The EU Network and Information Systems Directive (NISD) was adopted as UK law and came into force in May 2018. The aim of the NISD is to establish a baseline level of security requirements for network and information systems to ensure the continuity of essential services. The framework is sector-agnostic but provides a standard baseline and a set of meaningful targets for Operators of Essential Services, which are managed by Competent Authorities for each sector. For more detailed information on the NISD, take a look at our blog post here.
Because of the close alignment with the National Cyber Security Centre’s Guidance and Cyber Assessment Framework with ISO 27001—a best practice standard for information security—many Governance, Risk and Compliance specialists have argued that the standard should be implemented as a basis for meeting the requirements of the NISD.
However, it’s not quite as simple as that, so our Information Assurance team have written a whitepaper examining the risks and benefits of using the ISO 27001 standard as the framework for NISD compliance.
PGI’s Information Assurance team have helped organisations around the globe achieve compliance with a range of national and international standards. For more information on how they can assist your organisation, please contact us: firstname.lastname@example.org