Skip to Main Content
Broaden your knowledge with FREE* training when you book selected March courses | Find out more 
NIS Regulations Gap Analysis

NIS Regulations Gap Analysis

SKU: 4970
Format: Consultancy

Get a true picture of how your current cyber security arrangements measure up against the requirements of the Network and Information Systems Regulations 2018 (NIS Regulations). Applicable to both DSP and OES.

Contact us for a quote

Call to order - xxx-xxx-xxxx


The NIS Regulations Gap Analysis is suitable for both operators of essential services (OES) and digital service providers (DSPs), and will assess your organisation’s current level of compliance against the NIS Regulations’ requirements, in line with the guidance issued:

  • For OES, the analysis will be based on the ‘indicators of good practice’ (IGPs) in the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC).
  • For DSPs, the analysis will be based on the security requirements outlined in the European Commission’s Implementing Regulation for DSPs, and ENISA’s “Technical Guidelines for the implementation of minimum security measures for Digital Service Providers”.

Download the full service description for more information >>

What your NIS Regulations gap analysis will deliver

A NIS Regulations specialist will interview key managers and individuals within your organisation to assess your current cyber security arrangements, as well as your existing policies and procedures to analyse and pinpoint any areas of non-compliance against the NIS Regulations’ requirements.

Our NIS Regulations gap analysis will provide you with an informed assessment of:

  • Gaps in your current cyber security arrangements against the requirements of the NIS Regulations;
  • The proposed scope of your NIS Regulations compliance project;
  • Internal resource requirements for successfully deploying a compliance project; and
  • A potential timeline for achieving compliance.

The gap analysis report includes:

  • An analysis of the overall state and maturity of your cyber security and resilience arrangements;
  • Specific details of the gaps between the requirements of the NIS Regulations and your current cyber security arrangements in accordance with either the CAF (for OES) or ENISA’s guidance (for DSPs;
  • An action plan that outlines and indicates the level of internal management effort required to implement and maintain a compliance project;
  • Recommendations for compliance solutions, including resource requirements and proposed timelines.

Download the full service description here >>

What makes a customised gap analysis more effective?

A gap analysis performed by one of our specialist consultants provides you with a high level of expert analysis and detailed insights that you would not receive by self-assessing against the requirements of the CAF or recommendations by ENISA.

With an in-person gap analysis, you will:

  • Have a clear idea of the proposed requirements for achieving compliance;
  • Be able to set informed and realistic project expectations based on the specific requirements of your organisation; and
  • Obtain detailed and customised information necessary to develop a strong business case for securing the necessary investment required for your compliance project.

Why choose IT Governance?

  • Our consultants are all experienced information/cyber security specialists, possessing detailed knowledge of global frameworks and standards such as ISO 27001, ISO 27035, ISO 22301 and ISO 27002
  • Our unique combination of technical expertise and solid track record in international management system standards means we can deliver a complete solution for NIS Regulations compliance and manage the project from start to finish.
  • We have managed hundreds of projects across all industries, including healthcare, energy, transport, water, defence and aerospace.
  • We have multi-disciplinary teams that can undertake rigorous penetration testing of your systems and networks, project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop a suitable risk mitigation strategy.
  • We deliver practical advice and work according to your budget and organisational needs.
  • We deliver the entire suite of consultancy, training, tests and tools needed for NIS Regulations compliance.
  • We are a CREST-approved penetration testing organisation and a Cyber Essentials certification body.
  • Our team of experts can attend your site to support your organisation during an audit by a competent authority. We are also available to conduct mock compliance inspections and audits.
  • We have led more than 600 ISO 27001 certification and implementation projects globally, making us a pioneer of ISO 27001, which is recommended as guidance by both ENISA and the NCSC.

Customer Reviews

This website uses cookies. View our cookie policy.