The new directive, NIS2 (Network and Information Security Directive), is part of the EU Cybersecurity strategy and a consequence of the increasing cybersecurity threat to the EU’s internal market. Worth noticing is that all direct suppliers to affected NIS2 organizations shall expect to meet similar cybersecurity requirements by 2024, as NIS2 highlights supply chain cybersecurity risk as essential for the critical suppliers’ ability to deliver. 

Many organizations using SAP as their core business operations platform are already aware of the challenges of maintaining proper Cyber and Information Security posture – resilience to loss of confidentiality, integrity, and the availability of assets important for its successful business operations. This includes Risk Management with an impact on the Business. With the introduction of EU GDPR in 2018, to regulate the processing of personal data, the Risk Management perspective of the Impact on the Data Subject was enforced as new EU regulation. With the NIS 2 directive, a third Risk Management perspective is added – Impact on the Functioning of Society and the Economy. While executing digital transformations, the requirements to the accountability of manufacturers and service providers are significantly increasing beyond their own business interest. 

The specific obligations of the organization under the Directive will depend on the sector in which it operates and the nature of the services it provides. NIS2 defines 3 main categories of cybersecurity obligations on organizations: 

• Governance (Article 20) 
• Cybersecurity Risk-Management Measures (Article 21) 
• Reporting (Article 23) 

You’re kindly invited to attend our NIS2 webinar where Ivan Mans, CTO and Co-founder, SecurityBridge and Steen Schledermann, GRC Advisor, NTT DATA Business Solutions, will discuss and demonstrate appropriate SAP application technical, organizational, and operational security measures as required by NIS2.