NIS Directive and Framework

  • Will apply to “operators of essential services”
    • Broadly Critical National Infrastructure organisations plus Digital Service Providers
  • Organisations must report incidents to Competent Authorities
  • Security Requirements:
    • take appropriate and proportionate technical and organisational measures to manage the risks posed to the security of network and information systems in the provision of their service; and
    • take appropriate measures to prevent and minimise the impact of the incidents affecting the security of the network and information systems used in the provision of their service.
  • Incident reporting for operators of essential services
    • incidents where operators have to take action to maintain supply, provision, confidentiality or integrity of the service; and
    • incidents where software/intrusions are found that could potentially disrupt, or allow to be disrupted, the supply, provision, confidentiality or integrity of the service
  • Penalties similar to GDPR – up to £17m
    • Examples include failure to cooperate with the competent authority, failure to report a reportable incident, failure to comply with an instruction from the competent authority, failure to implement appropriate and proportionate security measures.

NIS Directive Objectives

  1. Objective A. Managing security risk
    • Appropriate organisational structures, policies, and processes are in place to understand, assess and systematically manage security risks to the network and information systems supporting essential services.
  2. Objective B: Protecting against cyber attack
    • Proportionate security measures are in place to protect essential services and systems from cyber attack.
  3. Objective C: Detecting cyber security events
    • Capabilities to ensure security defences remain effective and to detect cyber security events affecting, or with the potential to affect, essential services.
  4. Objective D: Minimising the impact of cyber security incidents
    • Capabilities to minimise the impact of a cyber security incident on the delivery of essential services including the restoration of those services where necessary.

NIS - High Level Security Principles (Annex 3)

cumulo dashboard

Top Level Features

    e2e-assure combines the very best tools, developed in-house to support our SOC as a Service concept, with the very best staff, recruited via the Cyber Security Challenge UK and the SANS Cyber Academy with continuous further training to deliver a world-class service to our customers.

    We will protect your critical assets from cyber attacks and security breaches with our continuous security monitoring and active incident response SOC service to defend your business and important data.

  • The Protective Monitoring and SOC service enables you to meet your NIS requirements. It provides continuous security monitoring and active incident response to defend your business.
  • Meets the NIS Security Requirements, prevents and minimises the impacts of incidents, investigates and supports reporting to the appropriate Authority.
  • The service provides people, technology and processes to deliver cost effective, high value protection.
  • Quick to implement, with immediate benefit.

The solution is simple, don't get caught out!

Can you afford to do nothing?

We have online demo's available and you can try before you buy.

Click here to request an online demo, here to contact us for more info or take a look at our Protective Monitoring and SOC Service in more detail.



  • GCIA
  • GREM
  • GCFE
  • GCIH
  • GSEC
  • GAWN
  • GCTI
  • GCDA
  • GCFA
  • GMON
  • GXPN
  • GPWN
  • CLAS
  • BSI
  • CESG
  • CES Plus


  • HM Government
  • Cyber Security Challenge
  • Tech UK
  • Crown Commercial Supplier
  • IOD
  • BCS
  • ADS


  • HEX
  • Risual
  • UKCloud
  • Surevine
  • Surevine
  • Surevine