Share on email
Share on linkedin
Share on facebook
Share on whatsapp
Share on twitter
By Steen Lindebjerg
February 26, 2024
By Steen Lindebjerg
February 26, 2024
Regulatory compliance is a constant challenge for life science companies around the world. In this Insight, we dive into the EU’s second Network and Information Security Directive (NIS2 Directive). Keep reading for a high-level summary of the legislation and next steps for ensuring compliance.
The NIS2 Directive is a cybersecurity directive. It is a continuation and expansion of the EU’s previous Network and Information Security Directive (NIS). Through in-depth stakeholder collaboration, the EU identified four key deficiencies with NIS:
Management
It is necessary for management to be aware of and understand the requirements of the directive and risk management efforts. Members of management now hold direct responsibility to identify and address cyber risks to comply with NIS2 requirements.
Risk Management
To meet the new requirements, organizations must implement measures to minimize risks and consequences. This includes incident management, improved supply chain security, network security, vulnerability handling and disclosure, access control, and encryption.
Reporting to the authorities
Organizations need to have established processes for ensuring proper reporting to authorities. There are requirements, for example, that major incidents should be reported within 24 hours.
Business Continuity
Organizations must consider how to ensure business continuity in the event of major cyber incidents. This includes, for example, system recovery, emergency procedures, and establishment of a crisis response team.
The following five points represent high level milestones to achieve to ensure and maintain compliance.
Figure 1. A non-exhaustive illustration of some of the governance, risk management, policies, procedures, vendor security measures, incident handling, and training required to ensure NIS2 compliance.
We have experience helping customers identify and close compliance gaps for a range of cybersecurity & data privacy regulations, including NIS2, GDPR, and more. Our consultants can provide tailor made support to help you ensure compliance. We also offer NIS2 & Cybersecurity Training at the Pharma IT Academy.
You can contact our team directly by clicking the button below.
Steen Lindebjerg is a Principal Consultant with more than 20 years’ experience within the IT compliance area, working in both the pharmaceutical industry and finance sector. He is highly specialized in Data Privacy and IT-Security. He has performed leading roles, such as a Data Protection Officer (DPO), Auditor, Compliance Lead on projects and in operation, as well Project Manager and Validation Lead on application implementation. Steen holds privacy professional (CIPP/E), ISO 27001 Lead Implementor, Scrum Master and ITIL certifications.