To prepare for NIS2, organisations should urgently determine whether they fall within NIS2’s scope, and if so, which units of operation are to be impacted, before evaluating existing security measures and amending and implementing new policies and security measures as required to achieve compliance.
It must be emphasised that while NIS2’s guidelines may fall largely within an organisation’s existing cyber security provision, it is essential to doublecheck processes and security stacks to ensure that exact requirements are met and can be evidenced.