As explained in an EU Parliament press release at the end of last week, European firms “supplying essential services […] will have to take action to improve their ability to withstand cyber-attacks under new rules approved by Internal Market MEPs on Thursday. These rules […] now need to be endorsed by the Council and the full Parliament.” (This is merely a formality, though: both the council and parliament have already expressed their support in principle.)
Once the Network and Information Security (NIS) Directive is passed, EU member states will have 21 months to add them to domestic legislation.
Andreas Schwab, the German member of the EPP group responsible for steering the NIS Directive through parliament, said: “A lot of services that citizens use, such as energy, transport and banking, are becoming more and more digitalised. And in all these areas they are heavily reliant on structures that they don’t see every day, but which ensure that the services work. If we make these structures safer and more resilient, this will directly benefit European citizens.”
Although the EU currently has no common approach to cyber security, legislators have been busy: with the enacting of the General Data Protection Regulation (GDPR) now also merely a formality, European organisations of all sorts – not just suppliers of “essential services” – will soon face a host of new information security obligations that they’d be wise to prepare for as soon as possible.
Easy implementation of information security best practice
The international standard for information security management, ISO 27001:2013, sets out the requirements of an information security management system (ISMS) – a holistic approach to information security that addresses all organisations’ people, processes and technology.
Independently audited certification to the Standard demonstrates to stakeholders, insurers, customers and staff that your organisation has implemented and is maintaining information security best practice.
Achieving certification to the Standard can be a complicated and time-consuming business, though. Organisations must provide documented evidence of their compliance with ISO 27001:2013, which in the case of larger or more complex organisations can mean that you need to create thousands of pages of documents. Needless to say, many consider the scale of this undertaking and find their hearts sinking. If you find yourself in this position, don’t worry: expert help is at hand.
Created by expert ISO 27001 practitioners and enhanced by ten years of customer feedback and continual improvement, our ISO 27001 Documentation Toolkit provides all of the information security management system (ISMS) documents you need in order to comply with ISO 27001, including 11 policies, 66 procedures, 24 work instructions and 36 records acceptable for your ISO 27001 certification audit, plus an Information Security Manual and additional guidance.
All document templates can be customised to suit your company’s needs with a single click.
Proven to help ISO 27001/ISO 27002 compliance projects in thousands of organisations worldwide, the ISO 27001 ISMS Documentation Toolkit is fully integrable with the risk assessment software vsRisk and is available for immediate download, with 12 months’ support.
It takes time to implement organisational change. In about two years’ time the NIS Directive and GDPR will be enforced. You need to make sure your information security posture follows international best practice now.