Content library
Cyber security management
Documentation of organization's dependencies on external resources
Risk management and leadership
Cyber security management

Documentation of organization's dependencies on external resources

Start free trial

Task description

Documentation of organization's dependencies on external resources

Dependencies on external services might affect the organization's risk management and critical capabilities. The organization needs to identify and maintain a list of the organization’s external dependencies, including facilities, cloud providers, and any third-party services.

The documentation should also include:

  • The relationships between the dependencies and key organizational assets and business functions
  • The dependencies that pose potential failure points for critical services

Ensure that relevant personnel are informed about these dependencies and their associated risks.

Requirements connected to the task

GV.OC-05: Organizational dependencies on outcomes and services
NIST CSF 2.0
§ 4-2: Vurdering av risiko
Sikkerhetsloven (Norge)
§ 7: Risikovurdering
Lov om digital sikkerhet (Norge)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Creation and maintenance of the information security plan report
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessa
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Creation and maintenance of the information security plan report
Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
Cyber security management
69
requirements

Examples of other requirements this task affects

5.1.1: Policies for information security
ISO 27001
5.1.2: Review of the policies for information security
ISO 27001
T01: Turvallisuusperiaatteet
Katakri
6.6: Yleiset
Omavalvontasuunnitelma
ID.GV-1: Cybersecurity policy
NIST
See all related requirements and other information from tasks own page.
Go to >
Information security policy -report publishing, informing and maintenance
Defining and documenting security objectives
Critical
High
Normal
Low
Cyber security management
49
requirements

Examples of other requirements this task affects

5.1.1: Policies for information security
ISO 27001
ID.BE-3: Organizational mission, objectives, and activities
NIST
ID.GV-1: Cybersecurity policy
NIST
HAL-01: Periaatteet
Julkri
5.1: Leadership and commitment
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting security objectives
Executing and documenting internal audits
Critical
High
Normal
Low
Cyber security management
58
requirements

Examples of other requirements this task affects

12.7.1: Information systems audit controls
ISO 27001
18.2.1: Independent review of information security
ISO 27001
ID.GV-3: Legal and regulatory requirements
NIST
HAL-07: Seuranta ja valvonta
Julkri
5.35: Independent review of information security
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Executing and documenting internal audits
Creating and maintaining a statement of applicability
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

6.1: Information security risk management
ISO 27001
7.5: Requirements for documented information
ISO 27001
1.2.1: Scope of Information Security management
TISAX
6.1: Maatregelen om risico's en kansen aan te pakken
NEN 7510
7.5: Vereisten voor gedocumenteerde informatie
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining a statement of applicability
Identification, documentation and management of other information security requirements
Critical
High
Normal
Low
Cyber security management
28
requirements

Examples of other requirements this task affects

18.1.1: Identification of applicable legislation and contractual requirements
ISO 27001
ID.GV-3: Legal and regulatory requirements
NIST
HAL-05: Vaatimukset
Julkri
5.31: Legal, statutory, regulatory and contractual requirements
ISO 27001
2: Lainsäädäntö ja velvoitteet
Digiturvan kokonaiskuvapalvelu
See all related requirements and other information from tasks own page.
Go to >
Identification, documentation and management of other information security requirements
Internal audit procedure -report publishing and maintenance
Critical
High
Normal
Low
Cyber security management
26
requirements

Examples of other requirements this task affects

ID.GV-3: Legal and regulatory requirements
NIST
7.5: Requirements for documented information
ISO 27001
9.2: Internal audit
ISO 27001
CC1.5: Accountability for responsibilities
SOC 2
Article 5: Governance and organisation
DORA
See all related requirements and other information from tasks own page.
Go to >
Internal audit procedure -report publishing and maintenance
ISMS description and maintenance
Critical
High
Normal
Low
Cyber security management
48
requirements

Examples of other requirements this task affects

5.1.1: Policies for information security
ISO 27001
PR.AT-5: Physical and cybersecurity personnel
NIST
HAL-02: Tehtävät ja vastuut
Julkri
HAL-07: Seuranta ja valvonta
Julkri
HAL-09: Dokumentointi
Julkri
See all related requirements and other information from tasks own page.
Go to >
ISMS description and maintenance
Defining the frameworks that serve as the basis of the management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC3.1: Sufficient specifying of objectives
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Defining the frameworks that serve as the basis of the management system
Establishment of an independent security management body
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 34.1: Establish independent security management institutions
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Establishment of an independent security management body
Compliance and government interaction protocol for security risks
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 56: Measures to effect rectification and eliminate hidden dangers
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Compliance and government interaction protocol for security risks
Cooperation mechanisms to strengthen cybersecurity coordination
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 29: Cybersecurity cooperation among network operators
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Cooperation mechanisms to strengthen cybersecurity coordination
Code of conduct for business ethics
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 9: Cybersecurity protection obligations
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Code of conduct for business ethics
National cybersecurity ICT system usage (Poland)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

