Mnemonica Helping Businesses to Meet the Requirements of NIS 2

Mnemonica announced a new service to help businesses achieve regulatory compliance with NIS 2. The new Network Information Security Directive (NIS 2) was published on December 27, 2022. It presents businesses with new and higher than ever requirements for cyber security. The regulation affects all organizations with a team of more than 50 people and/or a turnover of 10 million euros per year.

Some of the new requirements that every business will have to meet are:
developing policies for risk analysis and information systems security, incident response, business continuity, supply chain security, network and information systems security, cybersecurity practices and cybersecurity training, policies and procedures on the use of cryptography and encryption.

Mnemonica’s team has many years of professional expertise in the field of regulatory compliance and has been helping Bulgarian and international companies meet cybersecurity challenges for more than 13 years.

“We have developed a 7-step program for organizations to implement in order to be compliant with NIS 2. Our team is available to help businesses navigate the path to regulatory compliance given the new specifics. Supply chains are being regulated for the first time. Another novelty is that the management can be personally held accountable and personal penalties could be assigned,” says Vihren Slavchev, Executive Director of Mnemonica.

In order to achieve regulatory compliance, it is necessary to implement the following actions: 1. Risk Analysis and Security Policies of Information Systems; 2. Incident Response Planning (Prevention, Detection and Response); 3. Business Continuity and Crisis Management 4. Supply Chain Security 5. Network and Information Systems Security 6. Policies and Procedures for Cyber Security Risk Management Measures and 7. Use of Cryptography and Encryption of data.

The requirements of NIS 2 must be met by all organizations that are defined as a critical structure – health services, banking services, water supply, electric power distribution, digital infrastructure, waste management, etc. With fines of up to EUR 10 million or 2% of a company’s annual turnover, the NIS 2 directive aims to enforce a move to a higher level of cyber protection, eliminate differences in national cyber security requirements and in the implementation of cyber security measures in the different member states.

This Directive shall not apply to public administration organizations carrying out activities in the fields of national security, public safety, defense or law enforcement, including the prevention, investigation, detection and prosecution of crime.

For more information: https://www.mnemonica.bg/en/nis-2-directive/