The Directive on security of network and information systems (NIS Directive) aims to achieve a high, common level of network and information systems security across the EU. This Directive was transposed into UK law as The Network and Information Systems Regulations 2018 (NIS Regulations) on 10 May 2018.
The NIS Regulations require OES (operators of essential services) and DSPs (digital service providers) to:
- Take appropriate technical and organisational measures to secure their network and information systems;
- Take into account the latest developments and consider the potential risks facing the systems;
- Take appropriate measures to prevent and minimise the impact of security incidents to ensure service continuity; and
- Notify the relevant competent authority of any security incident having a significant impact on service continuity without undue delay.
Get more help from ITGP’s guides:
This guide outlines the key requirements of the NIS Directive, details which DSPs are within scope and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance. It is a primer for any DSP that needs to comply with the Directive.
This guide outlines the Regulations’ key requirements, details exactly which DSPs are within scope and explains how the security objectives from ENISA’s Technical Guidelines and international standards can help DSPs achieve compliance.
This guide outlines the requirements for OES based on the Cyber Assessment Framework established by the NCSC (National Cyber Security Centre), including an explanation of the objectives, principles and indicators of good practice, and offers implementation guidance.
I have a pocket guide, but I need more help
Our NIS Regulations Documentation Toolkit is a complete set of policies, procedures and project tools to help you produce the documentation required to comply with the NIS Regulations.