11: Zgłaszanie incydentów do CSIRT oraz odbiorców usług
NIS2 Poland
9: Współpraca z podmiotami Krajowego Systemu Cyberbezpieczeństwa
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
National cybersecurity ICT system usage (Poland)
Regular security audits of IT systems (Poland)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

15: Wymogi audytu bezpieczeństwa dla operatorów usług kluczowych
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Regular security audits of IT systems (Poland)
Qualifications of the auditor (Poland)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

15: Wymogi audytu bezpieczeństwa dla operatorów usług kluczowych
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Qualifications of the auditor (Poland)
Notification of participation in information exchange agreements (Estonia)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Notification of participation in information exchange agreements (Estonia)
Regular review of the cyber security risk documentation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13.7: Documenting cybersecurity
CRA
See all related requirements and other information from tasks own page.
Go to >
Regular review of the cyber security risk documentation
Documentation of risk assessment
Critical
High
Normal
Low
Cyber security management
7
requirements

Examples of other requirements this task affects

Article 13.3: Documenting risk assessment
CRA
11.7: Listei de active și riscuri
NIS2 Romania
12.2: Risk assessment measures
CER
§ 4-4: Krav til dokumentasjon
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Documentation of risk assessment
Provision of product information to the market surveillance authority
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13.22: Conformity
CRA
See all related requirements and other information from tasks own page.
Go to >
Provision of product information to the market surveillance authority
Single point of contact for reporting vulnerabilities
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 13.17: Single point of contact
CRA
See all related requirements and other information from tasks own page.
Go to >
Single point of contact for reporting vulnerabilities
Maintaining a coordinated vulnerability disclosure policy and reporting procedure
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Vuln.5: Coordinated vulnerability disclosure
CRA
See all related requirements and other information from tasks own page.
Go to >
Maintaining a coordinated vulnerability disclosure policy and reporting procedure
Cybersecurity requirements related to the use of AI
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 12.1: High risk AI
CRA
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity requirements related to the use of AI
Integration of change management procedures
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Integration of change management procedures
Disciplinary process for non-conformance
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Disciplinary process for non-conformance
Cyber security policy and procedure compliance requirements
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 10: Technical measures and other necessary measures to ensure secure and stable network operation
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Cyber security policy and procedure compliance requirements
Security related policies and procedures for all assets
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Art. 13.2.1: Mesures permanentes de sécurité intérieure
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Security related policies and procedures for all assets
Defining triggers for evaluating the information security management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Defining triggers for evaluating the information security management system
Review of information security management system best practices
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 6.1: Sikkerhetsstyringssystem
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Review of information security management system best practices
Defining system auditing roles and responsibilities
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

15: Wymogi audytu bezpieczeństwa dla operatorów usług kluczowych
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Defining system auditing roles and responsibilities
Reviewing security policies and procedures
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

5.1: Beleid voor informatiebeveiliging
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Reviewing security policies and procedures
Conducting business impact analysis
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Conducting business impact analysis
Creating and maintaining an asset management policy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining an asset management policy
Creating and maintaining physical and environmental security policy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining physical and environmental security policy
Creating and maintaining report on the review of the ICT risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining report on the review of the ICT risk management framework
Develop and maintain an ICT project management policy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Develop and maintain an ICT project management policy
Requirements for creating policies
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Requirements for creating policies
Establishing risk profile
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Establishing risk profile
Safeguards to protect PHI
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

5.12: Classificatie van informatie
NEN 7510
8.13: Back-up van informatie
NEN 7510
5.39: HLT – Unieke identificatie van zorgontvangers
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Safeguards to protect PHI
Security officer appointment and responsibilities (HIPAA)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Security officer appointment and responsibilities (HIPAA)
Evaluating compliance with HIPAA requirements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Evaluating compliance with HIPAA requirements
Establishing and maintaining the comprehensive ePHI security program
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

5.12: Classificatie van informatie
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining the comprehensive ePHI security program
Protection from retaliation and intimidation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Protection from retaliation and intimidation
Protecting HIPAA rights from being waived
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Protecting HIPAA rights from being waived
Implementation of policies and procedures
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Implementation of policies and procedures
Policies and procedures for HIPAA compliance
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Policies and procedures for HIPAA compliance
Appointing a qualified cybersecurity auditor (Malta)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

