Building a strong NIS2 Programme with Wired Relations

Adhering to the requirements of the NIS2 directive demands structure and a targeted approach. Our approach to working with NIS2 involves five phases, each supporting the development of a sustainable and structured security framework.

Published: 
October 23, 2024
Gry Josefine Løvgren
Content Specialist

Read more about the author

1. Identify the scope

Initially, you need to gain an overview of the scale of the task within your organisation.

  • Gap analysis: Begin by mapping your current level of information security and identifying what is necessary to meet the NIS2 requirements. 
  • Involve management: Engage the management team and educate them on the importance of NIS2.

How to do it with Wired Relations: In Wired Relations, Management can easily track the progress of initiatives, access the necessary documentation, and monitor compliance with NIS2 requirements – so invite them into the system. We can also support you in doing a gap analysis based on your specific situation and needs. 

2. Lay the foundation

Once you’ve got the overview, it is crucial to establish a clear structure for your information security work, which you can achieve through these steps:

  • Map systems and vendors: Identify and document the systems and vendors you use.
  • Identify supply chains and criticality: Assess the criticality of systems and vendors and map your supply chains. This allows you to allocate resources effectively by focusing on what is critical and important. 
  • Establish policies and procedures: Develop any missing policies and procedures in your organisation, involving relevant stakeholders so the documentation supports real processes and becomes an active part of operational work. 

How to do it with Wired Relations: Systems and vendors are part of the backbone of Wired Relations. You’ll quickly gain a complete overview of systems and vendors, see their interconnections, and map supply chains. With Wired Relations, you can easily identify and assess the risks associated with critical systems and vendors. Our colour coded layout of risks makes it even easier to keep an overview. Additionally, you can link relevant policies and procedures to individual security measures, send them to the relevant staff, and follow up on who has or has not read them.

3. Run the programme

Working with cyber and information security is an ongoing process that requires managing initiatives and tasks to create a sustainable setup.

  • Risk management: Conduct risk assessments based on impact on society and take appropriate technical, operational and organisational measures to manage the risks.
  • NIS2 controls: Build on your existing information security work and align with internationally recognised standards like ISO27001/27002 or frameworks like CIS18 – or start from scratch with the NIS2 requirements.
  • Vendor Audit: Choose a vendor audit method based on risk assessments and criticality and monitor vendors' compliance with contract and security requirements.
  • Security incidents: Handle security incidents with structured processes and procedures.
  • Business continuity: Test contingency plans and ensure that backup and disaster recovery processes are in place and functional.

How to do it with Wired Relations: Wired Relations supports all activities in this phase. You can streamline your work with NIS2 requirements based on the systematic approach you already use for your information security management. Our platform allows you to work purposefully and systematically with NIS2 requirements without starting from scratch. We have mapped security measures from Article 21 of the NIS2 directive to the security measures in ISO 27002:2022, meaning you can avoid duplicate work and documentation.

If you're already working with the ISO 27000 series, you can build on your existing documentation and avoid duplicate work.

4. Awareness

Training and internal awareness around cybersecurity is a cornerstone of any NIS2 programme.

How to do it with Wired Relations: You can leverage Wired Relations' ‘Track Policy' feature to roll out your cyber and information security awareness programme and monitor how many people have read your policies and procedures.

5. Evaluate and iterate

Working with NIS2 is an ongoing process that requires regular assessments and adjustments.

  • Internal audit: Continuously assess the effectiveness of implemented controls and make ongoing improvements to your security work.
  • Re-evaluating the NIS2 programme: NIS2 (or compliance in general) is not a project but an ongoing process where the security level must be regularly reassessed in light of the current threat landscape.

How to do it with Wired Relations: Wired Relations allows you to document, stress-test, and improve your security measures. With our Task Manager function, you can easily set up (recurring) tasks to remind you of regular evaluations and updates.

Outcome: A solid framework that enhances your organisation's ability to defend against cyber threats

With Wired Relations, you’ll have a comprehensive overview of both ISO27002 and NIS2 measures. Instead of working with siloed documentation tasks and risking duplication, you can document your information security efforts in one unified system. This provides an efficient and structured approach to NIS2 requirements, while continuing and strengthening your existing information security work.

Book a demo to see how Wired Relations can help you comply with NIS2 requirements in an efficient and structured way.

NIS2: Avoid duplicate work

With Wired Relations, you can continue your existing information security efforts without duplicating documentation.

Learn more