IT Governance Blog: GDPR and NIS as a Cloud service provider
The way Cloud service providers in the UK operate has changed dramatically in the past few years, thanks to a pair of regulations that took effect.
The first – the EU GDPR (General Data Protection Regulation) – should be familiar to most, but you also need to understand the NIS Regulations (Network and Information Systems Regulations 2018).
Both of these place an added emphasis on organisations’ ability to prevent data breaches and ensure that critical infrastructure remains operational in the event of a disruption.
Streamlining compliance
Both regulations contain a long list of requirements, many of which we discuss in our GDPR and NIS Regulations blogs.
When it comes to implementing those requirements, there’s much overlap in the general approach and specific measures. This means that a lot of the work you do for one set of requirements can be replicated for others.
For example, both regulations focus on security, incident response and performance evaluation, and they each establish requirements for incident reporting.
Additionally, both stipulate that these measures should be risk-based and recognise technical and organisational solutions.
This shouldn’t be a surprise because risk-based approaches are at the heart of cyber security and business continuity.
Without accurate information about the threats you face, it’s difficult to make sure you’re allocating resources correctly and addressing issues adequately and proportionately.
Getting started
Knowing where to begin with a project is often an organisation’s biggest challenge, but this is doubly true for information security and business continuity.
There is so much pressure to get it right. Mistakes early on won’t only lead to delays and sunken costs; they could also jeopardise an organisation’s security and result in fines or disciplinary action.
You can make sure you get started on the right track by downloading NIS Regulations 2018 – A compliance guide.
This free green paper goes into more detail about how you can make the regulations work for you. It explains the key requirements you need to meet and helps you simplify the compliance process.
It also includes advice on the steps you can take to ensure compliance and suggests tools and services that you can use.
A version of this blog was originally published on 8 November 2018.