{"id":1823,"date":"2024-07-09T08:56:02","date_gmt":"2024-07-09T06:56:02","guid":{"rendered":"https:\/\/sourceminds.nl\/?p=1823"},"modified":"2025-06-25T12:28:25","modified_gmt":"2025-06-25T10:28:25","slug":"nis2-het-gaat-er-nu-echt-aankomen-dit-jaar","status":"publish","type":"post","link":"https:\/\/sourceminds.nl\/en\/blogs\/nis2-het-gaat-er-nu-echt-aankomen-dit-jaar\/","title":{"rendered":"NIS2, it's really coming this year\u00a0\u00a0"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Readtime:<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">min<\/span><\/span>\n<p>This also means it's time to check your IT contracts or take them into account when entering into new contracts. There are several points of attention to ensure that you meet the requirements and best practices of NIS2. We have listed a number of points of attention below:<\/p>\n\n\n\n<p>Security Policies and Procedures:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2022\tInclude security requirements in contracts: Specify the technical and organizational measures that suppliers must implement to comply with NIS2.<\/li>\n\n\n\n<li>\u2022\tIncident response and reporting requirements: Clear agreements on how and when security incidents must be reported, both internally and externally.<\/li>\n<\/ul>\n\n\n\n<p>Data Privacy and Protection:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2022\tData encryption and protection: Contractual obligations to protect data, both in transit and at rest.<\/li>\n\n\n\n<li>\u2022\tAccess control and identity management: Agreements on who has access to data and systems, and how this access is managed and controlled.<\/li>\n<\/ul>\n\n\n\n<p>Monitoring and Auditing:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2022\tAudit and Inspection Rights: Provisions that give you the right to audit the vendor\u2019s systems and processes to ensure compliance with NIS2.<\/li>\n\n\n\n<li>\u2022\tCompliance Monitoring: Continuous monitoring requirements and reporting obligations of the vendors.<\/li>\n<\/ul>\n\n\n\n<p>Collaboration and Support:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2022\tIncident Collaboration: Mechanisms for collaboration and coordination between parties in the event of a security incident.<\/li>\n\n\n\n<li>\u2022\tSupport and Training: Obligations of vendors to provide support and training for your organization\u2019s personnel regarding NIS2 compliance.<\/li>\n<\/ul>\n\n\n\n<p>Contractual Sanctions and Obligations:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2022\tSanctions and Liability: Clear provisions on the consequences of non-compliance with NIS2 requirements, including fines, damages and termination of the contract.<\/li>\n\n\n\n<li>\u2022\tInsurance: Agreements on insurance that provide coverage for potential security incidents and data breaches.<\/li>\n<\/ul>\n\n\n\n<p><br>Business Continuity and Recovery Plans:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2022\tDisaster recovery and business continuity planning: Obligations for suppliers to have and test effective recovery plans to ensure continuity of critical services.<\/li>\n<\/ul>\n\n\n\n<p>Legal and Regulatory Compliance:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u2022\tChanges in legislation: Provisions that anticipate changes in legislation and the obligations of the parties to comply with new or changed regulations.<\/li>\n\n\n\n<li>\u2022\tTermination and transition: Clear agreements on the termination of contracts and the secure transfer of services and data to ensure continuity and compliance.<\/li>\n<\/ul>\n\n\n\n<p>By carefully considering these aspects and incorporating them into IT contracts, you will be better prepared for NIS2 compliance and the associated security and compliance challenges.<br><\/p>\n\n\n\n<p><strong>#sourceminds<\/strong>\u00a0<strong>#itcontracting<\/strong>\u00a0<strong>#itsourcing<\/strong>\u00a0<strong>#itstrategy<\/strong>\u00a0<strong>#contractlifecyclemanagment#contractmanagement<\/strong>\u00a0<strong>#itsm<\/strong><\/p>","protected":false},"excerpt":{"rendered":"<p><span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Leestijd:<\/span> <span class=\"rt-time\"> 2<\/span> <span class=\"rt-label rt-postfix\">min<\/span><\/span>Daarmee wordt het ook tijd om de IT-contracten te checken, of rekening mee te houden wanneer&nbsp;&nbsp;nieuwe contracten gesloten worden. Er zijn er verschillende aandachtspunten om ervoor te zorgen dat je voldoet aan de vereisten en best practices van NIS2. We hebben een aatal aandachtpunten hieronder opgesomd: Security Policies en Procedures: Data Privacy en Bescherming: Monitoring [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1825,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"<!-- wp:paragraph -->\n<p>Daarmee wordt het ook tijd om de IT-contracten te checken, of rekening mee te houden wanneer&nbsp;&nbsp;nieuwe contracten gesloten worden. Er zijn er verschillende aandachtspunten om ervoor te zorgen dat je voldoet aan de vereisten en best practices van NIS2. We hebben een aatal aandachtpunten hieronder opgesomd:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p>Security Policies en Procedures:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><!