NIS-2

Our experts will help you understand the new EU Network and Information Security Directive and skilfully implement the requirements.

Inquiry

Get informed now!

What is the NIS-2 guideline?

The new Network and Information Security Directive sets a minimum standard for EU member states in order to achieve the goal of a high common level of cyber security within the EU. Member states must introduce at least the minimum standards as regulations, but may also introduce stricter regulations. The NIS-2 Directive has been in force at EU level since 2023 and must be transposed into national law by 17 October 2024.

All companies that fall under the regulations of the Federal Office for Civil Protection and thus under NIS-2 must fulfil the requirements regarding information security, risk management and cyber security levels. To ensure this, companies must carry out regular penetration tests (tests that find out how easily attackers can penetrate a system), set up systems for reporting cyber incidents and carry out a risk assessment that shows where there are potential threats to IT security in the company.

Who is affected by NIS-2?

Key sectors

Energy

Transport

Banking

Financial market

Space

Administration

Healthcare

Drinking water

Digital infrastructures

Wastewater

Management of ICT services

Important sectors

Postal and courier services

Waste management

Chemicals

Food

Research facilities

Manufacturing industry

Digital services

Large companies

> 250 Employees
> 50 Mio. EUR Annual turnover or
> 43 Mio. EUR Annual balance sheet

Medium-sized companies

> 50 Employees
> 10 Mio. EUR Annual turnover or
> 10 Mio. EUR Annual balance sheet

Small companies

Companies are not affected, except for
– critical activities
– Impact on public safety
– cross-border effects

Key facilities

Large companies

Criteria for essential facilities: Annex I company (predominantly ‘large’ threshold) NIS-1 company Categorised as significant facility by authority

Important facilities

Large companies

Medium-sized companies

Small companies

Criteria for significant entities: Annex I and Annex II companies Medium & large thresholds which are not significant Categorised as significant entity by authority

Not sure whether your company falls under the NIS 2 Directive? No problem! We can help you find clarity!

Get informed now!

What do affected companies need to do?

Risk analysis & security concept

Security incidents & reporting obligation

Risk management / planning of measures

Business continuity and crisis management

Cryptography / multi-factor authentication

Security Awareness / Phishing Simulation

Operational security / ongoing operation

Access control / access control (assets)

This is how we help you achieve your goal:

Our offer for NIS-2

Define IT assets

We work with you to gain an overview of the existing infrastructure and define the protection requirements of the individual components. This serves as the basis for the subsequent risk classification and enables efficient allocation and simple hierarchical maintenance.

Risk classification

After recording the technical and infrastructural components, a risk analysis is carried out and success-critical factors are derived. Using the so-called ‘risk-based approach’, important components are identified as such and presented transparently.

Planning of measures

The continuous improvement process is driven by a catalogue of measures, which is defined in collaboration with the customer. Priorities are set here and measures are listed to ensure fulfilment of the statutory safety regulations.

Guidelines

machCon supports you with all documentation obligations and the creation of guidelines that you need to implement in the context of IT security and NIS-2. The guidelines to be formulated are customised to your individual company-specific requirements.

ISMS operation

machCon takes over the development and operation of your information security management system (ISMS) and makes it available to you as a licence for your company. Our ‘State of the Art ISMS’ enables the consistent and legally compliant implementation of NIS-2.

Incident management

IT security incidents are fully documented and detailed case analyses are carried out. Corrective and preventive measures are identified and their implementation is consistently monitored. Error-prone components are thus eliminated as quickly as possible.

Our customers

{

FSM AG

Working with machCon has exceeded our expectations. Their expertise and customised solutions have significantly improved our security infrastructure and they are helping us to understand and take the NIS 2 measures we need. Their professional and proactive approach has won us over!

Head of IT

{

Renfert GmbH

Thanks to machCon’s NIS-2 and IT security consulting, we were finally able to get our bearings and significantly optimise our IT security measures. Thanks to the professional advice and solutions customised to our needs, we feel ready and secure as soon as NIS-2 compliance is adopted. We recommend your services without reservation.

Member of the Executive Board

{

Fidel Dreher GmbH

Thanks to machCon’s NIS-2 and IT security consulting, we have significantly improved our security measures. Your expertise and customised solutions have helped us to easily meet the NIS-2 requirements. We particularly appreciate your straightforward and dedicated approach. We are very satisfied and are happy to recommend machCon as a partner.

IT Manager

Contact person

Contact us for further information

CHRISTIAN HERBST

Chief Executive Officer

Inquiry