News

The NIS2 deadline is on your doorstep – and ServiceNow can help

Rik Burgering
4 min read
The NIS2 deadline is on your doorstep – and ServiceNow can help

If you’re in compliance or IT we understand if you’re feeling the pressure. Between regulations like NIS2 and DORA, and other industry standards such as ISO 27001, along with your changing tech ecosystem and threat landscape, you have plenty to keep on top of. 

As of 17th October 2024, all providers of essential services and infrastructure – including digital infrastructure – will need to be compliant with the NIS2 Directive. Across EU member states and nations that do business in the EU, sectors as far ranging as finance, transport, healthcare, energy, and telecom will need to be ready. 

What NIS2 is requiring of you – and why 

Issued on 27th December 2022, the NIS2 directive gave EU member states 21 months to comply. We know this timeframe hasn’t been easy for everyone. One recent study showed that 62% of IT Leaders say the NIS2 framework represents a significant departure from their current strategy. And the difficulties of adapting sparked the Netherlands to admit that they will not hit the deadline.  

That said, NIS2 compliance is important. And not just because large organizations in critical sectors could face a maximum fine of $10.8 million if they don’t comply.  

In a sense, the threat landscape demands it. The number of hacktivist attacks against European infrastructure doubled from the fourth quarter of 2023 to the first quarter of 2024. Complying with NIS2 will mean companies are better prepared for this escalating threat – with better measures in place to manage network and information security, incident reporting and digital operational resilience testing. This culture of security will result in more robust organizations – and a more robust society as well.  

The steps to achieve NIS2 compliance  

If you can turn NIS2’s predefined set of policies into a series of tangible, practical steps, you can, as they say, take one bite of the elephant at a time.  

1. Connect NIS2 policies to objectives that are relevant for your organization. Once this has been done, your team can scope the work and turn the objectives into a workflow. 
2. Measure progress. Depending on the step, validation might simply require a manual sign-off from an authorized party. If it depends on a query or preformatted internal data or external information from suppliers – such as a certification – you might be able to automate the validation process.  
3. Consider all elements of your cyber posture, continually. Although there’s a formal cut-off date to become NIS2 compliant, maintaining compliance is a continuous process. It’s worth imagining the path ahead like a project cycle that also considers other regulations and standards, rather than as a project with an end date. 
4. Prepare for audits. The regulator will carry out audits every two years. With NIS2 it’s not enough to become compliant, since audits will be carried out every two years. You need to stay compliant, and you need to prove you’re working to stay compliant – and ServiceNow can be of great help here. 

How ServiceNow can help with NIS2 compliance  

There are several solutions with ServiceNow that can help you meet your objectives as you strive to stay compliant with NIS2’s predefined policies. 

  • ServiceNow IRM (integrated risk management) solution  
    • Policy and Compliance Management  
    • Risk Management  
    • Audit Management  
    • Vendor Risk Management 
    • Business Continuity Management  
    • Enterprise Risk Management  
    • Operational Risk Management  
    • IT Risk Management   
  • ServiceNow Security Operations (SecOps) solution  
    • Security incident response 
    • Vulnerability response 
  • ServiceNow Vault  
    • Platform encryption 
    • Data anonymization 
    • Code signing 
    • Secret management 

ServiceNow will also assist you with the NIS2 transition as a whole. So to take ICT project management as an example, your policy might require that changes with a major impact should always go through a change advisory board. With ServiceNow, you can have this policy and the relevant data and workflow connected. This cycle won’t only ensure you stay compliant, it’ll prove you are compliant with a comprehensive audit trail.  
 

We’re here for you as you strengthen your compliance posture 

With NIS2 compliance, there’s a set way to get from A to B. And if you can make the journey visible, turning it into a cycle of tasks to complete, this will help everyone to make the transition. Your compliance won’t only help you to avoid fines from the regulator, you’ll find it easier to do business in Europe and you’ll strengthen the governance aspects of your ESG strategy. 

If you’d like to know more about NIS2 or how DXC can help with ServiceNow implementation, speak to an expert

Photocredits: Alexandre Lallemand via Unsplash

Do you want more information?

Do you have a question? Of maybe a remark? Please don't hessitate to use the contact form, send us an e-mail or just call us. We are there to help you!

Get in touch