The global community for Corporate Sustainability Leaders

by osapiens
Ask question
Home | NIS 2 | Incident Reporting
What are you looking for?

Incident Reporting

Coordination between EU countries

The NIS 2 Directive promotes cooperation and coordination between EU countries on information security, which requires Member States to:

  1. Adopt cybersecurity strategies
  2. Designate or establish competent authorities
  3. Call Cybersecurity Crisis Management Authorities
  4. Provide unique cybersecurity touchpoints
  5. Form Computer Security Incident Response Teams (CSIRTs).
  6. In addition, further institutions have been created, such as the European Cyber Crisis Liaison Organization Network (EU-CYCLONe) and the European Cybersecurity Agency (ENISA).

Notification obligations

Essential and important entities should promptly report incidents with significant impact to their reference CSIRT. Significant impact means:

  • Has caused or is likely to cause serious operational disruption of services or economic loss to the affected entity
  • It has affected or may affect other natural or legal persons by causing considerable material or non-material damage.

In case it happens, the entity must notify its CSIRT of reference (computer security incident response team) or, where appropriate, its competent without delay. The general procedure will be:

  • First notification to the CSIRT, an early warning within the first 24 hours of becoming aware of it.
  • An incident notification must be sent within 72 hours, updating the alert and with an initial assessment indicating its severity and impact, as well as the IoCs (indicators of compromise) when available. This period will be 24 hours for trust service providers.
  • The authorities or CSIRT may request an interim report containing the relevant updates on the situation.
  • Final report, no later than one month after submitting the notification of the incident, which must include the following elements:
  • Detailed description of the incident, including its severity and impact.
  • The type of threat or root cause that likely triggered the incident.
  • Palliative measures applied and in progress.
  • Where applicable, the cross-border impact of the incident.
  • If the incident is still ongoing at the time of submission of the final report, Member States shall ensure that the entities concerned submit a progress report at that time and a final report within one month of having handled the incident.

If it is a cross-border or cross-sectoral incident, the CSIRT will inform the single point of contact at national level, in a timely and appropriate manner, which will be responsible for transmitting these notifications to other countries or to other authorities in other sectors.

 

Asked questions 0 Answered questions 0 Opened questions 0 Documents 0 Videos 0
ESG Peers
ESG Regulations
EUDR
EUDR Commodities
CBAM
CBAM Goods
CCF
Scope 3 – Supply Chain emissions
CSRD
CSRD Reporting Standards and Disclosure Requirements
ESG Cross-Cutting Standards
Topical Standards
CSDDD
WHISTLEBLOWER
SANCTION LISTS
EU TAXONOMY
PCF
How to calculate a Product Carbon Footprint?
DPP
NIS 2
Knowledge Base