Meeting the business continuity requirements of the NIS2 Directive with Critical Event Management
The Directive (EU) 2022/2555 of the European Parliament and of the Council – also known as the NIS2 Directive (Network and Information Systems Directive) – is a regulatory framework designed to increase the level of cybersecurity of networks and information systems across the EU, and was announced in December 2022.
Among other requirements that highlight the importance of cybersecurity for organizations, the NIS2 Directive implies the need to have a proper risk management and crisis management to be in place. This is to ensure that, in the event of a cyberattack, an organization can continue its operations – minimizing potential disruption. For critical infrastructure in particular, uninterrupted operation is essential for the EU and national security. Therefore, the NIS2 Directive will cover not only any organization with more than 50 employees and more than €10 million in revenue but also industries that can be applied to critical infrastructure, such as energy, transportation, banking, healthcare, and public administration. For the full list of applicable industries, click here.
How this can be implemented exactly is described in Article 21 of the NIS2 Directive, outlining different cybersecurity risk management measures. These measures shall ensure the security of entities classified as essential and significant – especially critical infrastructure entities.
One of the measures is:
(c) business continuity, such as backup management and disaster recovery, and crisis management;
Utimaco helps you meet the crisis management requirements of NIS2 with a dedicated Critical Event Management system. Our CEM enables your organization to manage critical events and incidents from start to finish: The software allows you to define processes and automated responses to protect people and business assets in case of critical events. The built-in mass communication module supports multiple distribution channels to spread the necessary information in an instance.