Content library
Cyber security management
Assessment of conformity (Belgium)
Risk management and leadership
Cyber security management

Assessment of conformity (Belgium)

Start free trial

Task description

Assessment of conformity (Belgium)

Conformity of the organization is ensured by passing a mandatory regular conformity assessment. To carry out this assessment, the organization can choose from three options:

  • A CyberFundamentals (CyFun®) certification (level essential) or verification (level important or basic) with the relevant scope of application, granted by a conformity assessment body (CAB) approved by the CCB after accreditation from BELAC
  • An ISO/IEC 27001 certification with the relevant scope of application, issued by a CAB accredited by an accreditation body that has signed the mutual recognition agreement (MLA) governing the ISO 27001 standard within the framework of the European co-operation for Accreditation (EA) or the International Accreditation Forum (IAF)
  • An inspection by the CCB inspection service (or by a sectoral inspection service).

The conformity assessment statement that the organization receives after the conformity assessment of their chosen framework, allows them to benefit from a presumption of conformity. Until proven otherwise, they are presumed to have respected their obligations.

Requirements connected to the task

39: Conformité et audits
La loi NIS2 (Belgique)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Creation and maintenance of the information security plan report
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessa
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Creation and maintenance of the information security plan report
Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
Cyber security management
39
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
1.1.1: Availability of information security policies
TISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Information security policy -report publishing, informing and maintenance
Defining and documenting security objectives
Critical
High
Normal
Low
Cyber security management
23
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting security objectives
Executing and documenting internal audits
Critical
High
Normal
Low
Cyber security management
33
requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
Članak 35: Provedba samoprocjene kibernetičke sigurnosti
NIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
1.5.1: Assessment of policies and requirements
TISAX
39: Conformité et audits
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Executing and documenting internal audits
Creating and maintaining a statement of applicability
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

6.1: Information security risk management
ISO 27001
7.5: Requirements for documented information
ISO 27001
1.2.1: Scope of Information Security management
TISAX
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining a statement of applicability
Identification, documentation and management of other information security requirements
Critical
High
Normal
Low
Cyber security management
18
requirements

Examples of other requirements this task affects

7.1.1: Compliance management
TISAX
30 § 2°: Évaluation des risques et mesures de gestion
NIS2 Belgium
1.1.1: Identify the organisation’s strategy and priorities
NSM ICT-SP
DE.DP-2: Detection activities comply with all applicable requirements.
CyberFundamentals
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Identification, documentation and management of other information security requirements
Internal audit procedure -report publishing and maintenance
Critical
High
Normal
Low
Cyber security management
17
requirements

Examples of other requirements this task affects

ID.GV-3: Legal and regulatory requirements
NIST
14.6.: Vadovybės atsakomybė
NIS2 Lithuania
7.5: Requirements for documented information
ISO 27001
9.2: Internal audit
ISO 27001
CC1.5: Accountability for responsibilities
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Internal audit procedure -report publishing and maintenance
ISMS description and maintenance
Critical
High
Normal
Low
Cyber security management
28
requirements