14.1: Appointment and approval of a qualified auditor for the verification of cybersecurity measures
NIS2 Malta
See all related requirements and other information from tasks own page.
Go to >
Appointing a qualified cybersecurity auditor (Malta)
Designation of the information security officer (Spain)
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Artículo 16.1: Designación del responsable de la seguridad de la información
NIS2 Spain
Artículo 16.2: Comunicación de la designación del responsable
NIS2 Spain
Artículo 16.4: Cualificaciones y posición organizativa
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Designation of the information security officer (Spain)
Statement of applied security measures (Spain)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Artículo 15.5: Declaración de aplicabilidad de sistemas
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Statement of applied security measures (Spain)
Cybersecurity compliance requirements for essential and important entities (Spain)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Artículo 15.4: Demostración y certificación de cumplimiento
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity compliance requirements for essential and important entities (Spain)
Adoption and implementation of security measures
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure
Loi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Adoption and implementation of security measures
Risk-based selection of security measures
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure
Loi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Risk-based selection of security measures
Security Plan development and implementation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 13.4: Période de mise en œuvre des mesures de sécurité
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Security Plan development and implementation
Security contact point for critical infrastructure
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 12.1-3: Point de contact pour la sécurité
Loi infrastructures critiques
13.3: Designated personnel
CER
See all related requirements and other information from tasks own page.
Go to >
Security contact point for critical infrastructure
Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 13.1: Plan de sécurité de l'opérateur
Loi infrastructures critiques
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)
Advance notification of planned cybersecurity audits
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

33.5: Ankündigung geplanter Prüfungen
NIS2 Austria
See all related requirements and other information from tasks own page.
Go to >
Advance notification of planned cybersecurity audits
Self-declaration submission (Austria)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

33.1: Selbstdeklaration
NIS2 Austria
See all related requirements and other information from tasks own page.
Go to >
Self-declaration submission (Austria)
Proof Obligations for Operators of Critical Infrastructure (Germany)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

39.1: Nachweispflichten für Betreiber kritischer Anlagen
NIS2 Germany
See all related requirements and other information from tasks own page.
Go to >
Proof Obligations for Operators of Critical Infrastructure (Germany)
Annual cybersecurity maturity self-assessment and reporting
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

12.4: Transmiterea autoevaluării anuale a maturității cibernetice
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Annual cybersecurity maturity self-assessment and reporting
Appointment of a Cyber Security Officer (Romania)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

14.3: Alocarea resurselor și desemnarea responsabililor de securitate
NIS2 Romania
14.4: Cerințe pentru responsabilul cu securitatea
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Cyber Security Officer (Romania)
Registration for official communication systems
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 9: Registrierung
CSV
See all related requirements and other information from tasks own page.
Go to >
Registration for official communication systems
Process for clarifying reporting obligations (Switzerland)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 13: Einreichung von Unterlagen zur Abklärung der Meldepflicht
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for clarifying reporting obligations (Switzerland)
Cooperation with supervisory authorities
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

§ 4-5.2: Varsling av tilsynsmyndigheten
Sikkerhetsloven
§ 14: Opplysningsplikt og tilgang til lokaler og utstyr
NIS2 NO
Article 28: Technical support and assistance to public security organs
CSL (China)
Article 49: Complaint and reporting systems for network information security
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Cooperation with supervisory authorities
Ensure the integrity of critical national information
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 5-2: Beskyttelse av skjermingsverdig informasjon
Sikkerhetsloven
§ 6-2: Beskyttelse av skjermingsverdige informasjonssystemer
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Ensure the integrity of critical national information
Notifying authorities of high-risk procurements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 9-4.2: Varsling til departementet
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Notifying authorities of high-risk procurements
Notify termination of security-sensitive activity
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt
SSL
See all related requirements and other information from tasks own page.
Go to >
Notify termination of security-sensitive activity
Notify start of security-sensitive activity
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt
SSL
See all related requirements and other information from tasks own page.
Go to >
Notify start of security-sensitive activity
Appointment and role of the Security Protection Manager
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.7: Säkerhetsskyddschef
SSL
See all related requirements and other information from tasks own page.
Go to >
Appointment and role of the Security Protection Manager
Appointment of a Chief Information Security Officer (Greece)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

