Get a first impression on how compliant you are with NIS2.
Get a first impression on how compliant you are with NIS2.
If you do not wish to use the scan, please leave the field below empty.
Do the management bodies This overarching term refers to the various organizational governance entities, including holding companies or executive departments. According to Article 29, §6, the responsible persons ensure compliance with the provisions of the NIS2 Directive. These persons are authorized to take security measures, must undergo training, and may be held personally liable if they fail to meet these obligations. receive training that enables them to acquire sufficient knowledge and skills to recognize cybersecurity risks and assess their impact on the services provided by the organization?
Do you periodically By "periodic" it is meant: at least once a year and when a cybersecurity incident has occurred, changes have taken place in the business environment, or changes have been made to the IT infrastructure. conduct a risk analysis regarding cybersecurity and subsequently take/adapt measures based on the results to improve security?
Does your organization have a procedure in place to appropriately By "appropriate," it is meant that the response to an incident should be in line with the severity and nature of that incident. follow up on cybersecurity incidents?
Does your organization have policies, procedures, and measures in place to ensure the continuity of your organization in the event of unforeseen circumstances or disasters? This includes: backup management, emergency provisions, business continuity plans, and incident response plans.
Do you have visibility into the state and level of cybersecurity of your suppliers and service providers and actively By "actively" it is meant that you evaluate and keep track of the state of your suppliers and service providers, for example through periodic audits or assessments, requesting reports on cybersecurity and incidents, and monitoring security measures and performance. keep track of this?
Is cybersecurity structurally By "structurally" it is meant that cybersecurity is not just a one-time action, but is part of the standard way of working and embedded in all processes related to the acquisition, development, and maintenance of network and information systems. For example, are security risks already taken into account during the design, construction, and/or acquisition of systems? embedded in the acquisition, development, and maintenance of network and information systems?
Based on the domain name you provided, we have found the subdomains listed in the table below. Are you aware of all these domain names?
| Found domains | ||
|---|---|---|
| You have not (yet) entered a domain name | ||
Does your organization have procedures for identifying and addressing vulnerabilities A "vulnerability" is a weakness in an asset (such as a computer, network, or other system) or security measure that can be exploited by one or more threats (such as a hacker).?
Does your organization regularly By "regularly" it is meant, for example, annually, quarterly or monthly, and after a cybersecurity incident has occurred, changes have taken place in the business environment, or changes have been made to the IT infrastructure. It is important to adjust the frequency of evaluation to the risks your organization faces and the speed at which threats are developing. evaluate whether the cybersecurity measures taken are effective By "effective" it is meant that the cybersecurity measures are not only designed and implemented (design and existence), but that they also actually provide the intended protection (operation). The control measures taken must be accurate in their detection and prevention methods (accuracy), as well as cover all relevant risks and vulnerabilities (completeness). ?
Does your organization have an appropriate By "appropriate" it is meant that the policy is up-to-date, regularly evaluated, and proportionate to the risks your organization faces. For example, if your organization works with sensitive information, the policy regarding cryptography and encryption must also comply with the standards for protecting the information processed within the organization. policy regarding cryptography "Cryptography" is the science of encrypting data and communication to secure them against unauthorized access or misuse. and encryption "Encryption" is a technique within cryptography in which readable data is converted into an unreadable form (a code) to ensure confidentiality. ?
Does your organization have procedures for managing user access and resources? This includes: physical & logical access policy, asset overview, onboarding, movement, and offboarding procedures.
Is multifactor authentication Multifactor authentication (MFA) is a security method used to verify that a user is who they claim to be. Instead of using only a username and password, MFA requires at least two different forms of authentication. For example, in addition to a password, a card must be used or a confirmation code sent to the mobile phone must be entered. applied where possible?
Does the organization have an appropriate By "appropriate" it is meant that the procedure is up-to-date and regularly evaluated to ensure that it is still effective in reporting cyber incidents to regulators within the prescribed timeframes. Additionally, the procedure must be clear and understandable to all employees responsible for reporting cyber incidents. Are you aware of who the regulator is? procedure to report cyber incidents to regulators within prescribed timeframes The following timeframes are set for reporting cyber incidents to the supervisory authority: Within 24 hours: An early warning & initial suspicions regarding the type of incident; Within 72 hours: A complete notification report with the assessment of the incident, its severity and impact, and danger indicators; Upon request: An interim report; Within 1 month: A final report. Additionally, you must also notify your customers of incidents that are likely to have a negative impact on the services provided. ?
Excellent! Based on the answers you provided, your organization appears to meet the requirements of the new NIS2 regulations. It's great to see that you prioritize digital security in your organization. It's a solid foundation for resilience against digital threats.
The NIS2 (Network and Information Security) guidelines were created to help organizations effectively address the increasing threats of cyberattacks and improve digital security in Europe. It is crucial to protect your organization and the entire digital infrastructure.
Even if your organization appears to be on track with NIS2 guidelines, it's important to realize that digital threats are constantly evolving. It's not enough to just maintain the status quo; you must continue to improve. If you need help with this or want to go deeper into NIS2, feel free to fill out our contact form. Our experts are ready to assist you.
Do you have any questions, want more information, or need support? Fill out the form below with your contact information so that we can get in touch with you and provide you with relevant updates and advice regarding NIS2.
Unfortunately, it appears that your organization is not yet fully compliant with the NIS2 guidelines. It is not only important from a legal perspective to assess your organization against the NIS2 guidelines, but also to strengthen your organization's digital security. Don't worry, you still have time to implement these changes. Although the NIS2 legislation will be introduced soon, we are still in a transition phase. The earlier you start to make your organization more secure in accordance with the NIS2 guidelines, the better prepared you will be when the legislation comes into effect.
Based on your completed responses, we identified the following areas of concern:
Click on the button below to receive a summary and our advice how to become compliant via email.
The NIS2 (Network and Information Security) guidelines were created to help organizations effectively address the increasing threats of cyberattacks and improve digital security in Europe. It is crucial to protect your organization and the entire digital infrastructure.
Although the result may be disappointing, it provides a valuable opportunity to review, improve, and strengthen your security measures. we understand how important it is to take a proactive approach to your security strategy. Our dedicated team is ready to guide you in developing an effective security approach that meets NIS2 requirements.
© XLS Global 2024 . All rights reserved. Privacy policy Disclaimer: The information on this website is for informational purposes only. Both the website content and the results of the scan are indicative and based on the information provided and the publication of the NIS2 guidelines of December 14, 2022. They are not intended to replace a professional assessment.