På Svenska

NIS directive

NIS directive

Increased demands on socially important functions

The NIS Directive entered into force in August 2018 and is intended to establish and maintain a high level of security in critical networks and information systems across the EU. The Directive requires selected operators to put security measures in place to manage risks and incidents in their IT infrastructure, and to report these to the relevant authorities.


What are the security requirements of NIS?


In order to determine the processes your organisation needs to carry out, you first need to be aware of which systems, integrations and data your IT environment contains. By mapping these, you can obtain an overview of your IT environment, which lays the foundation for your further work on risk analysis.

Risk analysis

Companies subject to the NIS Directive are obliged to carry out risk analyses. The aim of the risk analyses is to identify specific vuln­erabilities that the business may have and the threats and risks that the business faces. The analysis, which must be documented and updated annually, must also include an action plan.

Incident management

The NIS Directive explicitly requires all relevant organisations to have a well-developed incident management plan with clear incident and reporting procedures. It should include how an incident is assessed and classified, how it is handled and further reported.

Security in systems and installations

A fundamental requirement of the NIS Directive is to establish and maintain a high level of security in both systems and physical installations. By having experts penetration test your systems, you can identify security weaknesses before someone unauthorised does so, thereby reducing the risk of incidents.

Network monitoring

In order to manage and report incidents, you must first have the capacity to detect them. By monitoring traffic and behavioural patterns in mission-critical networks and system logs, anomalies can be identified quickly and, ideally, addressed before they become regular incidents.

International standards

By working with international standards that include required activities and processes, you can effectively ensure that large parts of your IT environment are prepared for the NIS Directive. One of the accepted frameworks is ISO 27001, which includes mapping, risk analysis, business continuity management and delivery management.

A few words from one of our clients

"Sentor performed sterling work, which made everyone in the organisation aware of GDPR and involved them in the process. Everyone was genuinely pleased when it felt like we were making progress and were on the right track."

Johan AnderssonCIO at Insplanet

Contact us

We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.