News/Blog < Go Back

NIS Directive - Security measures for DSP's

The Network and Information Security (NIS) Directive will be implemented into UK law on 9 May 2018 and requires Digital Service Providers (DSPs) to comply with specific security requirements and incident reporting obligations. 

The headlines from the Consultation Paper:

  • No greater definition has been provided on who is a DSP. Digital Service Providers remain defined as operators of:
    • Online market places: a platform that acts as an intermediary between buyers and sellers facilitating the sale of goods or services and which represents the final destination for the conclusion of the relevant contracts (sites that redirect users to other sites where final contracts are made, such as price comparison sites, are not in scope)
    • Online search engines: services that allow users to search public parts of the world wide web
    • Cloud computing services - primarily:
      • Infrastructure as a Service
      • Platform as a Service
      • Software as a Service
  • The Information Commissioners Office (ICO) will be the Competent Authority for DSPs
  • It is likely that it will be mandatory for UK DSPs to register with the ICO following 10 May, 2018
  • No further statement is made on fines and so we expect no change from the £17m single maximum fine

Security measures for DSPs:

The anticipated security requirements for DSPs:

  • systematic management of network and information systems –
    • mapping policies, risk analysis, HR, security architecture, data and system life cycle management and encryption
  • physical and environmental security on an "all hazards" approach
  • security and traceability of critical supplies
  • access controls guarding availability of system and network

Expected incident handling requirements:

  • detection processes in place and tested regularly processes
  • policies on incidents and to identify weaknesses
  • established response procedures
  • the ability to assess incident severity and capture learning from incidents

Expected business continuity management requirements:

  • establishment and use of continuity plans that need to be regularly tested and assessed through exercises
  • disaster recovery capabilities in place
  • monitoring audit and testing

For more information on Total Business Groups IT support services please visit or call 0191 4900 822

IT SupportClick here to book your free audit of your current print services Copiers & PrintersSee out range of new and used copiers and printers