CANCOM Austria is your reliable partner when it comes to preparing for an NIS audit, creating guidelines and processes, setting up an ISMS and implementing the necessary measures. If required, our experts will also support you in formulating requirements for service providers and suppliers and in quickly resolving incidents through proper incident management.
NIS audit
Energy, transport, banking and financial marketinfrastructures,healthcare, drinkingwatersupplyand digital infrastructure
The NIS Directive and the NIS Act.
The Network and Information Systems Directive (NIS Directive) aims to ensure a high standard of security for network and information systems within the European Union. The directive is implemented in Austria by the NISG, which has been in force since the end of 2018.
The law obliges operators of essential services to implement security measures and report security incidents immediately. A corresponding audit by a qualified body is required as proof in accordance with the NISG. Providers of digital services (online marketplaces, online search engines and cloud computing services) must also take appropriate security measures and can voluntarily have themselves audited by a qualified body.
You've come to the right place: CANCOM Austria is a qualified NISG test center.
Since spring 2020, CANCOM Austria's status as a Qualified Body (QuaSte) under the NISG has been confirmed by the NIS Department of the Federal Ministry of the Interior. CANCOM Austria can look back on many years of experience in consulting and auditing in the field of information security. We are authorized to audit both the organizational and technical requirements of all specialist areas under the NISG. Be it organizational topics such as processes and responsibilities or technical measures such as emergency plans and resource planning. We are available to our clients and partners as a point of contact for the preparation, implementation and review of security measures in all categories of the NIS Ordinance and have already successfully implemented the first projects.
Organizational security and technical security: CANCOM Austria relies on proven testing processes.
CANCOM is in a position to examine all relevant aspects in connection with the NISG. This makes CANCOM one of the few organizations in Austria that can cover all areas of the company.
One of our strengths: Our security experts are represented regionally in all federal states and are close to our clients. Thanks to our many years of auditing experience, for example with ISMS (ISO27001) and GDPR, as well as our experience in many of our own certification procedures, our audit processes are characterized by a high degree of maturity.
As part of the testing process, we work in the following two areas:
organizational security
- Governance and risk management
- Dealing with service providers, suppliers and third parties
technical security
- Security architecture
- System administration
- Identity and access management
- System maintenance and operation
- Physical security
- Incident detection
- Incident management
- Operational control
- Crisis management
This means you are well prepared for the audit.
This is how we proceed: The CANCOM Austria NIS audit.
As part of the NISG inspection processes, we work with our own inspection audits at the organizational and technical level.
- We check whether the description and documentation of the security measures in place are organizationally and technically compliant with the requirements of the NISG.
- We check whether security measures are adequately defined.
- We check the security measures to ensure that they correspond to the latest state of the art.
- We check the effectiveness of the measures for compliance with the standards required by the NISG.
Phase 1: Preparation and planning.
We attach great importance to the preparation and planning of the testing process. This is the basis for all subsequent steps and ongoing coordination. The employees relevant to the NISG audit on the customer side and the security experts from CANCOM Austria come together and work out a detailed requirements and audit plan. What? Where? When? How? Naturally, all necessary information and documentation is included in this initial phase and should be available.
Phase 2: Examination of the measures.
Processes, documents, responsibilities, emergency plans and resources are reviewed. When reviewing the technical aspects, CANCOM Austria relies on a comprehensive tech review or an internal or external penetration test, among other things.
Phase 3: Evaluation and report.
A comprehensive final report is the result of the audit process. All audit measures and results are presented clearly and transparently in the report, along with recommendations for action. The four-eyes principle applies: CANCOM Austria's final reports go through an internal QA process in which another auditor verifies the results. In addition, the "NIS review form" required by the NIS authority is issued in the currently valid version.
Phase 4 (optional): Presentation of results and final workshop.
The results are presented and the findings discussed at a NISG workshop. Objective: The joint development of measures based on corresponding recommendations for action.
Essential services and digital services: Talk to CANCOM Austria about NISG compliance in your company.