Content library
Cyber security management
Conducting an external audit
Risk management and leadership
Cyber security management

Conducting an external audit

Start free trial

Task description

Conducting an external audit

Organizations should conduct an external audit at least once every two years or whenever it's requested by competent authority, as mandated by applicable laws and regulations.

Audits are conducted by cybersecurity auditors, who are responsible for preparing a report on the audit findings. Organizations should note that some laws and regulations may require auditors to hold specific certifications, e.g. national cybersecurity audit security certificate or audit has to be done by specific authority.

Organizations are required to submit the report to the competent authority responsible for implementing cybersecurity requirements immediately upon receipt, if mandated by laws and regulations.

Requirements connected to the task

11.5: Auditului de securitate
Ordonanța de Urgență a Guvernului nr. 155/2024 (România)
Članak 34: Provedba revizije kibernetičke sigurnosti
Zakon o kibernetičkoj sigurnosti (Croatia)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Creation and maintenance of the information security plan report
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessa
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Creation and maintenance of the information security plan report
Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
Cyber security management
59
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
1.1.1: Availability of information security policies
TISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Information security policy -report publishing, informing and maintenance
Defining and documenting security objectives
Critical
High
Normal
Low
Cyber security management
41
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting security objectives
Executing and documenting internal audits
Critical
High
Normal
Low
Cyber security management
52
requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
Članak 35: Provedba samoprocjene kibernetičke sigurnosti
NIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
1.5.1: Assessment of policies and requirements
TISAX
39: Conformité et audits
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Executing and documenting internal audits
Creating and maintaining a statement of applicability
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

6.1: Information security risk management
ISO 27001
7.5: Requirements for documented information
ISO 27001
1.2.1: Scope of Information Security management
TISAX
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining a statement of applicability
Identification, documentation and management of other information security requirements
Critical
High
Normal
Low
Cyber security management
24
requirements

Examples of other requirements this task affects

7.1.1: Compliance management
TISAX
30 § 2°: Évaluation des risques et mesures de gestion
NIS2 Belgium
1.1.1: Identify the organisation’s strategy and priorities
NSM ICT-SP
DE.DP-2: Detection activities comply with all applicable requirements.
CyberFundamentals
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood, and managed.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Identification, documentation and management of other information security requirements
Internal audit procedure -report publishing and maintenance
Critical
High
Normal
Low
Cyber security management
23
requirements

Examples of other requirements this task affects

ID.GV-3: Legal and regulatory requirements
NIST
14.6.: Vadovybės atsakomybė
NIS2 Lithuania
7.5: Requirements for documented information
ISO 27001
9.2: Internal audit
ISO 27001
CC1.5: Accountability for responsibilities
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Internal audit procedure -report publishing and maintenance
ISMS description and maintenance
Critical
High
Normal
Low
Cyber security management
36
requirements

Examples of other requirements this task affects

2.1: Tietoturvallisuusvastuiden määrittely
TiHL tietoturvavaatimukset
2.3: Tietoturvallisuus tiedonhallintamallissa
TiHL tietoturvavaatimukset
1.2.1: Scope of Information Security management
TISAX
PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.
CyberFundamentals
PR.AT-5: Physical and cybersecurity personnel
NIST
See all related requirements and other information from tasks own page.
Go to >
ISMS description and maintenance
Defining the frameworks that serve as the basis of the management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC3.1: Sufficient specifying of objectives
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Defining the frameworks that serve as the basis of the management system
Regular review of the cyber security risk documentation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13.7: Documenting cybersecurity
CRA
See all related requirements and other information from tasks own page.
Go to >
Regular review of the cyber security risk documentation
Documentation of risk assessment
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

