ISMS 2024: What companies need to know now about NIS2, DORA, CRA and ISO/IEC 42001
The demands on information security are increasing rapidly and with them the regulatory pressure. Cyber attacks such as ransomware, supply chain attacks and targeted attacks on critical infrastructures have long been part of everyday life. At the same time, NIS2, DORA, CRA and ISO/IEC 42001 are four key regulations that affect companies of all sizes and from all industries. A structured ISMS (Information Security Management System) thus becomes the indispensable basis for a legally compliant and resilient security architecture. Those who fail to act now risk not only fines, but also considerable competitive disadvantages.
NIS2 – The new basic requirement for many companies
The revised NIS2 Directive will apply from October 2024. Companies with 50 or more employees or an annual turnover of over 10 million euros may already be affected, especially if they operate in critical sectors. The most important requirements include the introduction of an information security management system (ISMS), regular risk analyses, business continuity measures and reporting obligations for security incidents. The management bears personal liability. Our tip: Start with a gap analysis to determine your current implementation status.
DORA – Resilience for the financial sector
From January 2025, DORA will be mandatory for all financial companies in the EU. Banks, insurance companies and relevant IT service providers must strengthen their digital resilience, ICT risk management and incident reporting. Here too, an early GAP analysis and review of existing emergency management systems is recommended.
CRA and ISO/IEC 42001 – Security for digital products and AI
The Cyber Resilience Act (CRA) will regulate the entire value chain of digital products – from development to marketing – from 2026. Manufacturers, developers and importers of hardware and software are obliged to implement “security by design” and establish vulnerability management. The new ISO/IEC 42001, in turn, is the international standard for the secure handling of artificial intelligence and addresses AI-specific risks such as bias, lack of transparency and lack of traceability.
Recommendations for a future-proof ISMS strategy
Companies should now prioritize measures, carry out GAP analyses and integrate new standards such as ISO 42001 into existing management systems. Raise awareness among managers and specialist departments, because information security is no longer just an IT task, but a strategic core function.
Conclusion:
A holistic ISMS that integrates IT, OT, AI, data protection and business continuity is the basis for sustainable security and compliance. Those who act early minimize risks and secure clear competitive advantages. We are happy to support you from the GAP analysis to the implementation of practical solutions.
Would you like to find out more or get started right away?
Contact our team – together we can make your company fit for the new information security requirements! Get ahead and in touch with us – info@expertsinstitut.de
Read our entire blog: https://experts-institut.de/newsroom/
And feel free to follow us on LinkedIn: https://de.linkedin.com/company/expertsinstitut
Consultant & Datenschutzbeauftragter von Experts Institut
Fachgebiete:
- Zertifizierter Datenschutzbeauftragter
- Microsoft 365 und Azure Active Directory Administration
- Interner Auditor
- Projektmanagement
- Datenschutz
- Informationssicherheit (BSI-Grundschutz, ISO2700X, ISO27701, TISAX, B3S/KritisV)
- Qualitätsmanagement
- Business Continuity Management
- Risikomanagement
- Prozessmanagement & Optimierung
- Internes Kontrollsystem (IT-/Prozesskontrolle)
- Audit & Prüfungsbegleitung (ISO27001, ISA315, ISAE3000)
Consultant mit Schwerpunkten in den Themengebieten Informationssicherheit, Business Continuity Management, Risikomanagement, IT-Compliance, Qualitätsmanagement, Digitalisierung & Transformation
