7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

10.2 Background checks

10.2.1. The relevant entities shall perform background checks for their employees, direct suppliers and service providers, if required for their role, responsibilities and authorisations.

10.2.2. For the purpose of point 10.2.1., the relevant entities shall:

(a) put in place criteria, which set out which roles, responsibilities and authorities shall only be exercised by persons who have undergone background checks;
(b) perform background verification checks on these persons before they start exercising these roles, responsibilities and authorities, which shall take into consideration the applicable laws, regulations, and ethics in proportion to the business requirements, the classification of the information and the network and information systems to be accessed, and the perceived risks.

10.2.3. The relevant entities shall review and, where appropriate, update the policy at planned intervals and update it where necessary.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!