Article 13.3: Documenting risk assessment
CRA
11.7: Listei de active și riscuri
NIS2 Romania
12.2: Risk assessment measures
CER
§ 4-4: Krav til dokumentasjon
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Documentation of risk assessment
Provision of product information to the market surveillance authority
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13.22: Conformity
CRA
See all related requirements and other information from tasks own page.
Go to >
Provision of product information to the market surveillance authority
Single point of contact for reporting vulnerabilities
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13.17: Single point of contact
CRA
See all related requirements and other information from tasks own page.
Go to >
Single point of contact for reporting vulnerabilities
Maintaining a coordinated vulnerability disclosure policy and reporting procedure
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Vuln.5: Coordinated vulnerability disclosure
CRA
See all related requirements and other information from tasks own page.
Go to >
Maintaining a coordinated vulnerability disclosure policy and reporting procedure
Cybersecurity requirements related to the use of AI
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 12.1: High risk AI
CRA
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity requirements related to the use of AI
Integration of change management procedures
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Integration of change management procedures
Disciplinary process for non-conformance
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Disciplinary process for non-conformance
Cyber security policy and procedure compliance requirements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Cyber security policy and procedure compliance requirements
Security related policies and procedures for all assets
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Art. 13.2.1: Mesures permanentes de sécurité intérieure
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Security related policies and procedures for all assets
Defining triggers for evaluating the information security management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Defining triggers for evaluating the information security management system
Review of information security management system best practices
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 6.1: Sikkerhetsstyringssystem
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Review of information security management system best practices
Defining system auditing roles and responsibilities
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Defining system auditing roles and responsibilities
Reviewing security policies and procedures
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Reviewing security policies and procedures
Conducting business impact analysis
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Conducting business impact analysis
Creating and maintaining an asset management policy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining an asset management policy
Creating and maintaining physical and environmental security policy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining physical and environmental security policy
Creating and maintaining report on the review of the ICT risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining report on the review of the ICT risk management framework
Develop and maintain an ICT project management policy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Develop and maintain an ICT project management policy
Requirements for creating policies
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Requirements for creating policies
Establishing risk profile
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Establishing risk profile
Safeguards to protect PHI
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Safeguards to protect PHI
Security officer appointment and responsibilities (HIPAA)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Security officer appointment and responsibilities (HIPAA)
Evaluating compliance with HIPAA requirements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Evaluating compliance with HIPAA requirements
Establishing and maintaining the comprehensive ePHI security program
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining the comprehensive ePHI security program
Protection from retaliation and intimidation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Protection from retaliation and intimidation
Protecting HIPAA rights from being waived
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Protecting HIPAA rights from being waived
Implementation of policies and procedures
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Implementation of policies and procedures
Policies and procedures for HIPAA compliance
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Policies and procedures for HIPAA compliance
Appointing a qualified cybersecurity auditor (Malta)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

14.1: Ħatra u approvazzjoni ta’ awditur kwalifikat għall-verifika ta’ miżuri taċ-ċibersigurtà
NIS2 Malta
See all related requirements and other information from tasks own page.
Go to >
Appointing a qualified cybersecurity auditor (Malta)
Designation of the information security officer (Spain)
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Artículo 16.2: Comunicación de la designación del responsable
NIS2 Spain
Artículo 16.1: Designación del responsable de la seguridad de la información
NIS2 Spain
Artículo 16.4: Cualificaciones y posición organizativa
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Designation of the information security officer (Spain)
Statement of applied security measures (Spain)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Artículo 15.5: Declaración de aplicabilidad de sistemas
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Statement of applied security measures (Spain)
Cybersecurity compliance requirements for essential and important entities (Spain)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Artículo 15.4: Demostración y certificación de cumplimiento
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity compliance requirements for essential and important entities (Spain)
Adoption and implementation of security measures
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure
Loi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Adoption and implementation of security measures
Risk-based selection of security measures
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure
Loi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Risk-based selection of security measures
Security Plan development and implementation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 13.4: Période de mise en œuvre des mesures de sécurité
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Security Plan development and implementation
Security contact point for critical infrastructure
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 12.1-3: Point de contact pour la sécurité
Loi infrastructures critiques
13.3: Designated personnel
CER
See all related requirements and other information from tasks own page.
Go to >
Security contact point for critical infrastructure
Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 13.1: Plan de sécurité de l'opérateur
Loi infrastructures critiques
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)
Advance notification of planned cybersecurity audits
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

33.5: Ankündigung geplanter Prüfungen
NIS2 Austria
See all related requirements and other information from tasks own page.
Go to >
Advance notification of planned cybersecurity audits
Self-declaration submission (Austria)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

33.1: Selbstdeklaration
NIS2 Austria
See all related requirements and other information from tasks own page.
Go to >
Self-declaration submission (Austria)
Proof Obligations for Operators of Critical Infrastructure (Germany)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