-- wp:list-item -->\n<li>Beveiligingsvereisten opnemen in contracten: Specificeren van de technische en organisatorische maatregelen die leveranciers moeten implementeren om aan NIS2 te voldoen.<\/li>\n<!-- \/wp:list-item -->\n\n<!-- wp:list-item -->\n<li>Incidentrespons en meldingsvereisten: Duidelijke afspraken over hoe en wanneer beveiligingsincidenten moeten worden gemeld, zowel intern als extern.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Data Privacy en Bescherming:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><!-- wp:list-item -->\n<li>Data encryptie en bescherming: Contractuele verplichtingen voor het beschermen van data, zowel tijdens de overdracht als in rust.<\/li>\n<!-- \/wp:list-item -->\n\n<!-- wp:list-item -->\n<li>Toegangscontrole en identiteitsbeheer: Afspraken over wie toegang heeft tot data en systemen, en hoe deze toegang wordt beheerd en gecontroleerd.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Monitoring en Auditing:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><!-- wp:list-item -->\n<li>Recht op audits en inspecties: Bepalingen die je het recht geven om audits uit te voeren op de systemen en processen van de leverancier om naleving van NIS2 te waarborgen.<\/li>\n<!-- \/wp:list-item -->\n\n<!-- wp:list-item -->\n<li>Compliance monitoring: Continue monitoring vereisten en rapportageverplichtingen van de leveranciers.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Samenwerking en Ondersteuning:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><!-- wp:list-item -->\n<li>Samenwerking bij incidenten: Mechanismen voor samenwerking en co\u00f6rdinatie tussen partijen in het geval van een beveiligingsincident.<\/li>\n<!-- \/wp:list-item -->\n\n<!-- wp:list-item -->\n<li>Ondersteuning en training: Verplichtingen van leveranciers om ondersteuning en training te bieden voor het personeel van jouw organisatie met betrekking tot NIS2-compliance.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Contractuele Sancties en Verplichtingen:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><!-- wp:list-item -->\n<li>Sancties en aansprakelijkheid: Duidelijke bepalingen over de gevolgen van niet-naleving van de NIS2-vereisten, inclusief boetes, schadevergoedingen en be\u00ebindiging van het contract.<\/li>\n<!-- \/wp:list-item -->\n\n<!-- wp:list-item -->\n<li>Verzekeringen: Afspraken over verzekeringen die dekking bieden voor mogelijke beveiligingsincidenten en datalekken.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p><br>Business Continuity en Herstelplannen:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><!-- wp:list-item -->\n<li>Disaster recovery en business continuity planning: Verplichtingen voor leveranciers om effectieve herstelplannen te hebben en te testen om de continu\u00efteit van kritieke diensten te waarborgen.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Juridische en Regelgevende Compliance:<\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:list -->\n<ul><!-- wp:list-item -->\n<li>Veranderingen in wetgeving: Bepalingen die anticiperen op wijzigingen in wetgeving en de verplichtingen van de partijen om te voldoen aan nieuwe of gewijzigde regels.<\/li>\n<!-- \/wp:list-item -->\n\n<!-- wp:list-item -->\n<li>Be\u00ebindiging en overgang: Duidelijke afspraken over de be\u00ebindiging van contracten en de veilige overdracht van diensten en data om continu\u00efteit en compliance te waarborgen.<\/li>\n<!-- \/wp:list-item --><\/ul>\n<!-- \/wp:list -->\n\n<!-- wp:paragraph -->\n<p>Door deze aspecten zorgvuldig te overwegen en op te nemen in IT-contracten, bent u beter voorbereid zijn op de naleving van NIS2 en de bijbehorende beveiligings- en compliance-uitdagingen.<br><\/p>\n<!-- \/wp:paragraph -->\n\n<!-- wp:paragraph -->\n<p><strong>#vandorpmanagementconsultancy<\/strong>&nbsp;<strong>#itcontracting<\/strong>&nbsp;<strong>#itsourcing<\/strong>&nbsp;<strong>#itstrategy<\/strong>&nbsp;<strong>#contractlifecyclemanagment<\/strong><strong>#contractmanagement<\/strong>&nbsp;<strong>#itsm<\/strong><\/p>\n<!-- \/wp:paragraph -->","_et_gb_content_width":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1823","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogs"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/posts\/1823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/comments?post=1823"}],"version-history":[{"count":1,"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/posts\/1823\/revisions"}],"predecessor-version":[{"id":2895,"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/posts\/1823\/revisions\/2895"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/media\/1825"}],"wp:attachment":[{"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/media?parent=1823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/categories?post=1823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sourceminds.nl\/en\/wp-json\/wp\/v2\/tags?post=1823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}