The Network and Information Systems (NIS) Directive (Directive (EU) 2016/1148 of the European Parliament and of the Council) seeks to achieve a high common level of security of network and information systems and applies to all EU member states.

The governance also applies to the UK both during and after Brexit, these rules also affect other companies operating in EU member states.

The NIS Directive defines two categories of organizations Operators of Essential Services (OESs) and Digital Service Providers (DSPs). The NIS Directive defines “minimum standards of due care” for protecting these critical infrastructures.

EU member states were tasked by the European Parliament to transpose the NIS Directive into national law by the 9th of May 2018 with the additional obligation to identify which OES were within the Directive’s scope by November 2018.

The aim of the NIS is to increase the security of these critical infrastructures by taking a three-pronged approach

• Increased EU co-operation
• Improved cyber security capabilities at a national level
• Risk management and reporting obligations for qualifying organizations

This one-day theory-based course has been designed by BSI’s industry leading cybersecurity consultants with the ultimate goal of providing candidates with an understanding of the NIS Directive.  Additionally, this course will provide a practical understanding of the implications and legal requirements for organizations.