NIS Law Audit

NIS Law Audit

NIS Law Audit

The European Union obliges organizations that provide essential services to the population to ensure their cyber security and to work with state authorities to ensure a coordinated response in the event of cyber attacks.

EU Directive 2016/1148 on the security of networks and information systems (NIS directive), implemented in Romania by Law no. 362/2018 (NIS law), provides for new cyber security requirements to be implemented. This directive has a strong impact on non-compliant organizations as fines can reach up to 5% of turnover, according to Law no. 362/2018 on ensuring a high common level of security of networks and information systems, which transposes the provisions of NIS .

NIS (Network and Information Security) aims to protect critical and digital infrastructures to ensure the functioning of systems that are fundamental to society and to establish measures to achieve a high common level of security, taking into account the associated risks. Last but not least, through the measures imposed, like any European directive, NIS aims to protect EU citizens against the cyber risks that could be affected by the delayed or faulty delivery of essential services.

Unlike the GDPR, NIS addresses a specific audience:

  • Essential Services Operators (ESOs) : public / private entities in the following sectors of activity: energy, transport, banking, financial market infrastructure, health, drinking water supply and distribution) and
  • Digital Service Providers (DSP) : online markets, online search engines, and cloud computing services.

Certinspect Register is one of the first companies certified to perform cybersecurity audits under the NIS law. During the audits, aspects such as cyber security management, protection of networks and computer systems, cyber defense and resilience of essential services are verified.

For a personalized offer, please contact us.