BLOG

Practical steps and advice on the road to NIS2

March 20, 2025
Stephan Brinkhuis

All the services needed to get your organization ready for NIS2

In this blog, we share the practical steps and measures you can implement now to meet the requirements of NIS2 while improving your organization's security and resilience.

What specifically do I need to do as an organization right now to be prepared for NIS2?

The Cyber Security Law in the Netherlands (NIS2) is a national elaboration of the European Network and Information Security Directive (NIS2), adopted in 2022. This directive aims to strengthen the digital resilience of EU member states. The Netherlands is now translating these rules into the Cyber Security Act, which is expected to take effect in the third quarter of 2025.

Over NIS2

1) Conducting a risk analysis

One of the first steps toward NIS2 compliance is to conduct a risk analysis. This process helps you identify key risks to your assets and allows you to prioritize. Which assets and processes are most vulnerable? Which threats could have the most impact on your organization?

2) Strengthen security at the staff level

One of the most important weak links in an organization's security is often its staff. Under NIS2, you need to ensure that your employees are properly informed and trained in cyber security. Consider regular training on phishing, password management and recognizing cyber threats. Furthermore, it is crucial to establish clear guidelines for the use of personal devices and the safe handling of company information.

3) Access and Asset management

Managing access and assets is critical to NIS2 compliance. Before you can make access transparent, you need to take the reigns in asset management. Once you have this mapped out, make sure you have visibility into who has access to what systems and data, and implement a policy for managing user rights. For effective implementation, it is important to regularly audit access points and promote the use of MFA (Multi-Factor Authentication) for sensitive access.

4) Business continuity and incident response

It is important to have a business continuity plan that takes into account not only potential cyber incidents, but also their impact on your business operations. NIS2 requires organizations to create incident response plans that go into effect as soon as a cyber incident occurs. Make sure your plan is not only procedural, but also includes tests and exercises to regularly monitor the plan's effectiveness.

5) Cyber Hygiene

Regular cyber hygiene is a simple but often overlooked measure that organizations can take to protect their network and systems. This includes keeping software up-to-date, patches, and vulnerability monitoring. Make sure there is a clear policy for applying patches and updates so that vulnerabilities are not exploited by malicious parties.

6) Network and information systems policies.

A clear and well-defined policy for network and information systems is a must. These policies should cover the security of networks, servers, databases and applications, and include guidelines for both internal and external communications. Protecting network architectures and segmenting networks to reduce risk are important aspects to consider.

7) Supply chain security.

With the emphasis on supply chain security in NIS2, it is essential to thoroughly evaluate the security of your suppliers and partners. Third-party risks can no longer be ignored, as they often have access to sensitive information. Ensure that your suppliers and service providers comply with the requirements of NIS2, and implement an effective risk management program for your supply chain.

8) Use of cryptography and strong authentication processes

The use of encryption and strong authentication methods is one of the most effective ways to protect sensitive data. NIS2 emphasizes the importance of encryption for data at rest and during transmission. Use the latest cryptographic standards and ensure that all sensitive information is adequately encrypted both on devices and during communications.

9) Measuring and improving effectiveness

NIS2 compliance is not a one-time activity, but a continuous process of improvement. Measuring the effectiveness of your security measures and performing periodic audits is crucial. This allows you to determine whether your security measures are still effective and to make improvements as needed.

We are ready to support you

The uComply team is ready to support you in providing insight into the gaps to comply with NIS2 through a one-time GAP analysis, helping with implementation of measures or reviewing your processes through an internal audit.

Thereby, the uComply App can help you in systematically managing compliance and the uComply bot is your Compliance AI assistant that has answers to all NIS2 questions. And if the uComply bot doesn't know, our experts will! Feel free to book a no-obligation consultation, we'd love to think with you!

Boek meeting

Our mission to compliance

Ensuring availability, integrity and confidentiality

With the uComply App, you ensure that data is protected and only available in your organization's Microsoft 365 environment.

Innovative AI technology

uComply Bot uses advanced AI technology to provide smart answers and enhanced user instructions, with, of course, live support from the uComply team.

Seamless integration

Integrates seamlessly with Microsoft 365 making uComply a versatile and efficient choice for businesses of all sizes.

PHONE

+31880085959 (NL)

ADDRESS

uComply.cloud
Nieuwe Stationsstraat 10
6811 KS Arnhem
Netherlands

SITEMAP

BOOK DEMO