A central topic of this year’s Work + Travel event was [and continues to be!] our intensive examination of the NIS2 directive. It is clear to us that the new EU-wide cybersecurity requirements are a wake-up call – not only for us, but also for many of our clients, for whom they represent a significant challenge.

As we see it, the requirements of the NIS2 directive are comprehensive, no question about it. At the same time, the specific design of many measures often remains a challenging task of interpretation. Companies are required to apply the requirements to their own environment in a clever way and find a truly suitable framework for implementation.

NIS2 affects us on two levels: on the one hand as an implementation partner with comprehensive expertise, and on the other as a part of our clients’ critical supply chain – with direct responsibility for security and compliance.

This is precisely where we see our role and our mission as a reliable partner: we want to use our expertise and experience to competently guide our clients through this process. Our aim is to support them in not just ticking off NIS2 as a compulsory exercise, but to fundamentally and sustainably strengthen their IT security. With the holistic approach of our Continuous Security Improvement, we can and want to help them tackle the diverse technical, organizational and procedural requirements efficiently and from a single source.

How do we tackle this? Our practical approach for a successful NIS2 implementation is based on the following steps:

• We intensively review existing systems – from architecture and operations to authentication and encryption – and create a sound basis for targeted improvements.
• Together with our clients, we identify specific optimization potential in processes, applications and infrastructure and implement targeted measures – pragmatically, effectively and individually.
• We develop comprehensible, prioritized and tailored roadmaps for the NIS2-compliant further development of the security architecture.
• We support the continuous improvement process in the long term – with regular assessments, extended CVE alerting and support for security-relevant updates and patches.
• Together with our clients, we set the right priorities in order to proceed in an effective and resource-efficient manner.

Our overarching goal is to make our clients fit for the future: with auditable documentation and robust, traceable processes. This means that they are ideally equipped for internal audits and official inspections and can ensure their compliance in the long term.

We firmly believe that IT security worthy of the name must be based on the principle of an evergreen strategy. For us and our daily work, this means consistently focusing on continuous adaptation, proactive action and constant improvement. Because we are certain that this is the only way to reliably guarantee lasting protection in a rapidly changing threat landscape.