ON Banner Security

Sécurité et confidentialité

Effective and audit-proof compliance software for the NIS 2 Directive

The NIS 2 Directive must be transposed into national law by October 17th, 2024. From October 18th, organizations based in an EU member state or operating within the European Union must be able to demonstrate that they are effectively strengthening their cybersecurity. This is accompanied by reporting obligations in the event of incidents, the inclusion of the supply chain, severe penalties and numerous cross-sectional disciplines from the areas of governance, risk management and compliance (GRC). GRC software provides you with optimal support in demonstrating your NIS 2 compliance.

 

OMNINET already supports customers in preparing for NIS 2 compliance.

NIS 2 coverage in the OMNITRACKER GRC Center

  • Risk-based approach
    (integrierted risk management)
  • Crisis and emergency management
    (business continuity management)
  • Asset management
    (identifying protection requirements and evaluation of asset dependencies)
  • Supplier-specific risks
    (risk-based supply chain management)
  • Initiating and documenting measures and controls
    (mandatory content of reports)
  • Optimally prepare and efficiently perform audits
  • Providing of a contact and reporting channel
  • Document filing in central document management
  • ISMS obligation for critical areas

Individual technical consulting on your NIS 2 compliance

Informations personnelles
Votre demande

The NIS 2 Directive has many thematic overlaps with other areas of governance, risk management and compliance. The OMNITRACKER GRC Center multistandard solution supports you by centrally managing all compliance, audit, risk management and documentation topics. This creates synergy effects and enables you to comply with the upcoming requirements of the NIS 2 Directive in an audit-proof and efficient manner.



Learn more about GRC Center

Background, obligations and sectors affected by the NIS 2 Directive

Background

The aim of the NIS 2 Directive (link to the official website of the EU) is to strengthen the cybersecurity of important and relevant organizations. The most important sectors for a functioning digital society and organizations above a certain size must therefore prove that they have effective, risk-based cyber protection when the respective national law comes into force (in Germany via NIS2UmsuCG). Overall responsibility lies with management, who must attend security-related training courses, among other things. Staff awareness must also be ensured. The estimated 30,000 organizations affected face sanctions if they fail to meet their obligations..

Obligations

In the event of an incident, this must be reported to a supervisory authority in an early warning, interim reports if necessary and a final report. These reports must contain information on which organizational areas are affected by the cybersecurity incident (asset management is useful), what measures have been taken and what measures can be used to prevent or mitigate similar incidents in the future.

Relevance

The NIS 2 Directive affects numerous industries and sectors, which are defined in two annexes. Medium-sized institutions with more than 50 employees and an annual turnover of more than 10 million but less than 50 million euros (or an annual balance sheet of no more than 43 million euros) that are listed in an industry in Annexes 1 or 2 must be prepared to implement the NIS 2 Directive from October 2024. The same applies to large companies with more than 250 employees and an annual turnover of more than 50 million euros or an annual balance sheet of more than 43 million euros.

Significant and important facilities will fall within the scope of NIS 2 regardless of turnover or number of employees.

In addition, smaller organizations may also fall under NIS 2 by order of the authorities, for example if they are part of the digital infrastructure, are DNS providers or offer critical services—public administration is also an exception here. Organizations previously classified as critical infrastructures are all affected by NIS 2.

Which category an institution falls into affects potential sanctions and supervision (reactive/proactive).

Annex 1: Sectors of high criticality

branchen Energie

Energy

branchen Logistik

Transport

branchen iso Finanzen v3

Banking

branchen iso Finanzinfrastruktur 01

Financial market infrastructures

branchen iso Gesundheit v2

Health

branchen iso V3 Wasser

Drinking water

branchen iso Abwasser 02

Waste water

branchen iso IT Unternehmen v3

Digital infrastructure

branchen iso Radio 02

ICT service management

branchen iso Behoerden v3

Public administration

branchen iso Weltraum 01 v3

Space

Annex 2: Other critical sectors

branchen iso Kurierdienste 01

Postal and courier services

branchen iso V3 Abfallentsorgung

Waste management

branchen iso Chemie 01 v2

Manufacture, production and distribution of chemicals

branchen iso Food 02 01

Production, processing and distribution of food

branchen iso Industrie v3

Manufacturing

branchen iso Digitale Services 01

Digital providers

branchen iso Forschung

Research

iPAd RISK 01

The tool for your NIS 2 compliance.
Test now for 30 days free of charge.

 

Free test version

GRC Center as a multistandard solution—a central tool for all management systems, risks and audits

With the GRC Center, you are not only prepared for the compliance requirements of the NIS 2 Directive, but also for auditing your ISMS (e.g. in accordance with ISO 27001), IMS, quality management system (ISO 9001) or numerous other (including upcoming) standards and regulations. The advantages of widespread compliance are obvious: risks and organizational units are maintained in a central location. An authorization and role concept is used to manage, document and continuously improve the management of risks, measures, controls, audits, contracts and emergency plans.

NIS 2-relevant features in the OMNITRACKER Governance, Risk and Compliance Center

  • Integrated risk management
  • Role concept for approvals and responsibilities
  • Multistandard capability (any compliance records bundled in one tool)
  • Document management (versioning, filing, approval, subscription function)
  • Supplier management (for outsourced NIS 2-relevant processes/services)
  • Establishment of an ISMS (certifiable in accordance with ISO 27001)
  • Central reporting channel
  • Compliance case management
  • Business continuity management (emergency management)
  • Measure and control management (including action plans)
  • Audit management (audit planning and execution)
  • Asset management (dependencies, categorization and evaluation)

OMNINET's realization know-how for compliance projects

As a digitalization partner, we are happy to prepare you for the new EU Directive, for example in the management areas of supplier, asset, crisis, audit, document and risk management as well as in the establishment of a reporting channel or in the structured, process-based clarification of responsibilities and competencies. We are happy to support you in all phases of project realization, from requirements analysis, implementation and technical consulting to go-live and the continuous maintenance and development of your system.

Start
Start

To ensure that the implementation runs smoothly, we are at your side as an experienced consulting partner. We know the tool in detail and have comprehensive expertise of all software implementation processes.

Anforderungsanalyse
Requirements analysis

In a workshop, we develop the individual requirements of your OMNITRACKER system together. Then, we systematically document the results in the OMNITRACKER Requirements Management Center

Planung
Planning and conception

We also take care of project management and controlling. Our standardized and field-tested process model is suitable for both agile and traditional project execution.

Customizing
Customizing

After defining the system and business processes, we implement your requirements quickly in OMNITRACKER. Complex and highly individual configurations are also possible.

Go live
Go-live

After an extensive and successful test phase—and final adjustments, if necessary—your OMNITRACKER installation is put into operation with our support.

Betrieb
Optimization and maintenance

After the go-live, we are glad to answer your question about ongoing operations, change requests or performance enhancements.

Please contact us for availability and open questions about the NIS 2 Directive.

 

Jump to form again

Good reasons for choosing OMNITRACKER

  • Certified manufacturer (ISO 27001 and ISO 9001, among others)

  • Extensive project experience

  • Technical consulting

  • Permanent contact persons

  • Trainings (product courses)

  • Inhouse development in Germany

  • Process automation

  • AI-ready applications

  • Release compability

  • Low-code customizing

  • Central database systems

  • Analytics features