable risk mitigation strategy.
  • We deliver practical advice and work according to your budget and organisational needs.
  • We deliver the entire suite of consultancy, training, tests and tools needed for NIS Regulations compliance.
  • We are a CREST-approved penetration testing organisation and a Cyber Essentials certification body.
  • Our team of experts can attend your site to support your organisation during an audit by a competent authority. We are also available to conduct mock compliance inspections and audits.
  • We have led more than 600 ISO 27001 certification and implementation projects globally, making us a pioneer of ISO 27001, which is recommended as guidance by both ENISA and the NCSC.

Customer Reviews

(0.00)stars out of 5
# of Ratings: 0
(Only registered customers can rate)

You may also be interested in

NIS Regulations Documentation Toolkit
NIS Regulations Documentation Toolkit
Network and Information System (NIS) Regulations - A pocket guide for operators of essential services
Network and Information System (NIS) Regulations - A pocket guide for operators of essential services
Network and Information System (NIS) Regulations - A pocket guide for digital service providers
Network and Information System (NIS) Regulations - A pocket guide for digital service providers
Gain confidence in passing compliance audits from the relevant competent authority, and maintain your organisation’s ability to effectively respond to and recover from disruptive incidents.
NIS Regulations (NIS Directive) mock audit
Loading...