The new version of the ISMS add-on is fully in line with the upcoming NIS-2 Implementation and Cyber Security Strengthening Act, NIS2UmsuCG for short. An overview of the requirements for affected companies resulting from the NIS2UmsuCG and a new object type “security incident” are included in version 1.6 of the ISMS add-on.
When the NIS2UmsuCG comes into force at the beginning of next year, an estimated 30,000 companies in Germany will be subject to the rules of this national implementation of the EU’s NIS2.0 Directive. In addition to the establishment of an ISMS and the associated introduction of risk assessment methods and risk treatment measures, the affected companies will also be subject to mandatory reporting and documentation obligations for security incidents. With the new version 1.6, security incidents can now also be documented with the ISMS add-on.
New features of the ISMS 1.6 update in detail:
Introduction of a “security incident” object type with a category of the same name
In order to meet the documentation requirements for security incidents, a new object type “Security incident” has been introduced. The most important data of the security incident and the time of reporting to the authorities can be entered in the “Security incident” category, which is also new. The “Risk assessment (incident)” category has also been linked to the security incident object type in order to document the affected protection values, the estimated effects, the measures already taken and the planned treatment measures.
List of requirements from the NIS2UmsuCG
A list of requirements* that companies affected by NIS2UmsuCG must implement was created from the previous draft law. These requirements can be imported as standard requirements with direct reference to the respective legal text; the import file is included with the ISMS add-on.
* The breakdown into individual requirements comes from the table “NIS2 requirements and standards” on openkritis.de (https://www.openkritis.de/massnahmen/nis2-mapping-standards-implementing.html)
Bug fixes
As in every release, the open bugs have of course also been fixed. A complete list of all fixed bugs can be found in the CHANGELOG.
The NIS2 Directive
The NIS2 Directive (Network and Information Security Directive) is to be implemented by national law by October 17, 2024 and tightens cyber security requirements for a large number of industries across Europe. Its aim is to better protect critical infrastructures and digital services from cyber attacks.
You can find out more about the challenges and whether your company is affected by the directive here: https://www.becon.de/nis2-richtlinie/
Your partner for NIS2-compliant ISMS
The challenges that NIS2 and other regulatory requirements pose for companies with critical infrastructures are manifold – but with the right strategy and the right tools, they can be overcome.
If you want to ensure that your company is optimally prepared for the new regulations, take advantage of the non-binding consultation with our experts. Together, we will find out how you can introduce and successfully implement NIS2 on the basis of our ISMS (Information Security Management System). We will find out how “ISMS out of the box” can be tailored specifically to your needs and support you in efficiently mapping, managing and securing all requirements in the system. From risk analyses and project plans to complete documentation – our tool supports you every step of the way to NIS2 compliance.
Online workshop – Setting up an information security management system with i-doit
ISMS VIVA2 Workshop on November 13, 2024 Limited places. Register now and secure your place!
premium partner
becon is an i-doit Premium Partner, Certified Support Partner and Development Partner and thus provides the all-round carefree package.
becon blog
More articles on this topic
Get in touch with us!
We look forward to hearing from you.
Do you have any questions or are you facing a particular challenge? Our dedicated team will be happy to provide you with a no-obligation consultation.