Necessary competences

An FTE competence could for example consist of a lead implementer/project manager, a governance expert, a cyber security expert and a risk expert.

It is our experience that the new NIS2 directive makes great demands on a number of competencies and it will typically not be sufficient with a Lead implementer/project manager. 

Leave a Mark has all competence available in-house, which means that we can quickly put together the FTE competence you need.

If you have already implemented ISO 27001, you can relatively easily expand it with the NIS2 requirements.

Vi implementere bl.a. NIS2 for Energinet, Norlys og ProMark
Læs deres cases here

NIS2 Implementation Process: A Step-by-Step Guide


Understand the requirements of NIS2 & ISO27001

The first step in the process is to understand the requirements of the NIS2 and ISO 27001 standards. This can be done by reading the standards thoroughly and seeking advice from an experienced cyber security expert if necessary.


Identify the critical assets

The next step is to identify your critical assets, that is, the systems and data that are most important to your company's operation and survival.

This also includes those systems and data that may have a significant impact on the functioning and security of society.


Carry out a risk assessment

After identifying your critical assets, conduct a thorough risk assessment to identify potential threats, vulnerabilities, and risks that could affect your assets.

This includes assessing threats from both internal and external sources.


Implement security

The next step is to implement appropriate security measures to protect your critical assets from identified threats and risks.

This includes both technical measures such as firewalls, anti-virus software and encryption, and non-technical measures such as policies and employee training.


Monitor and evaluate the security

It is important to monitor and evaluate your security on an ongoing basis to identify new threats and risks as well as evaluate the effectiveness of your security measures.

This also includes carrying out regular safety checks and audits.


Implement incident response plan

Finally, it is important to have an incident response plan in place to ensure your business is prepared to deal with security breaches and other cybersecurity-related incidents.

Your incident response plan should include clear guidelines for how you will handle a security breach and who will be responsible for taking action.