39.1: Nachweispflichten für Betreiber kritischer Anlagen
NIS2 Germany
See all related requirements and other information from tasks own page.
Go to >
Proof Obligations for Operators of Critical Infrastructure (Germany)
Annual cybersecurity maturity self-assessment and reporting
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

12.4: Transmiterea autoevaluării anuale a maturității cibernetice
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Annual cybersecurity maturity self-assessment and reporting
Appointment of a Cyber Security Officer (Romania)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

14.3: Alocarea resurselor și desemnarea responsabililor de securitate
NIS2 Romania
14.4: Cerințe pentru responsabilul cu securitatea
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Cyber Security Officer (Romania)
Registration for official communication systems
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 9: Registrierung
CSV
See all related requirements and other information from tasks own page.
Go to >
Registration for official communication systems
Process for clarifying reporting obligations (Switzerland)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 13: Einreichung von Unterlagen zur Abklärung der Meldepflicht
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for clarifying reporting obligations (Switzerland)
Cooperation with supervisory authorities
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 4-5.2: Varsling av tilsynsmyndigheten
Sikkerhetsloven
§ 14: Opplysningsplikt og tilgang til lokaler og utstyr
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Cooperation with supervisory authorities
Ensure the integrity of critical national information
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 5-2: Beskyttelse av skjermingsverdig informasjon
Sikkerhetsloven
§ 6-2: Beskyttelse av skjermingsverdige informasjonssystemer
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Ensure the integrity of critical national information
Notifying authorities of high-risk procurements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 9-4.2: Varsling til departementet
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Notifying authorities of high-risk procurements
Notify termination of security-sensitive activity
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt
SSL
See all related requirements and other information from tasks own page.
Go to >
Notify termination of security-sensitive activity
Notify start of security-sensitive activity
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt
SSL
See all related requirements and other information from tasks own page.
Go to >
Notify start of security-sensitive activity
Appointment and role of the Security Protection Manager
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.7: Säkerhetsskyddschef
SSL
See all related requirements and other information from tasks own page.
Go to >
Appointment and role of the Security Protection Manager
Appointment of a Chief Information Security Officer (Greece)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

15.5.α: Υπεύθυνος ασφάλειας πληροφοριών
NIS2 Greece
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Chief Information Security Officer (Greece)
Review reporting of simplified ICT risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 41: Format and content of the report on the review of the simplified ICT risk management framework
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Review reporting of simplified ICT risk management framework
ICT project management procedure
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 38: ICT project and change management
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
ICT project management procedure
Auditing of risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 28: Governance and organization
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Auditing of risk management framework
Creation and maintenance of governance and control framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 28: Governance and organization
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Creation and maintenance of governance and control framework
Notification of a significant incident with cross-border and cross-sectoral impact
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Članak 40: Obavještavanje o značajnom incidentu s prekograničnim i međusektorskim učinkom
NIS2 Croatia
15.3: Informații privind impactul transfrontalier al incidentelor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Notification of a significant incident with cross-border and cross-sectoral impact
Conducting an external audit
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Članak 34: Provedba revizije kibernetičke sigurnosti
NIS2 Croatia
11.5: Auditului de securitate
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Conducting an external audit
Notifying the administrative body of incidents
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 23.3: Comunicazione
NIS2 Italy
See all related requirements and other information from tasks own page.
Go to >
Notifying the administrative body of incidents
Appointment of a Cyber Security Officer (Lithuania)
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė
NIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymas
NIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai
NIS2 Lithuania
15.2.: Paskirti saugos įgaliotinį
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Cyber Security Officer (Lithuania)
Appointment of a Chief Information Security Officer (Lithuania)
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė
NIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymas
NIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai
NIS2 Lithuania
15.1.: Paskirti kibernetinio saugumo vadovą
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Chief Information Security Officer (Lithuania)
Cybersecurity auditing (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

14.8.: Kibernetinio saugumo auditai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity auditing (Lithuania)
Technical cyber security measures (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

16.4.: Esminiai subjektai sudary sąlygas Nacionaliniam kibernetinio saugumo centrui technines kibernetinio saugumo priemones
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Technical cyber security measures (Lithuania)
Usage of data centers (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

38.1.: Duomenų centrų naudojimas saugaus tinklo naudotojams
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Usage of data centers (Lithuania)
Usage of the Secure Network (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

