7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

2.2. Compliance monitoring

2.2.1. The relevant entities shall regularly review the compliance with their policies on network and information system security, topic-specific policies, rules, and standards.

The management bodies shall be informed of the status of network and information security on the basis of the compliance reviews by means of regular reporting.

2.2.2. The relevant entities shall put in place an effective compliance reporting system which shall be appropriate to their structures, operating environments and threat landscapes.

The compliance reporting system shall be capable to provide to the management bodies an informed view of the current state of the relevant entities’ management of risks.

2.2.3. The relevant entities shall perform the compliance monitoring at planned intervals and when significant incidents or significant changes to operations or risks occur.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!