Skip to Main Content
Learn for Less – Enhance your auditing expertise today. Certify with confidence and save 25%. Find out more
NIS Regulations Gap Analysis

NIS Regulations Gap Analysis

SKU: 4970
Format: Consultancy

Get a true picture of how your current cyber security arrangements measure up against the requirements of the Network and Information Systems Regulations 2018 (NIS Regulations). Applicable to both RDSP and OES.

  • Receive support from information security experts.
  • Identify what you need to do to meet your obligations under the law.
  • Get expert advice on the best way to close gaps and improve your security posture.
  • Protect your organisation from cyber criminals and build resilience.
  • This bespoke service can be tailored to your specific needs and budget.
For more information about this service or to get a tailored quote for your organisation, please enquire below and one of our experts will be in touch shortly.Enquire about this service
Description

The NIS Regulations Gap Analysis is designed to help operators of essential services (OES) and relevant digital service providers (RDSPs) meet their requirements under the Network and Information Systems (NIS) Regulations 2018 by identifying where they may have gaps and providing a clear roadmap for achieving compliance.

The NIS Regulations require OES to implement a range of measures to ensure the security of their networks and information systems. The National Cyber Security Centre (NCSC) has defined these measures in the Cyber Assessment Framework (CAF). Meanwhile, RDSPs are required to comply with the EU’s Commission Implementing Regulation 2018/151, which is addressed in the European Union Agency for Cybersecurity’s (ENISA). Compliance for RDSPs in the UK is normally assessed by the Information Commissioner’s Office (ICO). If you would prefer an audit against the Regulations’ requirements, please refer to our NIS Regulations Mock Audit service.

For more information about this service, please contact us on +44 (0)333 800 7000.


Benefits

  • Receive support from information security experts.
  • Identify what you need to do to meet your obligations under the law.
  • Get expert advice on the best way to close gaps and improve your security posture.
  • Protect your organisation from cyber criminals and build resilience.
  • This bespoke service can be tailored to your specific needs and budget.

Objectives

Your IT Governance consultant will aim to:

  • Identify your obligations as an OES under the NIS Regulations or as an RDSP under the Implementing Regulation;
  • Identify the competent authority’s interpretation of the CAF or ENISA’s technical guidance, as appropriate;
  • Determine the degree to which your organisation meets these obligations;
  • Assess the maturity of implementation, where relevant; and
  • Provide remediation advice to resolve gaps and best-practice guidance to improve maturity.

Methodology

A qualified consultant will work with you in person or remotely to undertake a detailed assessment to identify potential shortcomings in your current security routine. If your organisation is an OES, this will compare your security measures against the ‘indicators of good practice’ (IGPs) outlined by the NCSC’s CAF, and as interpreted by the competent authority for your industry. RSDPs will be assessed against the technical guidance provided by ENISA.

The consultant will also take into consideration any existing governance and security arrangements that may be in place and contribute to your security. Based on this assessment, the consultant will develop a prioritised action plan that your organisation can implement to meet your obligations and improve your security.


Your consultant’s report

The consultant’s report will identify where your organisation is failing to meet the NIS Regulations’ requirements and explain how those areas can be addressed. This will be supported by the action plan.

The report will also include an executive summary that sets out what the findings mean in business terms, as well as a more detailed explanation for those who will be remediating any issues.

The report will be delivered within ten working days of completing the assessment.

Download the full service description >>


Remediation support

Following your gap analysis, we can offer support with remediating issues and closing gaps to ensure compliance with the NIS Regulations. Your IT Governance consultant will work through each gap and help your organisation make the necessary changes. For OES, this will ensure that all IGPs are in place; for RDSPs, the consultant will ensure your organisation aligns with ENISA’s technical guidance. This would include developing policies and, where applicable, standard operating procedures. These will be based on your organisation’s specific requirements in relation to the NIS Regulations.

This is an additional service not included in the gap analysis by default, and will be scoped according to the results of the gap analysis to ensure that your organisation only pays for the support it needs.

Why choose IT Governance?

Why choose IT Governance?

  • Our consultants are all experienced information/cyber security specialists, possessing detailed knowledge of global frameworks and standards such as ISO 27001, ISO 27035, ISO 22301 and ISO 27002
  • Our unique combination of technical expertise and solid track record in international management system standards means we can deliver a complete solution for NIS Regulations compliance and manage the project from start to finish.
  • We have managed hundreds of projects across all industries, including healthcare, energy, transport, water, defence and aerospace.
  • We have multi-disciplinary teams that can undertake rigorous penetration testing of your systems and networks, project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop a suitable risk mitigation strategy.
  • We deliver practical advice and work according to your budget and organisational needs.
  • We deliver the entire suite of consultancy, training, tests and tools needed for NIS Regulations compliance.
  • We are a CREST-approved penetration testing organisation and a Cyber Essentials certification body.
  • Our team of experts can attend your site to support your organisation during an audit by a competent authority. We are also available to conduct mock compliance inspections and audits.
  • We have led more than 800 ISO 27001 certification and implementation projects globally, making us a pioneer of ISO 27001, which is recommended as guidance by both ENISA and the NCSC.

Customer Reviews

LEARN
FOR LESS
SAVE 25%
Loading...