37.1.: Saugus institucijų tinklas (Valstybės ir savivaldybių institucijos ir įstaigos, valstybės valdomos įmonės ir viešosios įstaigos)
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Usage of the Secure Network (Lithuania)
Cyber Security Information System usage (Lithuania)
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

19.1.: Kibernetinio saugumo informacinė sistema
NIS2 Lithuania
19.3.: Kibernetinio saugumo informacinės sistemos naudojimas
NIS2 Lithuania
19.4.: Dalijimosi informacija susitarimai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Cyber Security Information System usage (Lithuania)
Providing the security managers information to a competent authority
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

25.(2): Paziņojums par kiberdrošības vadītāja iecelšanu
NIS2 Latvia
25.(3): Kiberdrošības pārvaldnieka atbilstība
NIS2 Latvia
25.(4): Paziņojums par izmaiņām
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Providing the security managers information to a competent authority
Appointment, tasks and position of a Cyber security manager
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

25.(5): kiberdrošības pārvaldnieka pienākumi
NIS2 Latvia
25.(1): Kiberdrošības pārvaldību
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Appointment, tasks and position of a Cyber security manager
Assessment of conformity (Belgium)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

39: Conformité et audits
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Assessment of conformity (Belgium)
Documentation of organization's dependencies on external resources
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

GV.OC-05: Organizational dependencies on outcomes and services
NIST 2.0
§ 4-2: Vurdering av risiko
Sikkerhetsloven
§ 7: Risikovurdering
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Documentation of organization's dependencies on external resources
Strategic directions of risk response options
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

GV.RM-04: Strategic direction of risk response options
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Strategic directions of risk response options
Identify the organisation's strategy and priorities
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

1.1.1: Identify the organisation’s strategy and priorities
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Identify the organisation's strategy and priorities
Implementing a crisis response strategy
Critical
High
Normal
Low
Cyber security management
22
requirements

Examples of other requirements this task affects

RC.CO-2: Reputation is repaired after an incident.
CyberFundamentals
4.3.5: Co-ordinate and communicate with internal and external stakeholders while managing the incident
NSM ICT-SP
4.3.2: Determine whether the incident is under control and take the necessary reactive measures
NSM ICT-SP
30 § 1°: Gestion des risques et maîtrise des incidents
NIS2 Belgium
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Implementing a crisis response strategy
Recognizing and listing sensitive work fields and jobs
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

2.1.1: Competence of employees
TISAX
See all related requirements and other information from tasks own page.
Go to >
Recognizing and listing sensitive work fields and jobs
Description of cyber security structure
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

1.2.2: Information Security Responsibilities
TISAX
14.3: Alocarea resurselor și desemnarea responsabililor de securitate
NIS2 Romania
§ 9: Organisatoriske sikkerhetstiltak
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Description of cyber security structure
Monitoring and analysing effectiveness of digital operational resilience strategy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13: Learning and evolving
DORA
See all related requirements and other information from tasks own page.
Go to >
Monitoring and analysing effectiveness of digital operational resilience strategy
Learning from testing operational resilience
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

Article 13: Learning and evolving
DORA
RC.IM-1: Recovery plans incorporate lessons learned.
CyberFundamentals
ID.IM-02: Improvements from security tests and exercises
NIST 2.0
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.
Loi infrastructures critiques
13.1.d: Recovering from incidents
CER
See all related requirements and other information from tasks own page.
Go to >
Learning from testing operational resilience
Adequate security principles of the organisation in terms of classified information
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

T-01: JOHDON TUKI, OHJAUS JA VASTUU – TURVALLISUUSPERIAATTEET
Katakri 2020
§ 2.4: Personalsäkerhetsskyddsåtgärder
SSL
See all related requirements and other information from tasks own page.
Go to >
Adequate security principles of the organisation in terms of classified information
Defining security roles and responsibilities
Critical
High
Normal
Low
Cyber security management
45
requirements

Examples of other requirements this task affects

T02: Turvallisuustyön tehtävien ja vastuiden määrittäminen
Katakri
24. Responsibility of the controller
GDPR
6.1.1: Information security roles and responsibilities
ISO 27001
ID.AM-6: Cybersecurity roles and responsibilities
NIST
ID.GV-2: Cybersecurity role coordination
NIST
See all related requirements and other information from tasks own page.
Go to >
Defining security roles and responsibilities
Amount, competence and adequacy of key cyber security personnel
Critical
High
Normal
Low
Cyber security management
37
requirements

