NIS Regulations Gap Analysis

What is the NIS regulations gap analysis?

Conducted by cyber security experts, the NIS Regulations gap analysis will highlight shortcomings in your overall security programme, helping you to prioritise objectives and establish a roadmap for achieving full compliance with the NIS Regulations.

This gap analysis service will enable you to establish your current level of compliance against the requirements of the NIS Regulations.

• For operators of essential services (OES), the analysis will be based on the Cyber Assessment Framework (CAF) developed by the National Cyber Security Centre (NCSC).
• For digital service providers (DSPs), the analysis will be based on the requirements of the Commission Implementing Regulation for DSPs and ENISA’s “Technical Guidelines for the implementation of minimum security measures for Digital Service Providers”.

 Find out more about the NIS Regulations gap analysis service

An overview of the NIS Regulations gap analysis

What you can expect from a NIS Regulations gap analysis

A specialist cyber security consultant will work with you to interview key individuals in the organisation, assess your current cyber security arrangements and review your existing policies and procedures for relevancy, effectiveness and efficiency to determine any potential red flag areas that may indicate non-compliance with the NIS Regulations.

You will then receive a detailed gap analysis report that collates the findings of this assessment.

What will the NIS Regulations gap analysis report include?

• An analysis of the overall state and maturity of your cyber security and resilience arrangements;
• Specific details of the gaps between your current cyber arrangements and the requirements of the NIS Regulations, in accordance with either the CAF (for OES) or ENISA’s guidance (for DSPs);
• An action plan that outlines and indicates the level of internal management effort required to implement and maintain a cyber resilience programme in line with the NIS Regulations;
• A compliance status report against the individual elements of the requirements; and
• Recommendations for solutions, including resource requirements and proposed timelines.

 Download the NIS regulations Gap analysis service description

Why choose IT Governance?

• Our consultants are experienced information/cyber security specialists, possessing detailed knowledge of global frameworks and standards such as ISO 27001, ISO 27035 and ISO 22301.
• Our unique combination of technical expertise and solid track record in international management system standards means we can deliver a complete solution for NIS Regulations compliance and manage the project from start to finish.
• We have managed hundreds of projects across all industries, including healthcare, energy, transport, water, defence and aerospace.
• We have multi-disciplinary teams that can undertake rigorous penetration testing of your systems and networks, project managers to roll out compliance implementation projects, and executive expertise to brief your board and develop a suitable risk mitigation strategy.
• We deliver practical advice and work according to your budget and organisational needs.
• We deliver the entire suite of consultancy, training, tests and tools needed for NIS Regulations compliance.
• We are a CREST-approved penetration testing organisation and a Cyber Essentials certification body.
• Our team of experts can attend your site to support your organisation during an audit by a competent authority. We are also available to conduct mock compliance inspections and audits.
• We have led more than 800 ISO 27001 certification and implementation projects globally, making us a pioneer of ISO 27001, which is recommended as guidance by both ENISA and the NCSC.