NIS Directive and Legislative Decree 65/2018 Gap Analysis & Compliance Action Plan

Achieving compliance with the NIS Directive and Legislative Decree 65/2018

The consulting service offered by ICT Cyber Consulting to achieve compliance with the obligations arising from the application of the NIS Directive and Legislative Decree 65/2018 aims to support your business in a compliance path with legal requirements that simultaneously increases the level of IT security of the organization.

Gap and requirements analysis
ICT Cyber Consulting assesses the current level of compliance of the organization with the requirements of the NIS Directive and Legislative Decree 65/2018 and helps to prioritize the technical and organizational implementations required to achieve compliance with the regulations.

This consulting service is aimed at essential service operators and digital service providers as defined by the NIS Directive and Annexes 2 and 3 of Legislative Decree 65/2018. It is designed to take place either remotely or on premise, or both.

For operators of essential services, the analysis will be based on our risk assessment methodology which allows the objectification of the risk analysis process pursuant to the ministerial guidelines.

A team of qualified consultants will work with you to ensure that all critical activities are undertaken appropriately.

The Gap analysis will provide:
• An analysis of the overall status and maturity of your current IT security and resilience arrangements;
• Specific details of the gaps between the current security provisions and the requirements of the NIS Directive and Legislative Decree 65/2018, in accordance with our methodology and both ENISA’s technical guidelines and those of the competent Ministry;
• An action plan outlining and indicating the level of internal management effort required to implement and maintain a compliance programme with the NIS Directive, Legislative Decree 65/2018, and applicable ministerial guidelines;
An analysis of the risks identified, in accordance with regulatory requirements and the ministerial guidelines;

Following the gap analysis, you will receive a detailed description of your current level of compliance, including an executive summary which highlights the level of commitment required to achieve compliance.

Subsequently, our experts will assist you in the compilation of the “Document to be completed for the mapping of technical and organizational security measures“, identifying, on the basis of the information gathered, the level of maturity of the organization and which will assist you in ministerial hearings.

Organisational security measures and obligations deriving from ministerial guidelines
The project will aim to resolve and fill any gaps according to both the ENISA and ministerial guidelines, which may include a range of activities, such as the development of appropriate policies and procedures, conducting staff trainings, or repeated risk analysis.
ICT Cyber Consulting will prepare the procedures relating to the management of security incidents and the additional organizational security measures necessary to comply with the provisions of the NIS Directive, Legislative Decree 65/2018 and ministerial guidelines.

Our methodology provides for the alignment of your organizational practices with what is required by Italian sectoral regulations and applicable regulations, in order to establish a legally inviolable perimeter.

Certifications and full compliance
Our team consists of certified Lead Auditors of ISO/IEC 27001 and ISO 22301, the main standards related to information security and business continuity. The two ISO standards are often mentioned in the ENISA guidelines and within the ministerial guidelines as a structure that can help organizations to achieve compliance with the NIS Directive, and Legislative Decree 65/2018.

Our unique combination of technical expertise and solid experience in international standards for management systems means that we can provide a complete solution in accordance with the NIS Directive and Legislative Decree 65/2018 and, with the presence of certified Project Managers in the PRINCE 2 framework, project management from start to finish.

Experience and flexibility
We have managed numerous projects in all sectors, including healthcare, energy, transport, water, defence, and aerospace. Our attitude is flexible and proactive: we provide practical advice and work according to the budget and needs of the organization. In addition, we will be able to manage the entire suite of advice and training required for compliance with the NIS Directive and Legislative Decree 65/2018.

Our team of experts can be on site to support your organization during an audit by a competent authority. We are also available to conduct simulated inspections and compliance audits.