Examples of other requirements this task affects

T03: Turvallisuustyön resurssit
Katakri
32. Security of processing
GDPR
37. Designation of the data protection officer
GDPR
6.1.1: Information security roles and responsibilities
ISO 27001
ID.GV-2: Cybersecurity role coordination
NIST
See all related requirements and other information from tasks own page.
Go to >
Amount, competence and adequacy of key cyber security personnel
Management commitment to cyber security management and management system
Critical
High
Normal
Low
Cyber security management
49
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
1.1.1: Availability of information security policies
TISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
PR.AT-4: Senior executives understand their roles and responsibilities.
CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Management commitment to cyber security management and management system
Incident management resourcing and monitoring
Critical
High
Normal
Low
Cyber security management
19
requirements

Examples of other requirements this task affects

24. Responsibility of the controller
GDPR
7.2.1: Management responsibilities
ISO 27001
16.1.1: Responsibilities and procedures
ISO 27001
5.24: Information security incident management planning and preparation
ISO 27001
Article 17: ICT-related incident management process
DORA
See all related requirements and other information from tasks own page.
Go to >
Incident management resourcing and monitoring
General security competence and awareness of personnel
Critical
High
Normal
Low
Cyber security management
42
requirements

Examples of other requirements this task affects

Članak 29.b: Osposobljavanja
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
2.1.3: Staff training
TISAX
2.1.1: Competence of employees
TISAX
31 § 2°: Formation des cadres supérieurs à la cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
General security competence and awareness of personnel
Defining and documenting cyber security metrics
Critical
High
Normal
Low
Cyber security management
29
requirements

Examples of other requirements this task affects

Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
4.1: Tietojärjestelmien tietoturvallisuus
TiHL tietoturvavaatimukset
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
30 § 3.6°: L'efficacité des mesures de gestion des risques
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting cyber security metrics
Implementation and documentation of management reviews
Critical
High
Normal
Low
Cyber security management
54
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
1.2.1: Scope of Information Security management
TISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Implementation and documentation of management reviews
Communication plan for information security management system
Critical
High
Normal
Low
Cyber security management
32
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
2.10.1: Include security in the organisation’s change management process
NSM ICT-SP
RC.CO-2: Reputation is repaired after an incident.
CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Communication plan for information security management system
Continuous improvement and documentation
Critical
High
Normal
Low
Cyber security management
28
requirements

Examples of other requirements this task affects

1.5.2: External review of ISMS
TISAX
30 § 6°: Non-conformités et mesures correctives
NIS2 Belgium
PR.IP-7: Protection processes are improved.
CyberFundamentals
ID.GV-1: Organizational cybersecurity policy is established and communicated.
CyberFundamentals
PR.IP-7: Protection processes
NIST
See all related requirements and other information from tasks own page.
Go to >
Continuous improvement and documentation
Archiving and retaining outdated security documentation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

A.10.2: Retention period for administrative security policies and guidelines
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Archiving and retaining outdated security documentation
Segregation of information security related duties
Critical
High
Normal
Low
Cyber security management
10
requirements

Examples of other requirements this task affects

6.1.2: Segregation of duties
ISO 27001
ID.RA-3: Threat identification
NIST
PR.AC-4: Access permissions and authorizations
NIST
PR.DS-5: Data leak protection
NIST
HAL-02.1: Tehtävät ja vastuut - tehtävien eriyttäminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Segregation of information security related duties
Security roles, responsibilities, and objectives derived from the organization's goals
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

ID.BE-3: Organizational mission, objectives, and activities
NIST
69: Digiturvan huomiointi osana kokonaisuutta
Digiturvan kokonaiskuvapalvelu
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.
CyberFundamentals
GV.RR-02: Roles and responsibilities in cybersecurity risk management
NIST 2.0
GV.OC-01: Cybersecurity risk management aligned with the organizational mission
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Security roles, responsibilities, and objectives derived from the organization's goals
Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

HAL-04.3: Suojattavat kohteet - kasautumisvaikutus
Julkri
2.4: Luokittelu ja turvallisuusluokittelu
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Kasautumisvaikutuksen huomiointi suojattavien kohteiden luokittelussa

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security