Negotiations to finalise the Network and Information Security (NIS) Directive – a new law to improve cyber security across the EU, which is set to be implemented alongside the General Data Protection Regulation (GDPR) – have been stuck for some time. One of the major sticking points has been the Directive’s applicability.
Members of the European Parliament only wanted the NIS Directive to cover critical infrastructure, but the EU Commission thought the Directive should have a wider scope and cover relevant Internet services.
Reuters now reports that a new paper from current EU president Luxembourg shows that an agreement has been reached and “digital platforms will now fall under the law’s remit”.
According to Reuters, “A cloud computing provider or any other digital firm providing a service for an infrastructure operator would be subject to the same rules applying to that operator” and “also be subject to notification requirements in cases of security breaches”. Details are yet to be finalised, but member states have been invited “to express their preferences at a meeting in September, after which drafting of a full legal text will start.”
Compliance through best-practice information security
Although the new laws’ details have still not been finalised, EU organisations that need to comply with the NIS Directive and GDPR can take advantage of the broad approach to information security provided by the international standard for information security management, ISO 27001. Implementing an ISO 27001-compliant information security management system (ISMS) is the sensible route to legal compliance and fulfilling various information security obligations the world over.
As the global head of data protection and cyber security at PwC, Stewart Room, said of the GDPR in February, “The real challenge for businesses is how to use the time that is currently available to them to make the best possible adjustments to their systems and operations for data protection … Sensible businesses will be planning now. Neglecting the planning and adjustments simply on the basis that the pathway of the law is ‘uncertain’ is a not an intelligent choice.”
The same is true of the NIS Directive: an ISO 27001-compliant ISMS provides a risk-based approach to data security that can be applied throughout the supply chain. Once your ISMS has been certified to the Standard you can insist that third-party contractors and suppliers also achieve certification. In addition to this, the external validation offered by ISO 27001 certification is likely to improve your organisation’s cyber security posture while providing a higher level of confidence to customers and stakeholders – essential for securing certain global and government contracts – as well as allowing you to meet legal and regulatory obligations.
Live Online ISO 27001 training courses
IT Governance’s Live Online ISO 27001 training courses are based on our successful classroom courses, bringing unique, interactive tuition from ISO 27001 experts to the comfort of your home or office, with none of the costs traditionally associated with classroom learning such as travel and accommodation. Each course includes an exam accredited by IBITGQ, giving you the opportunity to gain globally accepted qualifications.
Created by leading ISO 27001 experts Alan Calder and Steve Watkins, the ISO27001 Certified ISMS Foundation Live Online Training Course introduces the benefits of ISO 27001 certification and outlines the key elements of an information security management system (ISMS). Click for more details >>
Using a combination of formal training, practical exercises and relevant case studies, this unique training programme – the most comprehensive ISO 27001 Lead Implementer course available – enables professionals anywhere in the world to develop the skills required to achieve ISO 27001 compliance for their organisation. Click for more details >>
Using their extensive professional experience of the Standard, and a combination of formal training, practical exercises and relevant case studies, our expert tutors will outline the theory and practice of an effective ISO 27001 audit, preparing you for the included IBITGQ Certified ISMS Lead Auditor (CIS LA) examination in four-and-a-half days. Click for more details >>