2. The process

1. Are you covered? – 2. The process – 3. 3. Price calculator

- Unitas leads you safely through the process

Achieving NIS2 compliance is a comprehensive process where individual starting points converge towards the same goal. The path towards the goal is generally the same for everyone, but the size of the challenges that arise along the way can vary.

Unitas has developed a transparent and pragmatic process based on the ISO27001/2 standard, the implementation of ISMS and a significant expertise in compliance and information security, gained through many years of experience.

The process is as follows

Implementation

1. The process begins with a workshop, where together we identify the challenges and barriers that must be overcome to achieve the goal. We establish a common understanding of management's responsibilities in relation to NIS2 and draw up a plan for the rest of the process.
   
2. We thenperform a Gap analysis. By comparing either ISO27002 controls or a CIS Controls analysis, we get a clear sense of our current situation and the goals we need to achieve on our way to the goal.
   
   We naturally start from what the organization may already have in terms of relevant documentation and systems.
   
3. A key part of implementing NIS 2 when following the ISO2700x approach is to anchor an information security policy with the management. A comprehensive and detailed information security handbook is then prepared, which serves as the IT department's guidelines for requirements that must be met both internally and with service providers and data processors. Finally, we translate these guidelines into an easy-to-read and inspiring handbook that deals with specific areas related to the individual's work function.
   
4. Documentation is essential! This is done through an ISMS (Information Security Management System). If you already have such a system, we naturally start from that. Alternatively, we can help identify your needs and we also have tools such as Wired Relations available that can handle the task and include GDPR if necessary. All systems, measures and annual processes are documented in the ISMS.

Service

When all documentation is in place, and annual processes are established with relevant controls, the operating phase begins. Here, a series of checks based on the “Plan-Do-Check-Act” method are carried out, where any faulty checks are acted upon by implementing corrective measures 1-2 times in a period of 3-6 months.

Audit (Goal reached!)

After a successful period of operation are you able to document compliance with the NIS2 requirements. This can be further confirmed by, for example, a D-mark certification.

You are now ready to try our NIS2 price calculator.