NIS 2 Service Agreement
The D Unitas manage the operation of your NIS 2 through a well-run annual cycle, where experienced consultants ensure continuous compliance with the NIS 2 directive
NIS 2 Service Agreement
With a service agreement takes care of Unitas the vast majority of tasks associated with your NIS 2 operation, including gap analysis, risk management, supplier supervision, incident management, IT contingency plans and ongoing evaluation and reporting. The purpose of the service is to ensure a holistic approach to necessary cyber security and compliance with NIS 2 requirements for organizations subject to the directive.
Unitas has divided the service into 4 main areas, which ensure that analysis and assessment of scope, ongoing operations and securing of management information in the form of risk management, evaluation and reporting are carried out on an ongoing basis. In addition, additional services are offered that support the basic services.
It is also possible to have the implementation project included as part of the service agreement.
Read more below about the individual points in the service.
3 strong advantages
The NIS 2 service agreement has many advantages for you. Here are three selected…
1
We provide 'green lights' for all the delegated activities in the annual cycle and undertake +90% of the tasks that come with NIS 2 compliance.
2
We ensure optimization of efforts between the different sets of rules that you may also be subject to, such as GDPR.
3
We can factor in the implementation as part of the overall finances over a 3-year service agreement.
NIS 2 Service Agreement
With a service agreement takes care of Unitas the vast majority of tasks associated with your NIS 2 operation, including gap analysis, risk management, supplier supervision, incident management, IT contingency plans and ongoing evaluation and reporting. The purpose of the service is to ensure a holistic approach to necessary cyber security and compliance with NIS 2 requirements for organizations subject to the directive.
Unitas has divided the service into 4 main areas, which ensure that analysis and assessment of scope, ongoing operations and securing of management information in the form of risk management, evaluation and reporting are carried out on an ongoing basis. In addition, additional services are offered that support the basic services.
It is also possible to have the implementation project included as part of the service agreement.
Read more below about the individual points in the service.
Analyzes and Scope
Thorough analysis to assess the organization's status and compliance with NIS 2 requirements. This includes:
- Reassessment of gaps compared to previous assessments:
- Organization and management: How management supports compliance with NIS 2, including governance structure and division of responsibilities.
- Technical (CIS-18): Technical compliance based on CIS Controls (18 controls) including reporting and assistance in preparing implementation plan to close gaps.
- Status on roadmap: Review of ongoing projects and their status in relation to previously planned targets for compliance and cyber security.
- New, updated or discontinued suppliers:
- Review of new requirements for own systems.
- Regulatory changes, which affects existing suppliers and collaborations.
Service
- Supplier supervision
- Regular supervision of suppliers to ensure that they meet the set requirements under NIS 2.
- Perform control activities:
- Ensure implementation of supervision, assessment of supervision results, possibly updating risk assessments, etc
- Risk management and Risk assessments:
- Carry out ongoing risk assessments to ensure that the organization's risk management is up to date with the new threats and compliance requirements.
- Advice on handling new threats and risks.
- Incident handling:
- Ensure effective incident management plan, which ensures effective response to cyber security incidents as well as testing thereof.
- Unitas manages itself the reporting obligation is complied with.
- IT Contingency Plan:
- Maintenance and review of the IT contingency plan, which ensures the continued operation of the organisation in the event of critical IT breakdowns.
- Organizational and technical testing of the IT contingency plan.
- Policies and Procedures:
- Preparation and updating of security policies and procedures that support compliance with the NIS 2 requirements.
- Awareness training and Continuing Education of Management:
- Ongoing training in security awareness for employees.
- Specific and targeted training for management to ensure a robust cyber security culture.
- Maintenance of assets:
- Maintenance and updating of critical assets registered and used in connection with ISMS
Report and Evaluate
Regular reporting and evaluation documenting the status of compliance with NIS 2. Organizations have individual requirements and wishes for reporting, from simple internal reporting to external declarations and certifications. Following are the different types which Unitas delivers on, and can be freely chosen based on the organization's needs and wishes.
- Internal reporting:
- Internal audit: Review and documentation of the organisation's own processes and security controls.
- Management report: Overview of risk and security management for the organisation's management.
- IT business continuity testing and auditing: Review and testing of the organization's business continuity plans to ensure resilience in the event of breakdowns or incidents.
- External reporting:
- External reporting requirements in relation to regulators and other relevant stakeholders, including:
- Easy independent subject-specific reporting: If the organization has an area-delimited scope and specific conditions on which they want to report to, for example, customers
- The D brand: Compliance with D-marked standards for cyber security.
- ISAE 3000 NIS 2 supplier declaration: Reporting of suppliers' compliance with the NIS 2 requirements.
- ISAE 3402: Statement documenting the supplier's control environment in relation to ISAE3402.
Additional services
Possibility of additional services depending on the organization's needs:
- Organization:
- vCISO: Virtual Chief Information Security Officer for consulting and strategic security management.
- Estimated vCISO hours: Hourly based service for vCISO consulting.
- Technical:
- Vulnerability scanning: Continuous scanning of systems IT and OT for vulnerabilities.
- Managed Detection & Response (MDR): Monitoring and responding to threats in real time.
- SIEM: Collection and analysis of log data for security information and incident management.
- Physical security:
- Supervision and securing of large locations og small locations.
Technical and physical additional services are provided in whole or in part by the trustee Unitas business partner.
Overall, NIS 2-as-a-Service can ensure that your organization maintains full compliance with the NIS 2 Directive as well as other relevant cyber security requirements.
Especially for the energy sector
Are you in the energy sector? For example, if you supply district heating, you can safely place the responsibility on us. NIS 2-as-a-service lifts all the requirements you must comply with in accordance with the law on resilience and preparedness. Not least, we make sure that your management is both taught as they should be and that they receive the risk and vulnerability assessments they have to deal with. Finally, NIS 2-as-a-service also ensures that the organization can act in a way so that you achieve real resilience and build up an appropriate preparedness.
Economy
Since there are very individual requirements for NIS 2 compliance, but also consideration of what the organization itself wants to take care of, the service is structured as a 'pick and choose' model, where you can choose which elements you want to have a price calculated on.
Rabat in case you already have one GDPR Service Agreement or vCISO Service Agreement with us. Draw any several appointments at once and get a particularly good offer.
CONTACT US FOR A SPECIFIC REVIEW AND PRICE CALCULATION.