Examples of other requirements this task affects

2.1: Tietoturvallisuusvastuiden määrittely
TiHL tietoturvavaatimukset
2.3: Tietoturvallisuus tiedonhallintamallissa
TiHL tietoturvavaatimukset
1.2.1: Scope of Information Security management
TISAX
PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.
CyberFundamentals
PR.AT-5: Physical and cybersecurity personnel
NIST
See all related requirements and other information from tasks own page.
Go to >
ISMS description and maintenance
Defining the frameworks that serve as the basis of the management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC3.1: Sufficient specifying of objectives
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Defining the frameworks that serve as the basis of the management system
Appointment of a Chief Information Security Officer (Greece)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Chief Information Security Officer (Greece)
Review reporting of simplified ICT risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 41: Format and content of the report on the review of the simplified ICT risk management framework
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Review reporting of simplified ICT risk management framework
ICT project management procedure
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 38: ICT project and change management
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
ICT project management procedure
Auditing of risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 28: Governance and organization
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Auditing of risk management framework
Creation and maintenance of governance and control framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 28: Governance and organization
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Creation and maintenance of governance and control framework
Notification of a significant incident with cross-border and cross-sectoral impact
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Članak 40: Obavještavanje o značajnom incidentu s prekograničnim i međusektorskim učinkom
NIS2 Croatia
See all related requirements and other information from tasks own page.
Go to >
Notification of a significant incident with cross-border and cross-sectoral impact
Conducting an external audit
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Članak 34: Provedba revizije kibernetičke sigurnosti
NIS2 Croatia
See all related requirements and other information from tasks own page.
Go to >
Conducting an external audit
Notifying the administrative body of incidents
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Notifying the administrative body of incidents
Appointment of a Cyber Security Officer (Lithuania)
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė
NIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymas
NIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai
NIS2 Lithuania
15.2.: Paskirti saugos įgaliotinį
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Cyber Security Officer (Lithuania)
Appointment of a Chief Information Security Officer (Lithuania)
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė
NIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymas
NIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai
NIS2 Lithuania
15.1.: Paskirti kibernetinio saugumo vadovą
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Chief Information Security Officer (Lithuania)
Cybersecurity auditing (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

14.8.: Kibernetinio saugumo auditai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity auditing (Lithuania)
Technical cyber security measures (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

16.4.: Esminiai subjektai sudary sąlygas Nacionaliniam kibernetinio saugumo centrui technines kibernetinio saugumo priemones
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Technical cyber security measures (Lithuania)
Usage of data centers (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

38.1.: Duomenų centrų naudojimas saugaus tinklo naudotojams
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Usage of data centers (Lithuania)
Usage of the Secure Network (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

37.1.: Saugus institucijų tinklas (Valstybės ir savivaldybių institucijos ir įstaigos, valstybės valdomos įmonės ir viešosios įstaigos)
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Usage of the Secure Network (Lithuania)
Cyber Security Information System usage (Lithuania)
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

19.1.: Kibernetinio saugumo informacinė sistema
NIS2 Lithuania
19.3.: Kibernetinio saugumo informacinės sistemos naudojimas
NIS2 Lithuania
19.4.: Dalijimosi informacija susitarimai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Cyber Security Information System usage (Lithuania)
Providing the security managers information to a competent authority
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

25.(2): Paziņojums par kiberdrošības vadītāja iecelšanu
NIS2 Latvia
25.(3): Kiberdrošības pārvaldnieka atbilstība
NIS2 Latvia
25.(4): Paziņojums par izmaiņām
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Providing the security managers information to a competent authority
Appointment, tasks and position of a Cyber security manager
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

25.(5): kiberdrošības pārvaldnieka pienākumi
NIS2 Latvia
25.(1): Kiberdrošības pārvaldību
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Appointment, tasks and position of a Cyber security manager
Assessment of conformity (Belgium)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

39: Conformité et audits
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Assessment of conformity (Belgium)
Documentation of organization's dependencies on external resources
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

GV.OC-05: Organizational dependencies on outcomes and services
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Documentation of organization's dependencies on external resources
Strategic directions of risk response options
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

GV.RM-04: Strategic direction of risk response options
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Strategic directions of risk response options
Identify the organisation's strategy and priorities
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

1.1.1: Identify the organisation’s strategy and priorities
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Identify the organisation's strategy and priorities
Implementing a crisis response strategy
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

RC.CO-2: Reputation is repaired after an incident.
CyberFundamentals
4.3.5: Co-ordinate and communicate with internal and external stakeholders while managing the incident
NSM ICT-SP
4.3.2: Determine whether the incident is under control and take the necessary reactive measures
NSM ICT-SP
30 § 1°: Gestion des risques et maîtrise des incidents
NIS2 Belgium
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Implementing a crisis response strategy
Recognizing and listing sensitive work fields and jobs
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

2.1.1: Competence of employees
TISAX
See all related requirements and other information from tasks own page.
Go to >
Recognizing and listing sensitive work fields and jobs
Description of cyber security structure
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

