The NIS2 directive is the EU's latest cybersecurity legislation. This checklist will help you get started with your NIS2 compliance journey.
Yes, full time position.
Yes, part time position.
No.
Yes, and review of the policy is part of ongoing employee awareness training.
Yes, but it’s not fully part of ongoing employee awareness training.
My organization doesn’t have a well defined information security policy.
Yes.
Yes, for the whole organization.
Yes, only for selected functions and topics.
No, we don’t conduct risk assessments.
Yes, and it’s part of ongoing training.
Yes, but it’s not part of ongoing training.
No, my organization doesn’t have such a playbook.
Yes, fully implemented.
Yes, partial.
Yes, fully implemented and updated.
Yes, and fully tested.
Yes, but not tested.
Yes, we update software and apply security patches in an ongoing and automated manner.
Yes, we update software and apply security patches via a manual process.
No, my organization doesn’t have such a program.
Yes, we conduct scanning in an ongoing manner.
Yes, we conduct scanning twice a year.
No, we don’t conduct such scanning.
Yes, we have a public bug bounty program.
No, we don’t have a public bug bounty program.