The Directive on the Security of Network and Information Systems (NIS-D) was adopted by the European Union in 2016.
Its intention is to ensure common standards of security across all Member States and sets out a range of security requirements that now apply to operators of essential services - including national railways and their supply chains.
Relevant organisations that fail to comply with the Directive risk incurring strict financial penalties - which can be up to 4% of turnover - and could also be subjected to increased supervision by their designated National Competent Authorities.
An expert route to full compliance
Ensuring full compliance with NIS-D is a complex challenge for organisations unfamiliar with its scope, its full requirements and even the extent of materials and information they must be able to provide about their networks and information infrastructure.
We help rail organisations through every stage of the process. Through our unique Ricardo-Roke partnership we combine rail domain knowledge with a deep understanding of security practice in other critical infrastructure to ensure every aspect of the directive is accounted for.
Following initial briefings to help raise awareness amongst staff of the NIS-D and its expectations, we work with organisations to develop project and document plans, determine requirements and emerging prirotites, manage all liaison with regulators and help prepare their final evidence for submission.
- Ensure regulatory compliance
- Raise internal awareness of security responsibilities
- Protect the organisation from penalties and reputational harm