Vulnerability Management

Products

System & Network Scanning

Find vulnerabilities in your entire infrastructure

Web Application Scanning

Find vulnerabilities in your web apps and APIs

Phishing & Awareness Training

Increase resilience against social engineering

Distribution Options

Cloud

Efficient and secure in the cloud

On-premise

Installed in your infra with local storage

Professional services

Success Program

Let our experts help you become successful

Penetration testing

Automated pen-testing

PCI DSS compliance

Meet compliance demands

Vulnerability Management Platform

Holm Security VMP

Take your tour
Solutions

Business needs

Industries

Compliance

Resources
Customers
Pricing
Partner

Information

Partner solutions

About us
Login

Security Center

Organizer

Start your trial account

System & Network Scanning

Systems, IoT, OT, SCADA etc.

Web App Scanning

All web apps and APIs.

Phishing Simulation

Build your human firewall.
Delivery option

Cloud
Delivery option

On-premise
Start your trial account

Pen. testing

Premium support

PCI compliance

Solutions

Resources

Partner

Pricing

About us

Pen. testing

Premium support

PCI compliance

Solutions

Business needs
AWS (Amazon Web Services)
COVID-19
IoT (Internet of Things)
Microsoft Azure
MSSP, MSP & SP (Service Providers)
OT, ICS, SCADA & PLC
SIEM integration
Social Engineering
Threat Intelligence
VAPT
Work from Home (WFH)
Risk Posture & Assessment
Risk-based Vulnerability Management
Industries
Education
Energy sector
Healthcare
Municipality
Retail & e-commerce
Shipping & maritime
Compliance
GDPR
HIPAA
ISO/IEC 27001
NIS
OWASP top 10
PCI DSS
Personal Data Protection Act
Personal Data Protection Bill
PSD2 (Payment Service Directive 2)
RMiT
SOX

Resources

Webinars
Blog
Customers
Support pages

Partner

Information
Become a partner
Partner Solutions
MSSP Partner Program
Managed SaaS

Pricing

About us

Our story
Join us
Management Team
Board
Contact

COMPLIANCE

NIS Directive

The NIS (Network and Information Security) Directive is an EU-directive that sets security demands aimed to improve the overall protection of critical infrastructure for essential and certain digital services. All organizations that are regarded as essential services must work systematically with their information security - and demonstrate compliance. 

Your safety – our top priority

NIS (The Directive on Security of Network and Information Systems) is the first EU directive to increase cyber security throughout the EU. On May 9th, 2018, each EU member state must have implemented NIS in its local legislation. The NIS directive sets requirements for cyber security in networks and information systems. The law covers private and public providers of vitally important services – or so-called operators of essential services. The background to NIS is the growing threat to all types of organizations - not least from foreign powers.

Concerned sectors

The following sectors are affected by the NIS directive:

icon wind turbine dark blue

Energy

Including subsectors; electricity, oil, and gas.

icon bus dark blue

Transport

Including subsectors; air transport, rail transport, shipping, and road transport.

icon hospital dark blue

Healthcare

Including subsector; healthcare environments (including hospitals and private clinics).

icon droplet dark blue

Water supply

Delivery and distribution of drinking water.

icon credit-card-front dark blue

Financial infrastructure

Financial market infrastructure, e.g., payment services

icon bank dark blue

Banking

Banking activities of various kinds.

icon computer-classic dark blue

Digital infrastructures

Digital infrastructures, such as the delivery of DNS and TLD registries.

Requirement for a systematic cyber security approach

To strengthen the internal market and reduce susceptibility, NIS requires essential community services to adopt a systematic and risk-based security approach and report incidents.

Responsibilities according to NIS

According to NIS, organizations providing vitally important services have several primary obligations: 

  • Report to your supervisory authority that NIS applies to your organization. 
  • Conduct a systematic and risk-based information security approach. 
  • Annually assess the business's risks and draw up action plans. These should form the basis for choosing suitable safety measures. 
  • Take appropriate and proportionate measures to deal with risks that threaten safety. 
  • Respond appropriately to prevent and minimize the effects of incidents affecting networks and information systems. 
  • Report incidents that have a significant impact, such as loss or disruption. 

NIS 2 - a revision & broadening

On December 16th, 2020, a proposal was submitted to the European Commission regarding a new NIS directive called NIS 2 or NIS 2.0. A revision of NIS, which, if adopted, will affect more sectors to comply with NIS. Vitally important services include postal and courier services, waste management, chemicals, food, manufacturing of other medical devices, computers and electronics, machine equipment, motor vehicles, and digital suppliers. When NIS 2 will come into force has not been determined, and the proposal is under evaluation. Once the directive is adopted, each EU member state will have 18 months to implement the directive as local legislation.

Facts about NIS

  • NIS (The Directive on Security of Network and Information Systems) is an EU-homogeneous directive.
  • Is the basis for local legislation in each EU member state.
  • NIS must implement it no later than May 9th, 2018.
  • Applies to organizations, both public and companies, providing essential services.
  • Makes demands for systematic and risk-based information security work, incident reporting to local authorities, and demonstrating compliance with the legislation.
  • Non-compliance can result in penalties in the form of administrative sanctions such as revoked permits to conduct business.

Meet laws & recommendation

Strengthen your cyber security defense and ensure compliance with laws and recommendations. Our platform enables you to discover technical and human vulnerabilities, evaluate and prioritize risks, and address vulnerabilities throughout your IT environment.

Take your tour