Step 1: Am I affected by NIS2?
Determine if your organization falls within the scope of the Belgian NIS2 Law using the provided scope test tool. This step is crucial as it identifies whether your organization or its supply chain needs to comply with NIS2 requirements.
Step 2: Register your NIS2 entity ASAP
All NIS2 entities must register on Safeonweb@Work. Entities in the digital sector must register by December 18, 2024, while all other NIS2 entities have until March 18, 2025.
Step 3: Report significant incidents
Starting October 18, 2024, NIS2 entities must notify the Centre for Cybersecurity Belgium (CCB) about significant incidents that impact their services.
Step 4: Determine your CyberFundamentals (CyFun®) level
Use the CyFun® Selection Tool to identify the appropriate assurance level (basic, important, or essential) for your organization.
Step 5: Plan cybersecurity training
Boards and management need to be trained in cybersecurity to fulfill their responsibilities under NIS2. It’s recommended to plan this training before April 2025. Employee training is also essential as part of your overall cybersecurity measures.
Step 6: Implement security measures
Conduct a gap analysis using the CyFun® Self-Assessment Tool and implement the required measures. Your implementation plan should gradually incorporate cybersecurity measures, considering the review deadlines.
Step 7: Review and update regularly
Regularly review and update your cybersecurity measures to ensure ongoing compliance with NIS2. This includes revisiting your incident response plans, training programs, and security measures to adapt to new threats and changes in the regulatory environment.
You find the entire Quickstart Guide on the Safeonweb@work website.