7. POLICIES AND PROCEDURES TO ASSESS THE EFFECTIVENESS OF CYBERSECURITY RISK-MANAGEMENT MEASURES
8. BASIC CYBER HYGIENE PRACTICES AND SECURITY TRAINING
9. CRYPTOGRAPHY

6.4 Change management, repairs and maintenance

6.4.1. The relevant entities shall apply management procedures to changes, repairs and maintenance to network and information systems. Where applicable, the procedures shall be consistent with the relevant entities’ general policies concerning change management.

6.4.2. The procedures referred to in point 6.4.1. shall be applied for releases, modifications and emergency changes of any operational software, hardware and changes to the configuration.

6.4.3. In the event that the regular change control procedures could not be followed due to an emergency, the relevant entities shall document the result of the change, and the explanation for why the procedures could not be followed.

6.4.4. The relevant entities shall review and, where appropriate, update the procedures at planned intervals and when significant incidents or significant changes to operations or risks.

Stand: 27.06.2024

Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!