NIS2: Working towards compliance with Cyberday (3/3)
This is the final part of our three-part blog series handling the NIS2 Directive. Make sure to read part 1: Get familiar with the NIS2 Directive: Exploring its background and improvements and part 2: NIS2: who's in the scope before this one!
As mentioned in the previous parts of the blog series, NIS2 brings various requirements for organizations. It can be time consuming to try to keep up with the requirements, so we at Cyberday offer a solution to make information security management easier. Cyberday helps organizations build a structured and clear ISMS and improve security standards.
Start working towards compliance
Starting to work towards compliance easily by just activating the NIS2 framework in Cyberday. Open Organisation dashboard and click Edit frameworks. Then activate the NIS2 framework. When activated, the framework will show your current compliance level and active tasks, if you're already working with other frameworks.

Share responsibilities within your organisation
Working towards getting compliant is easier in a team. You can add team members and delegate different responsibilities to different people in Cyberday. Read more about user management and user levels in Cyberday. Delegating responsibilities is easy. Just assign owners to themes from the Organisation dashboard. Read more about delegating tasks from our article How to delegate tasks in Cyberday.

Gathering assurance: fulfilling tasks
With the help of Cyberday, you can identify and document your assets, systems, processes, and services and further establish controls with the help of our policies and tasks. For most of our tasks, we provide ready to use templates and examples.
Once you click on a theme, you will see the list of policies in the selected theme. The policies include the different tasks you need to fulfill in order to gather assurance and prove compliance for the policy. In the theme card, in addition to the policies, you can also see linked documentation items, guidelines and reports. Click on a policy to get to the overview of tasks included in the policy. You can activate the tasks separately or mark them as non-relevant, if they are not suitable for your organization. You can add additional tasks and assurance at any point later on. Read more about working with tasks in Cyberday.


Manage risks
Linked requirements in NIS2: 21.2-4
As NIS2 brings along numerous requirements for organizations, it can be difficult to stay up to date with all of them. Cyberday helps you document and manage risks easily. Identifying risks in Cyberday works with the help of our automated cyber security risk identification when activating information security tasks or simply by risk identification through incident or change handling. You will create a documentation list of all of the risks in Cyberday directly, so you can treat and follow them later on as well.

You can easily pre-process the risks in Cyberday, for example by identifying related assets and the tasks, which are currently managing the risk. Once a risk is identified and pre-processed, you can move on to the risk evaluation and the risk treatment processes. You can find instructions and “templates” for the different steps in Cyberday (see screenshot below). Simply select the correct choices, by i.e. answering questions, linking tasks and checking up on the treatment process status. Mark a risk as done and close the treatment process to keep an overview of open and closed risks. Once a risk is being treated, you can ensure the monitoring i.e. by setting review cycles.

Read more about risk management tools in Cyberday from our blog: Information security risk management in Cyberday: Identifying risks, evaluation, treatment and closure
Incident management
Linked requirements in NIS2: 23.1
As mentioned in the previous blog posts, NIS2 requires organizations to report incidents. In Cyberday, every employee can report an incident from their Guidebook.

Admins can view the reports from their account and handle them according to requirements. Read more about Incident management in Cyberday.
Supply chain security
Linked requirements in NIS2 21.2d and 21.3
In Cyberday, you can make partner management systematic. You can document e.g. system providers and personal data processors and use this info on reporting. You can also define owners, who have the main responsibility for maintaining the partner relationship. In addition, you can document e.g. the status of contracts and many other related things.
In the partner management policies, the own measures for partner security are specified, which aim to sufficiently ensure the digital security level of partners.
We are also introducing new features for partner monitoring in Cyberday soon, through which an information security questionnaire can be sent to the defined partners with a desired level of accuracy, and thus collect additional evidence of the partner's readiness level.

Manage employee awareness
Linked requirements in NIS2 20.2
Cyberday provides you with different tools to guide and train your employees. In contrary to most other ISMS tool providers, Cyberday is not only being used for the compliance work itself. The employee awareness is a crucial part for your cyber security work, and therefore, we have created a tool for you within Cyberday to not only provide, but also to track the employee awareness training. Each of your employees will get (limited) access to Cyberday in order to have an own Guidebook. The Guidebook has all of the guidelines, which are specifically made for this employee, based on his user group. I.e. if the employee is in HR, (s)he surely has some other guidelines in addition to the basic ones compared to a developer of your organization. You can select who will see which guideline. Your employees will be able to read and accept the guidelines, as well as being reminded to re-read them once a year. You can also activate case examples and skill tests in Cyberday for even better training of your employees. As an admin, you can follow the training and acceptance status at any time to ensure, that your employees are on a good path t keep your organization safe. Read more about our employee Guidebook here.

Prove compliance with reports
One important step in collecting provable material of compliance is creating reports. You can not only create reports for you or your team, but also share them with i.e. members of your supply chain, chosen customers or stakeholders.
Cyberday gives you a great choice of reporting templates. The reports are automatically created for you. Cyberday fetches all the information needed from the information you are adding to the tasks. You can create reports and adjust them in different languages and for different purposes with our agile templates in our reporting section. Read more about the reporting feature in Cyberday.
Follow your progress
One great way to see your current process and compliance level in one simple overview is the report “Requirements by status” in Cyberday. This amazing report will fill more and more green, depending on how many of the tasks are already compliant. The goal is to create a fully green map. You can simply click on the different cards in the map and jump straight to the right section with the information about the specific requirement. You can also get an idea of the total amount of requirements and the implementation status.

Questions and feedback
Do you have any further questions, would need another help article, or would like to give some feedback? Please contact our team via team@cyberday.ai or the chat box in the right lower corner.