7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

1.1 Policy on the security of network and information systems

1.1.1. For the purpose of Article 21(2), point (a) of Directive (EU) 2022/2555,

the policy on the security of network and information systems shall:

(a) set out the relevant entities’ approach to managing the security of their network and information systems;

(b) be appropriate to and complementary with the relevant entities’ business strategy and objectives;

(c) set out network and information security objectives;

(d) establish the risk tolerance level in accordance with the risk appetite of the relevant entities;

(e) include a commitment to satisfy applicable requirements related to the security of network and information systems;

(f) include a commitment to continual improvement of the security of network and information systems;

(g) include a commitment to provide the appropriate resources needed for its implementation, including the necessary staff, financial resources, processes, tools and technologies;

(h) be communicated to and acknowledged by relevant employees and relevant interested parties;

(i) lay down roles and responsibilities pursuant to point 1.2.;

(j) list the documentation to be kept;

(k) list the topic-specific policies;

(l) lay down indicators and measures to monitor its implementation and the current status of relevant entities’ level of network and information security;

(m) indicate the date of the formal approval by the management bodies of the relevant entities (the ‘management bodies’).

1.1.2. The network and information system policy as well as the topic-specific policies shall be reviewed and, where appropriate, updated by management bodies at planned intervals and when significant incidents or significant changes to operations or risks occur.
The result of the reviews shall be documented.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!