The NIS 2 Directive came into force in 2023 and is intended to further strengthen the cyber security of the European Union and the nation states. It must be transposed into German law by October 17, 2024.
For around 30,000 affected companies in Germany, the legal security obligations will thus increase significantly. Whether SMEs (small and medium-sized enterprises) or large companies, anyone who meets the defined criteria for “particularly important facilities” or “important facilities” must implement the requirements of NIS2. The criteria for SMEs start at 50 employees and a turnover/balance sheet total of €10 million.
The implementation of NIS2 basically means that an ISMS for information security with all relevant core processes in the PDCA cycle must be demonstrated. Internationally operating companies must take into account the specific requirements of the individual EU member states. NIS2 will vary from country to country.
There is no room for interpretation or action for companies that have to implement NIS2. Failure to comply could result in severe penalties starting at €7 million or 1.4% of total turnover.
We would be happy to work with you to implement an ISMS for NIS2 that meets your requirements. Together, we will create the necessary and relevant processes. Rely on professional support right from the start. The incorrect and subjective interpretation of requirements often leads to considerable additional work or a waste of resources (time, money and personnel) and delays.
For us, professional, fast and effective means that we bring you the right preconfigured processes from a pool of around 4000 ISMS document templates/processes, which we then scale as a document landscape with you in an interactive process for your company to fulfill the requirements.
We also support you in adapting NIS2 to already implemented standards such as ISO 27001, BSI-Grundschutz, TISAX, PCI DSS, etc.