15.5.α: Υπεύθυνος ασφάλειας πληροφοριών
NIS2 Greece
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Chief Information Security Officer (Greece)
Review reporting of simplified ICT risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 41: Format and content of the report on the review of the simplified ICT risk management framework
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Review reporting of simplified ICT risk management framework
ICT project management procedure
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 38: ICT project and change management
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
ICT project management procedure
Auditing of risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 28: Governance and organization
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Auditing of risk management framework
Creation and maintenance of governance and control framework
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 28: Governance and organization
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Creation and maintenance of governance and control framework
Notification of a significant incident with cross-border and cross-sectoral impact
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

Članak 40: Obavještavanje o značajnom incidentu s prekograničnim i međusektorskim učinkom
NIS2 Croatia
15.3: Informații privind impactul transfrontalier al incidentelor
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Notification of a significant incident with cross-border and cross-sectoral impact
Conducting an external audit
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Članak 34: Provedba revizije kibernetičke sigurnosti
NIS2 Croatia
11.5: Auditului de securitate
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Conducting an external audit
Notifying the administrative body of incidents
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 23.3: Comunicazione
NIS2 Italy
Article 56: Measures to effect rectification and eliminate hidden dangers
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Notifying the administrative body of incidents
Appointment of a Cyber Security Officer (Lithuania)
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

15.2.: Paskirti saugos įgaliotinį
NIS2 Lithuania
15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė
NIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymas
NIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Cyber Security Officer (Lithuania)
Appointment of a Chief Information Security Officer (Lithuania)
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

15.1.: Paskirti kibernetinio saugumo vadovą
NIS2 Lithuania
15.3.: Kibernetinio saugumo vaidmenys ir atsakomybė
NIS2 Lithuania
15.4.: Kibernetinio saugumo valdymo užsakymas
NIS2 Lithuania
15.5.: Kibernetinio saugumo vadovas ir saugos įgaliotinis reikalavimai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Chief Information Security Officer (Lithuania)
Cybersecurity auditing (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

14.8.: Kibernetinio saugumo auditai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity auditing (Lithuania)
Technical cyber security measures (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

16.4.: Esminiai subjektai sudary sąlygas Nacionaliniam kibernetinio saugumo centrui technines kibernetinio saugumo priemones
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Technical cyber security measures (Lithuania)
Usage of data centers (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

38.1.: Duomenų centrų naudojimas saugaus tinklo naudotojams
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Usage of data centers (Lithuania)
Usage of the Secure Network (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

37.1.: Saugus institucijų tinklas (Valstybės ir savivaldybių institucijos ir įstaigos, valstybės valdomos įmonės ir viešosios įstaigos)
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Usage of the Secure Network (Lithuania)
Cyber Security Information System usage (Lithuania)
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

19.1.: Kibernetinio saugumo informacinė sistema
NIS2 Lithuania
19.3.: Kibernetinio saugumo informacinės sistemos naudojimas
NIS2 Lithuania
19.4.: Dalijimosi informacija susitarimai
NIS2 Lithuania
See all related requirements and other information from tasks own page.
Go to >
Cyber Security Information System usage (Lithuania)
Providing the security managers information to a competent authority
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

25.(2): Paziņojums par kiberdrošības vadītāja iecelšanu
NIS2 Latvia
25.(3): Kiberdrošības pārvaldnieka atbilstība
NIS2 Latvia
25.(4): Paziņojums par izmaiņām
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Providing the security managers information to a competent authority
Appointment, tasks and position of a Cyber security manager
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

25.(1): Kiberdrošības pārvaldību
NIS2 Latvia
25.(5): kiberdrošības pārvaldnieka pienākumi
NIS2 Latvia
See all related requirements and other information from tasks own page.
Go to >
Appointment, tasks and position of a Cyber security manager
Assessment of conformity (Belgium)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

39: Conformité et audits
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Assessment of conformity (Belgium)
Documentation of organization's dependencies on external resources
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

GV.OC-05: Organizational dependencies on outcomes and services
NIST 2.0
§ 4-2: Vurdering av risiko
Sikkerhetsloven
§ 7: Risikovurdering
NIS2 NO
See all related requirements and other information from tasks own page.
Go to >
Documentation of organization's dependencies on external resources
Strategic directions of risk response options
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

GV.RM-04: Strategic direction of risk response options
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Strategic directions of risk response options
Identify the organisation's strategy and priorities
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

1.1.1: Identify the organisation’s strategy and priorities
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Identify the organisation's strategy and priorities
Implementing a crisis response strategy
Critical
High
Normal
Low
Cyber security management
24
requirements