1.2.2: Information Security Responsibilities
TISAX
See all related requirements and other information from tasks own page.
Go to >
Description of cyber security structure
Monitoring and analysing effectiveness of digital operational resilience strategy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13: Learning and evolving
DORA
See all related requirements and other information from tasks own page.
Go to >
Monitoring and analysing effectiveness of digital operational resilience strategy
Learning from testing operational resilience
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Article 13: Learning and evolving
DORA
RC.IM-1: Recovery plans incorporate lessons learned.
CyberFundamentals
ID.IM-02: Improvements from security tests and exercises
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Learning from testing operational resilience
Adequate security principles of the organisation in terms of classified information
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

T-01: JOHDON TUKI, OHJAUS JA VASTUU – TURVALLISUUSPERIAATTEET
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Adequate security principles of the organisation in terms of classified information
Defining security roles and responsibilities
Critical
High
Normal
Low
Cyber security management
33
requirements

Examples of other requirements this task affects

T02: Turvallisuustyön tehtävien ja vastuiden määrittäminen
Katakri
24. Responsibility of the controller
GDPR
6.1.1: Information security roles and responsibilities
ISO 27001
ID.AM-6: Cybersecurity roles and responsibilities
NIST
ID.GV-2: Cybersecurity role coordination
NIST
See all related requirements and other information from tasks own page.
Go to >
Defining security roles and responsibilities
Amount, competence and adequacy of key cyber security personnel
Critical
High
Normal
Low
Cyber security management
23
requirements

Examples of other requirements this task affects

T03: Turvallisuustyön resurssit
Katakri
32. Security of processing
GDPR
37. Designation of the data protection officer
GDPR
6.1.1: Information security roles and responsibilities
ISO 27001
ID.GV-2: Cybersecurity role coordination
NIST
See all related requirements and other information from tasks own page.
Go to >
Amount, competence and adequacy of key cyber security personnel
Management commitment to cyber security management and management system
Critical
High
Normal
Low
Cyber security management
28
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
1.1.1: Availability of information security policies
TISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
PR.AT-4: Senior executives understand their roles and responsibilities.
CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Management commitment to cyber security management and management system
Incident management resourcing and monitoring
Critical
High
Normal
Low
Cyber security management
12
requirements

Examples of other requirements this task affects

24. Responsibility of the controller
GDPR
7.2.1: Management responsibilities
ISO 27001
16.1.1: Responsibilities and procedures
ISO 27001
5.24: Information security incident management planning and preparation
ISO 27001
Article 17: ICT-related incident management process
DORA
See all related requirements and other information from tasks own page.
Go to >
Incident management resourcing and monitoring
General security competence and awareness of personnel
Critical
High
Normal
Low
Cyber security management
25
requirements

Examples of other requirements this task affects

Članak 29.b: Osposobljavanja
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
2.1.3: Staff training
TISAX
2.1.1: Competence of employees
TISAX
31 § 2°: Formation des cadres supérieurs à la cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
General security competence and awareness of personnel
Defining and documenting cyber security metrics
Critical
High
Normal
Low
Cyber security management
16
requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
4.1: Tietojärjestelmien tietoturvallisuus
TiHL tietoturvavaatimukset
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
30 § 3.6°: L'efficacité des mesures de gestion des risques
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting cyber security metrics
Implementation and documentation of management reviews
Critical
High
Normal
Low
Cyber security management
26
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
1.2.1: Scope of Information Security management
TISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Implementation and documentation of management reviews
Communication plan for information security management system
Critical
High
Normal
Low
Cyber security management
16
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
2.10.1: Include security in the organisation’s change management process
NSM ICT-SP
RC.CO-2: Reputation is repaired after an incident.
CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Communication plan for information security management system
Continuous improvement and documentation
Critical
High
Normal
Low
Cyber security management
15
requirements

Examples of other requirements this task affects

1.5.2: External review of ISMS
TISAX
30 § 6°: Non-conformités et mesures correctives
NIS2 Belgium
PR.IP-7: Protection processes are improved.
CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.
CyberFundamentals
PR.IP-7: Protection processes
NIST
See all related requirements and other information from tasks own page.
Go to >
Continuous improvement and documentation
Archiving and retaining outdated security documentation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

