Get expert assistance with cost-effective implementation
and maintenance of your NISD compliance.
We model the mandatory NISD regulatory requirements against the controls that you already have in place,
making compliance as simple, cost-effective, sustainable and hassle-free as possible.
What is the NIS Directive?
The Network Information Systems Directive (NISD) establishes a baseline level of security requirements for network and information systems to ensure the continuity of essential services. It was adopted as UK law and implemented on the 10th May 2018.
What are the risks of non-compliance?
The risks of non-compliance can be both financial and reputational:
In the UK, non-compliant organisations may be fined up to £17 million. The potential penalty may vary between sectors and be assessed by the Competent Authority to each assigned Operator of Essential Services.
The reputational risks associated with any operational disruption—due to full or partial non-compliance—could be significant.
The risk of collective ‘Class A’ legal action from users affected by service disruption is likely to grow; matching the comparable growth from GDPR legislation.
For organisations approaching NISD thresholds, last minute or hasty implementation of NISD-compliant controls could be expensive, unnecessarily disruptive and more likely to be implemented in a manner that creates unnecessary operational inhibitors.
What security objectives need to be implemented?
Current information security objectives defined by NCSC that need to be met by Operators of Essential Services:
Managing security risk
Appropriate organisation structures, policies, and processes are in place to understand, assess and systematically manage security risks
Protecting against cyber attack
Proportionate security measures are in place to protect services and systems from cyber attack
Detecting cyber security events
Capabilities to ensure security defences remain effective and to detect cyber security
Minimising the impact of cyber security incidents
Capabilities to minimise the impact of a cyber security incident and restoration of services, including notification of any incidents to the relevant Competent Authority
NISD doesn’t require reinvention of your current security systems.
Identify which of these objectives are already being met through,
apply the relevant
NISD principles and controls, adjust and close any remaining gaps.
Do not believe that an NISD Compliance Framework must be a separate process.
Who does the NIS Directive apply to?
Who does the NIS Directive apply to?
Initially, it applies to those Operators of Essential Services, listed below, whose services are increasingly dependent upon critical technologies. If these technologies are disrupted, then public services will suffer as a result. There is a different operational capacity threshold for each sector – organisations above this threshold must adhere to NISD principles and it is recommended that operators below the threshold should also aim for compliance.
It is important to note that affected sectors may be widened, and/or the current thresholds may be adjusted in the NCSC’s first review of the criteria in 2021.
How we help you reach NISD compliance
A Maturity Model will clearly identify any existing non-conformities in your NISD compliance against the measures set by the respective Competent Authority. PGI will then work with you to close the gaps with as little operational impact as possible.
Our consultants work on-site with your team to review how your existing current security posture and controls align to the principles outlined in the Cyber Assessment Framework developed by each Sector’s competent authority.
From this assessment, our consultants produce a report that depicts, verbally and graphically, the areas where compliance already exists and those areas where it doesn’t (including the measurable shortfall to non-compliance).
We will recommend measures needed to close the gaps. This will help your organisation to clearly prioritise investment to achieve overall compliance.
Once your NISD maturity levels have been identified and a compliance road map has been set, our consultants can either support your business to achieve compliance or where a client wishes to implement them using internal resources simply return to do a subsequent model.
Because the scope of your implementation plan is based on your current security posture, you will only be spending time, resource and money on the controls that need adjusting or re-evaluating for NISD purposes.
Importantly, implementing the NIS regulatory requirements correctly should not disrupt your operations.
Product and pricing
At the heart of addressing the demands of NIS Directive, we believe many of the controls you have in place will already form the foundation of your organisation’s compliance. Our consultants will undertake an in-depth review to identify the remaining gaps and provide a road map for achieving full compliance; where necessary working in partnership with you to implement all requirements.
Onsite analysis and review by experienced practitioners
Detailed report findings and remediation activities
High level executive overview
|Enquire to find out more|
Why choose PGI’s Maturity Modelling services?
Every business is different. Different size, scope, complexity, structure, sector and level of security needed that is appropriate to your level of risk.
We take a bespoke approach to our Maturity Modelling, specifically aligning it to your respective sector’s NISD Assessment Framework. We will gain a full understanding of all aspects of the business we are working with and what you already have in place. This allows us to recommend the most pragmatic and cost-effective route to achieving compliance.
It doesn’t have to be complicated, nor operationally disruptive.
Since 2013, we have successfully supported large critical service providers within transport, energy, health, water and digital infrastructure to identify and implement practical, cost effective information and cyber security solutions.
Products & Resources
The Community of Interest Network
The NIS Directive Community of Interest Network (COIN) is a platform to enable Operators of Essential Services to share knowledge and best practice.Find out more
We recommend the below articles for further reading:
NISD Guidance – NCSC The Network and Information
Systems Regulations 2018 What is the NISD?