Examples of other requirements this task affects

RC.CO-2: Reputation is repaired after an incident.
CyberFundamentals
4.3.2: Determine whether the incident is under control and take the necessary reactive measures
NSM ICT-SP
4.3.5: Co-ordinate and communicate with internal and external stakeholders while managing the incident
NSM ICT-SP
30 § 1°: Gestion des risques et maîtrise des incidents
NIS2 Belgium
30 § 3.3°: La continuité et la gestion des crises
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Implementing a crisis response strategy
Recognizing and listing sensitive work fields and jobs
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

2.1.1: Competence of employees
TISAX
See all related requirements and other information from tasks own page.
Go to >
Recognizing and listing sensitive work fields and jobs
Description of cyber security structure
Critical
High
Normal
Low
Cyber security management
8
requirements

Examples of other requirements this task affects

1.2.2: Information Security Responsibilities
TISAX
14.3: Alocarea resurselor și desemnarea responsabililor de securitate
NIS2 Romania
§ 9: Organisatoriske sikkerhetstiltak
NIS2 NO
5.2: Rollen en verantwoordelijkheden op het gebied van informatiebeveiliging
NEN 7510
Article 27: Individual and organizational obligations in cases of activities endangering cybersecurity
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Description of cyber security structure
Monitoring and analysing effectiveness of digital operational resilience strategy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13: Learning and evolving
DORA
See all related requirements and other information from tasks own page.
Go to >
Monitoring and analysing effectiveness of digital operational resilience strategy
Learning from testing operational resilience
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

Article 13: Learning and evolving
DORA
RC.IM-1: Recovery plans incorporate lessons learned.
CyberFundamentals
ID.IM-02: Improvements from security tests and exercises
NIST 2.0
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.
Loi infrastructures critiques
13.1.d: Recovering from incidents
CER
See all related requirements and other information from tasks own page.
Go to >
Learning from testing operational resilience
Adequate security principles of the organisation in terms of classified information
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

T-01: SUPPORT FROM THE MANAGEMENT, GUIDANCE, RESPONSIBILITIES – SECURITY PRINCIPLES
Katakri 2020
§ 2.4: Personalsäkerhetsskyddsåtgärder
SSL
See all related requirements and other information from tasks own page.
Go to >
Adequate security principles of the organisation in terms of classified information
Defining security roles and responsibilities
Critical
High
Normal
Low
Cyber security management
50
requirements

Examples of other requirements this task affects

24. Responsibility of the controller
GDPR
6.1.1: Information security roles and responsibilities
ISO 27001
T02: Turvallisuustyön tehtävien ja vastuiden määrittäminen
Katakri
ID.AM-6: Cybersecurity roles and responsibilities
NIST
ID.GV-2: Cybersecurity role coordination
NIST
See all related requirements and other information from tasks own page.
Go to >
Defining security roles and responsibilities
Amount, competence and adequacy of key cyber security personnel
Critical
High
Normal
Low
Cyber security management
44
requirements

Examples of other requirements this task affects

32. Security of processing
GDPR
37. Designation of the data protection officer
GDPR
6.1.1: Information security roles and responsibilities
ISO 27001
T03: Turvallisuustyön resurssit
Katakri
ID.GV-2: Cybersecurity role coordination
NIST
See all related requirements and other information from tasks own page.
Go to >
Amount, competence and adequacy of key cyber security personnel
Management commitment to cyber security management and management system
Critical
High
Normal
Low
Cyber security management
59
requirements

Examples of other requirements this task affects

24. Responsibility of the controller
GDPR
5.1.1: Policies for information security
ISO 27001
7.2.1: Management responsibilities
ISO 27001
7.2.2: Information security awareness, education and training
ISO 27001
ID.GV-1: Cybersecurity policy
NIST
See all related requirements and other information from tasks own page.
Go to >
Management commitment to cyber security management and management system
Incident management resourcing and monitoring
Critical
High
Normal
Low
Cyber security management
22
requirements

Examples of other requirements this task affects

24. Responsibility of the controller
GDPR
7.2.1: Management responsibilities
ISO 27001
16.1.1: Responsibilities and procedures
ISO 27001
5.24: Information security incident management planning and preparation
ISO 27001
Article 17: ICT-related incident management process
DORA
See all related requirements and other information from tasks own page.
Go to >
Incident management resourcing and monitoring
General security competence and awareness of personnel
Critical
High
Normal
Low
Cyber security management
46
requirements

Examples of other requirements this task affects

29. Processing under the authority of the controller or processor
GDPR
32. Security of processing
GDPR
7.2.1: Management responsibilities
ISO 27001
7.2.2: Information security awareness, education and training
ISO 27001
PR.AT-1: Awareness
NIST
See all related requirements and other information from tasks own page.
Go to >
General security competence and awareness of personnel

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security