Suitable for DSPs, the NIS Directive Gap Analysis will assess your organization’s current level of compliance against the Directives’ requirements in line with the security requirements outlined in the European Commission’s Implementation Regulation for DSPs, and ENISA’s “Technical Guidelines for the implementation of minimum security measures for Digital Service Providers”.
Download the full service description here
What your NIS Directive Gap Analysis will deliver
An NIS Directive specialist will interview key managers and individuals within your organization to assess your current cybersecurity arrangements, as well as your existing policies and procedures to analyze and pinpoint any areas of non-compliance against the NIS Directives’ requirements.
You will receive an informed assessment of:
- Gaps in your current cybersecurity arrangements against the requirements of the NIS Directive
- The proposed scope of your NIS Directive compliance project
- Internal resource requirements for successfully deploying a compliance project
- A recommended timeline for achieving compliance
The gap analysis report includes:
- An analysis of the overall state and maturity of your cybersecurity and resilience arrangements
- Specific details of the gaps between the requirements of the NIS Directive and your current cybersecurity arrangements in accordance with the Implementing Regulation and ENISA’s Technical Guidelines
- An action plan that outlines and indicates the level of internal management effort required to implement and maintain a compliance project
- Recommendations for compliance solutions, including resource requirements and proposed timelines
Download the full service description here
What makes a customized gap analysis more effective?
A gap analysis performed by one of our specialist consultants provides you with a high level of expert analysis and detailed insights that you would not receive by self-assessing against the Implementing Regulation and recommendations by ENISA.
With a personalized gap analysis, you will:
- Have a clear idea of the proposed requirements for achieving compliance
- Be able to set informed and realistic project expectations based on the specific requirements of your organization
- Obtain detailed and customized information necessary to develop a strong business case for securing the investment required for your compliance project
Why choose IT Governance?
- Our consultants are all experienced information/cybersecurity specialists, possessing detailed knowledge of global frameworks and standards such as ISO 27001 and ISO 22301
- Our unique combination of technical expertise and solid track record in international management system standards means we can deliver a complete solution for NIS Directive compliance and manage the project from start to finish
- We have managed hundreds of projects across all industries, including health care, energy, transport, water, defense, and aerospace
- We have multi-disciplinary teams that can undertake rigorous penetration testing of your systems and networks, project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop a suitable risk mitigation strategy
- We deliver practical advice and work according to your budget and organizational needs
- We deliver the entire suite of consultancy, training, tests, and tools needed for NIS Directive compliance
- We are a CREST-approved penetration testing organization and a Cyber Essentials certification body
- Our team of experts can attend your site to support your organization during an audit by a competent authority. We are also available to conduct mock compliance inspections and audits
- We have led more than 600 ISO 27001 certification and implementation projects globally, making us a pioneer of ISO 27001, which is recommended as guidance by ENISA
