regulation

Overwhelmed by Regulations? We’ve Got You Covered!

Article Maximize Operational Excellence with AI Cyber Security & Privacy

NIS2, DORA, CER, CRA and numerous other regulations are on the horizon. Are you struggling to navigate their complexities and find a unified approach to implementation? You’re not alone. Many smaller organizations face the daunting task of prioritizing and complying with these new rules, especially when time is of the essence. Fortunately, there’s a common thread that can simplify the process.

Facing a Flood of New Regulations

In recent years, organizations have been subject to a significant increase in regulatory requirements at both the EU and national levels. In particular, there has been a focus on digital operational resilience, with laws such as the Digital Operational Resilience Act (DORA) for the financial sector and the Network and Information Security (NIS2) Directive impacting a wide range of essential organizations and service providers.

Some current key examples:

  • DORA (EU 2022/2554): A regulation immediately effective for the financial sector without the need for national transposition. You can learn more about DORA and how we can help your organization implement it here.
  • NIS2 (EU 2022/2555): A directive being transposed into national laws, such as the Dutch ‘Cyberbeveilingswet (CBW)’. Learn how to increase your organizational resilience here.
  • CER (Critical Entities Resilience Directive, EU 2022/2557): Focuses on physical resilience, transposed in the Netherlands in the ‘Wet weerbaarheid kritieke entiteiten (Wwke)’.
  • CRA ( European Cyber Resilience Act): REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828

A Unified Approach to Compliance

While these regulations are complex, many of them employ a risk-based approach. This method is based on the well-known “Deming” or “Plan-Do-Check-Act (PDCA)” cycle, which provides a foundation for achieving compliance. Based on this approach, most legislation can be seen to follow a similar four-step process.

  1. Establish Clear Policies – Start with robust policies that translate regulations into clear, understandable guidelines. These policies should guide your organization on what to comply with and offer a partial ‘how-to’, ensuring consistency across the board without delving into operational checklists. Some key policy areas include: Information/Cybersecurity, Business Continuity and Outsourcing/Third-Party Management.
  2. Implement Processes and Risk Management – Policies are just the beginning. Translate them into actionable processes, work instructions, and templates. A comprehensive risk management framework is essential, offering insights into your organization’s risks, their likelihood, and potential impact. This framework aids in prioritizing actions and ensuring consistent execution.
  3. Apply and Verify Controls – Mitigating identified risks requires implementing appropriate controls. These can be administrative, organizational, or technical measures. Regulations often reference standards like ISO and NIST, emphasizing the need for regular testing to prove control effectiveness over time. An effective risk management system helps track and report these controls.
  4. Comprehensive Reporting – Insight and oversight are key to maturity and compliance. Reporting is now more stringent and standardized, especially under NIS2 and DORA. EU supervisors will likely request detailed information to gauge organizational maturity, making thorough and accurate reporting essential.

Partner with Eraneos for comprehensive compliance solutions that drive success.

At Eraneos, we specialize in guiding organizations through the complexities of new regulations, helping you achieve compliance and resilience. Our expertise spans multiple industries and regulatory frameworks, with a current focus on NIS2 and DORA.

Our services include:

  • Gap Analysis
  • Policy Development
  • Process Implementation
  • Cyber Security and Risk Management Frameworks
  • Control Implementation and Testing
  • Comprehensive Reporting
  • Project/program management

We work in close partnership with our clients to develop sustainable, future-proof solutions. By working together, we can successfully navigate these regulatory challenges and build a resilient, compliant organization. If you are ready to simplify your compliance journey, please contact us today to discuss how we can work together towards a resilient future.

Danny Bos
By Danny Bos
Senior Manager – Cyber Security

30 Sep 2024
Knowledge Hub overview