NIS2 is coming! Get prepared and secure your company.
+43 50 977 805
hello@4conform.com
Book your Demo

NIS2

Welcome to NISinfo.eu

All information on the Network and Information Security Act – NIS for short – provided and prepared free of charge by 4conform.

to the IT end user policy
for consultants

Implement NIS2

The EU’s new security directive

With the introduction of the NIS 2 Directive (Network and Information Security Directive) in October 2024, companies are facing new challenges and opportunities in the area of cyber security.

The directive affects companies from various sectors, including energy, transport, finance, health, drinking water and digital infrastructures. In addition to the sectors already covered by the first NIS Directive, new sectors are now also included, such as public administrations, manufacturers of industrial products and providers of digital services.

NIS2 Webinar

The future of cyber security management

With 4conform, you always have an overview of all tasks and can create comprehensive reports on your cyber security risks in seconds – based on ISO 27001 and other standards.

Find out in our webinar how you can meet the requirements of the NIS2 directive in compliance with the law and optimize your security processes with just a few clicks. Register now and revolutionize your security management!

to the webinar

Policy for IT end users

Sign up for our newsletter to stay up to date on NIS2 and get a free IT end user policy!

Go to registration
These are your advantages
Exclusive content and updates
Practical tips and best practices
Invitations to webinars and events
Free end user policy

What is NIS2?

The future of cyber security management

NIS2 is the abbreviation for an EU directive that will become mandatory in Austria with the NIS Act (link to the draft law for Austria). NIS stands for Network and Information Security and obliges affected companies, authorities and public bodies to implement cyber security measures. All EU member states must implement the directive by October 17, 2024.

From this date, all affected companies must provide evidence of the cybersecurity measures prescribed therein. The directive is intended to create greater resilience to attacks and the ability to respond quickly to security incidents in the EU’s public and private sectors.

Who is affected and responsible?

So far, companies in the critical infrastructure and providers of digital services such as online search engines have been affected. With NIS2, far larger parts of the economy will be included. A distinction is also made between essential and important institutions.

Companies from a wide range of sectors with 50 or more employees are affected.

Small companies with fewer than 50 employees and either an annual turnover of no more than EUR 10 million or an annual balance sheet total of no more than EUR 10 million are not covered by NIS2.

Attention

Even if you are not directly covered by the NIS2 law, these requirements may still apply to you. For example, if your customer falls directly under NIS2. In this case, your customer is obliged to demand a similarly high level of security from all its suppliers and external service providers.

Find out if your company is an essential or important entity and what your responsibilities are. Learn how to prepare for audits and report cybersecurity incidents to meet the requirements of the new directive. Stay informed and secure your business!

Essential entities include large and medium-sized companies in the energy, transport, banking, financial market infrastructure, healthcare, drinking water, wastewater, digital infrastructure, B2B ICT service management, public administration and space sectors.

Important enteties include large and medium-sized companies in the postal and courier services, waste management, chemicals, food, manufacturing, digital service providers and research (optional) sectors.

Companies are responsible for assessing for themselves whether they fall into one of the above sectors and whether they are considered a significant or important entity. There is no decision on the part of the authority that classifies the companies in a specific sector or determines whether they are considered essential or important.

In the case of essential enteties, the NIS authority will have a compliance audit carried out at the company by qualified auditors. In contrast, an on-site audit of important facilities is only carried out on an ad hoc basis (e.g. in the event of a cyber security incident). Every critical cybersecurity incident must be reported to the NIS authority.

Who is liable?

If companies do not comply with the requirements of the NIS Act, sanctions are unavoidable. Failure to comply with the regulations leads to fines of

  • for essential enteties: up to EUR 10 million and 2% of the Group’s total annual turnover
  • for important entities: up to EUR 7 million and 1.4% of the Group’s total annual turnover

In addition to the risk of fines, there is also a liability risk with NIS2. Managing directors and board members are held personally liable for violations.

What needs to be done?

Companies need to be as quick as possible:

  1. Demonstrably anchoring cyber security at management level (top management governance)
  2. Establish an information security management system (ISMS) with guidelines for IT and employees (based on ISO 27001)
  3. Introduce risk management to assess and address cybersecurity risks
  4. Identify cyber security risks at suppliers and service providers
  5. Implement cybersecurity measures at technical, operational and organizational level
  6. Carry out training measures for staff
  7. Report critical cyber security incidents immediately
  8. Create IT contingency plans to respond to incidents

The best thing about 4conform ENTERPRISE ISMS?

You can guarantee and prove compliance with NIS2. Let’s have a brief discussion to find out whether 4conform can also meet your specific requirements.

Book a demo

Experts & Consultants

What are the benefits of 4conform for consultants?

With 4conform, you as a consultant can optimally prepare your customers for the requirements of the NIS2 law and expand your consulting business. 4conform ENTERPRISE ISMS supports the implementation of NIS2 and is therefore perfectly tailored to the needs of your customers. Underline your consulting expertise and present your customers with a simple and effective solution for the NIS2 legal change.

What do your customers need to implement with NIS2?

To meet the requirements of the NIS2 directive, companies must take immediate action to strengthen their cyber security. This includes demonstrably anchoring cyber security at management level to ensure effective top management governance. Furthermore, it is essential to establish an information security management system (ISMS) in accordance with the requirements of ISO 27001 in order to create clear guidelines for IT and employees.

Comprehensive risk management must be implemented to assess and deal with cyber security risks. Appropriate measures must also be implemented at suppliers and service providers at a technical, operational and organizational level. Regular training for staff is also necessary, as is the immediate reporting of critical cyber security incidents.

Referrer provision

If you pass on our software, you will receive an attractive referral commission.

Software as an integration partner

Use our software not only as a broker for your customers, but also as an integration partner, thereby expanding your consulting business.

Software as an integration partner

Use our software not only as a broker for your customers, but also as an integration partner, thereby expanding your consulting business.

Integrated consulting expertise

With the integrated know-how and automation, you can offer your customers efficient and simple solutions and focus on your consulting business.

Increase customer loyalty

Strengthen the bond with your customers by using 4conform ENTERPRISE ISMS – an effective and innovative solution for risk assessment and management.

Working time savings

4conform enables automated risk assessment and management, which saves you as a consultant time and effort. You can concentrate on your core competencies and consulting, while the software takes over the routine tasks.

Increased efficiency

Using 4conform ENTERPRISE ISMS increases the efficiency of your consulting projects by providing standardized processes for your clients’ risk management.

Compliance

4conform ENTERPRISE ISMS supports you in meeting your customers’ compliance requirements and avoiding potential risks and legal consequences.

Differentiation from the competition

By using an innovative and modern software solution, you as a consultant can set yourself apart from the competition and expand your portfolio.

Let’s take the next step

Let’s have a brief discussion to find out whether 4conform can also meet your specific ISMS requirements.

contact us now

References

Companies that rely on 4conform

IT end user policy

Just a few clicks away

Sign up for our newsletter to stay up to date on NIS2 and get a free IT end user policy!


    Wir verwenden Brevo als unsere Marketing-Plattform. Wenn Sie das Formular ausfüllen und absenden, bestätigen Sie, dass die von Ihnen angegebenen Informationen an Brevo zur Bearbeitung gemäß den Nutzungsbedingungen übertragen werden.