A.10.2: Retention period for administrative security policies and guidelines
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Archiving and retaining outdated security documentation
Segregation of information security related duties
Critical
High
Normal
Low
Cyber security management
9
requirements

Examples of other requirements this task affects

6.1.2: Segregation of duties
ISO 27001
ID.RA-3: Threat identification
NIST
PR.AC-4: Access permissions and authorizations
NIST
PR.DS-5: Data leak protection
NIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Segregation of information security related duties
Security roles, responsibilities, and objectives derived from the organization's goals
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

ID.BE-3: Organizational mission, objectives, and activities
NIST
69: Digiturvan huomiointi osana kokonaisuutta
Digiturvan kokonaiskuvapalvelu
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.
CyberFundamentals
GV.RR-02: Roles and responsibilities in cybersecurity risk management
NIST 2.0
GV.OC-01: Cybersecurity risk management aligned with the organizational mission
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Security roles, responsibilities, and objectives derived from the organization's goals
Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

HAL-04.3: Suojattavat kohteet - kasautumisvaikutus
Julkri
2.4: Luokittelu ja turvallisuusluokittelu
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa
Identifying and documenting dependencies between assets
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

HAL-04.5: Suojattavat kohteet - riippuvuudet
Julkri
Article 8: Identification
DORA
4.1.2: Perform a business impact analysis
NSM ICT-SP
1.1.5: Identify the organisation’s deliverables, information systems and supporting ICT functions
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Identifying and documenting dependencies between assets
Muiden tietoturvavaatimusten seuranta
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

HAL-05: Vaatimukset
Julkri
HAL-05.1: Vaatimukset - seuranta
Julkri
See all related requirements and other information from tasks own page.
Go to >
Muiden tietoturvavaatimusten seuranta
Tietoturvallisuuteen liittyvän dokumentaation ajantasaisuus
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

HAL-09.1: Dokumentointi - ajantasaisuus
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietoturvallisuuteen liittyvän dokumentaation ajantasaisuus
Luettelo turvaluokiteltuja asiakirjoja käsittelevistä henkilöistä valtionhallinnossa
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

HAL-14.1: Käyttö- ja käsittelyoikeudet - ajantasainen luettelo - TL III
Julkri
See all related requirements and other information from tasks own page.
Go to >
Luettelo turvaluokiteltuja asiakirjoja käsittelevistä henkilöistä valtionhallinnossa
Varautumista ohjaavan lainsäädännön tunnistaminen ja dokumentointi
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

VAR-01: Varautumista ohjaava lainsäädäntö
Julkri
See all related requirements and other information from tasks own page.
Go to >
Varautumista ohjaavan lainsäädännön tunnistaminen ja dokumentointi
Maintaining chosen theme-specific policy documents
Critical
High
Normal
Low
Cyber security management
10
requirements

Examples of other requirements this task affects

9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
1.1.1: Availability of information security policies
TISAX
1.5.1: Assessment of policies and requirements
TISAX
Article 29: Information security policy and measures
DORA simplified RMF
CC5.3: Establishment of policies
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Maintaining chosen theme-specific policy documents
Determination and adequacy of the cyber security budget
Critical
High
Normal
Low
Cyber security management
7
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
Article 5: Governance and organisation
DORA
5: Riittävä digiturvallisuuden budjetti
Digiturvan kokonaiskuvapalvelu
20.1: Top management commitment
NIS2
See all related requirements and other information from tasks own page.
Go to >
Determination and adequacy of the cyber security budget
Internal communication about the organization's risk situation
Critical
High
Normal
Low
Cyber security management
6
requirements

Examples of other requirements this task affects

16: Organisaationlaajuinen viestintä riskitilanteesta
Digiturvan kokonaiskuvapalvelu
DE.DP-4: Event detection information is communicated.
CyberFundamentals
RC.CO-2: Reputation is repaired after an incident.
CyberFundamentals
4.1.5: Determine which communication channels to use in the event of an incident
NSM ICT-SP
GV.RM-05: Communication lines for cybersecurity risks across the organization
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Internal communication about the organization's risk situation
Adequacy of digital security resourcing
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

