Network and Information Systems (NIS) Regulations
What are the NIS Regulations?
Cyber warfare poses an ever increasing threat. To ensure that UK & EU are well prepared and protected the Security of Network and Information Systems Regulations (NIS Regulations) have been introduced.
The Regulations put legal measures in place to ensure that companies pay proper attention to cyber security and the physical resilience of network and information systems.
What do you have to do to comply with the NIS Regulations?
You must take “appropriate and proportionate technical and organisational measures to manage the risks to your systems”. This means that you have to put measures and systems in place to cover:
the security of your systems and facilities
business continuity management
monitoring, auditing and testing
compliance with international standards
You have to maintain documentation to evidence these systems and measures. There is alignment with the accountability principal of the GDPR and its provisions on documentation.
Who can help with NIS Regulatory Compliance?
Arcanum Cyber Security are National Cyber Security Centre (NCSC) Certified Cyber Security Consultancy (CCSC) – AP should we link to our entry on the NCSC website?: https://www.ncsc.gov.uk/professional-service/cyber-security-consultancy-arcanum. This means we are properly accredited to deliver support for companies covered by the NIS and if you need help, the first step is remarkably simple. Just fill in the form on the right, or give us a call on 01558 669140 and let us take the weight from your shoulders.
Who do the NIS Regulations Apply To?
If you are an “Operator of Essential Services” (OES) such as transport, energy, water and health then the NIS Regulations apply to you.
If you are a Relevant Digital Service Providers (RDSP) then the regulations apply to you too. (Online marketplaces, online search engines, domain name registration and/or cloud computing services)*.
When do I have to follow the NIS Regulations?
The NIS Regulations came in to force on 10th May 2018.
Who monitors NIS Regulation Compliance in the UK?
Competant Authorities (CA) regulate compliance and take enforcement action where necessary, including issuing notices and imposing substantial financial penalties. CAs are the organisations such as Ofgem; the Department for Transport; the Department for Environment, Food & Rural Affairs; the Department for Business Energy & Industrial Strategy; Ofcom; the Department for Health and the Civil Aviation Authority. They have the power to require information from you. This will enable them to assess the security of your network and information systems and the implementation of your security policies.
Impact of Brexit
The NIS Regulations have been enacted in to UK law which means that Brexit won’t change anything if you are in the UK.
If you offer your service in an EU member state then you have to designate a representative in that state where you provide those services. If you provide a digital service in the UK, but are not a UK based company then you have to designate a representative in this country.
*If you provide Digital Services but are a small or micro business (and are not part of a larger group or organisation) then you are exempt from the NIS Regulations.