14.5.2): Aukščiausiosios vadovybės atsakomybė
NIS2 Lithuania
70: Riittävät resurssit digiturvan kehittämiseen
Digiturvan kokonaiskuvapalvelu
1.2.2: Information Security Responsibilities
TISAX
GV.RR-03: Adequate resources for cybersecurity risk strategy and policies
NIST 2.0
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Adequacy of digital security resourcing
Preparation for information campaign against the organization
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

76: Varautuminen informaatiovaikuttamiseen
Digiturvan kokonaiskuvapalvelu
See all related requirements and other information from tasks own page.
Go to >
Preparation for information campaign against the organization
Supervision carried out by the board of the organization
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC1.2: Board of directors oversight
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Supervision carried out by the board of the organization
Data collection and processing
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

CC2.1: Quality information to support internal controls
SOC 2
3.1: Establish and Maintain a Data Management Process
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Data collection and processing
Defining the units of your organization
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC1.3: Established responsibilities
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Defining the units of your organization
Consideration of external goals when setting information security objectives
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC3.1: Sufficient specifying of objectives
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Consideration of external goals when setting information security objectives
Recognizing the technology needed to accomplish the cybersecurity goals
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

CC5.2: Control activities for achievement of objectives
SOC 2
3.3.1: Create a plan for analysing data from security monitoring
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Recognizing the technology needed to accomplish the cybersecurity goals
A strategy for cyber security architecture
Critical
High
Normal
Low
Cyber security management
7
requirements

Examples of other requirements this task affects

ARCHITECTURE-1: Establish and Maintain Cybersecurity Architecture Strategy and Program
C2M2
ARCHITECTURE-3: Implement IT and OT Asset Security as an Element of the Cybersecurity Architecture
C2M2
ARCHITECTURE-4: Implement Software Security as an Element of the Cybersecurity Architecture
C2M2
ARCHITECTURE-2: Implement Network Protections as an Element of the Cybersecurity Architecture
C2M2
ARCHITECTURE-5: Implement Data Security as an Element of the Cybersecurity Architecture
C2M2
See all related requirements and other information from tasks own page.
Go to >
A strategy for cyber security architecture
Strategy for cyber security program
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

PROGRAM-1: Establish Cybersecurity Program Strategy
C2M2
See all related requirements and other information from tasks own page.
Go to >
Strategy for cyber security program
Establishing and maintaining a cyber security program
Critical
High
Normal
Low
Cyber security management
requirements

Examples of other requirements this task affects

PROGRAM-2: Establish and Maintain Cybersecurity Program
C2M2
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining a cyber security program
Ensuring record integrity related to security requirements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

7.1.1: Compliance management
TISAX
See all related requirements and other information from tasks own page.
Go to >
Ensuring record integrity related to security requirements
Procedure for classification of projects
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

1.2.3: Information Security requirements in projects
TISAX
See all related requirements and other information from tasks own page.
Go to >
Procedure for classification of projects
Data protection certifications
Critical
High
Normal
Low
Cyber security management
7
requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
21.2.f: Assessing effectiveness of security measures
NIS2
18.2.2: Compliance with security policies and standards
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Data protection certifications
Evaluating the efficiency of internal audits
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 5: Governance and organisation
DORA
See all related requirements and other information from tasks own page.
Go to >
Evaluating the efficiency of internal audits
Priority classification of an organization's information assets
Critical
High
Normal
Low
Cyber security management
7
requirements

Examples of other requirements this task affects

ID.AM-5: Resource prioritization
NIST
HAL-04.2: Suojattavat kohteet - luokittelu
Julkri
CC3.2: Identification of risks related to objectives
SOC 2
2.4: Luokittelu ja turvallisuusluokittelu
TiHL tietoturvavaatimukset
ID.AM-5: Resources are prioritized based on their classification, criticality, and business value.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Priority classification of an organization's information assets
Considering the possibility of fraud in risk assessment
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC3.3: Potential of fraud is considered
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Considering the possibility of fraud in risk assessment

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security