Content library
Cyber security management
Creation and maintenance of the information security plan report
Risk management and leadership
Cyber security management

Creation and maintenance of the information security plan report

Start free trial

Task description

Creation and maintenance of the information security plan report

The organization must create and maintain an information security plan.

In accordance with Section 27 of the Client Data Act, the service provider must draw up an information security plan related to information security, data protection, and the use of information systems.

The information security plan under this regulation (REGULATION 3/2024) should not be included in or combined with self-monitoring plans that are published or made publicly available. The information security plan and the appendix documents referred to therein must be handled and stored taking into account the necessary protection from third parties, and if necessary, they must be marked as confidential information.

Requirements connected to the task

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessa
Tietoturvasuunnitelma (THL 3/2024)

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Appointment and responsibilities of a security officer for information systems (Hungary)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

11. §: Az elektronikus információs rendszer biztonságáért felelős személy
NIS2 Hungary
6. § (3).2: Szerepkörök és felelősségek
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Appointment and responsibilities of a security officer for information systems (Hungary)
Creation and maintenance of the information security plan report
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

3: Vastuut tietoturvan sekä asiakastietojen asianmukaisen käsittelyn varmistamisessa
Tietoturvasuunnitelma
See all related requirements and other information from tasks own page.
Go to >
Creation and maintenance of the information security plan report
Audit programme planning and management
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Audit programme planning and management
Management of audit nonconformities and follow up
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Management of audit nonconformities and follow up
Management commitment to the BCMS
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Management commitment to the BCMS
Identification of internal and external factors for business continuity management
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Identification of internal and external factors for business continuity management
Management of legal and regulatory requirements for business continuity
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Management of legal and regulatory requirements for business continuity
Regular compliance self-assessment of cybersecurity management
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

51: Metinis atitikties vertinimo teikimas NKSC
NIS2 Guide Lithuania
48: Atitikties vertinimas ir audito procedūra
NIS2 Guide Lithuania
6. § (3).10: A biztonsági intézkedések időszakos értékelése
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Regular compliance self-assessment of cybersecurity management
Submission of cybersecurity documents to NKSC (Lithuania)
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

5: Kibernetinio saugumo politikos pateikimas NKSC
NIS2 Guide Lithuania
29: Verslo tęstinumo testo ataskaitos pateikimas
NIS2 Guide Lithuania
13-14: Rizikos vertinimo rezultatų teikimas ir dokumentų saugojimas
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Submission of cybersecurity documents to NKSC (Lithuania)
Management responsibility for cyber security (Hungary)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

6. § (6): A vezetői felelősség köre
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Management responsibility for cyber security (Hungary)
Information security policy -report publishing, informing and maintenance
Critical
High
Normal
Low
Cyber security management
81
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
1.1.1: Availability of information security policies
TISAX
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
See all related requirements and other information from tasks own page.
Go to >
Information security policy -report publishing, informing and maintenance
Defining and documenting security objectives
Critical
High
Normal
Low
Cyber security management
54
requirements

Examples of other requirements this task affects

Članak 29.a: Upravljanje
NIS2 Croatia
10 §: Johdon vastuu
Kyberturvallisuuslaki
9.2 §: Kyberturvallisuuden toimintaperiaatteet
Kyberturvallisuuslaki
31 § 1°: Approbation des mesures de gestion des risques de cybersécurité
NIS2 Belgium
ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Defining and documenting security objectives
Executing and documenting internal audits
Critical
High
Normal
Low
Cyber security management
78
requirements

Examples of other requirements this task affects

9.2: Internal audit
ISO 9001
Članak 30.1.f: Politike i postupke za procjenu djelotvornosti mjera upravljanja kibernetičkim sigurnosnim rizicima
NIS2 Croatia
Članak 35: Provedba samoprocjene kibernetičke sigurnosti
NIS2 Croatia
9.1 §: Toimien vaikuttavuuden arviointi
Kyberturvallisuuslaki
1.5.1: Assessment of policies and requirements
TISAX
See all related requirements and other information from tasks own page.
Go to >
Executing and documenting internal audits
Creating and maintaining a statement of applicability
Critical
High
Normal
Low
Cyber security management
6
requirements

Examples of other requirements this task affects

6.1: Information security risk management
ISO 27001
7.5: Requirements for documented information
ISO 27001
1.2.1: Scope of Information Security management
TISAX
6.1: Maatregelen om risico's en kansen aan te pakken
NEN 7510
7.5: Vereisten voor gedocumenteerde informatie
NEN 7510
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining a statement of applicability
Identification, documentation and management of other information security requirements
Critical
High
Normal
Low
Cyber security management
34
requirements

Examples of other requirements this task affects

18.1.1: Identification of applicable legislation and contractual requirements
ISO 27001
ID.GV-3: Legal and regulatory requirements
NIST
HAL-05: Vaatimukset
Julkri
5.31: Legal, statutory, regulatory and contractual requirements
ISO 27001
2: Lainsäädäntö ja velvoitteet
Digiturvan kokonaiskuvapalvelu
See all related requirements and other information from tasks own page.
Go to >
Identification, documentation and management of other information security requirements
Internal audit procedure -report publishing and maintenance
Critical
High
Normal
Low
Cyber security management
36
requirements

Examples of other requirements this task affects

ID.GV-3: Legal and regulatory requirements
NIST
7.5: Requirements for documented information
ISO 27001
9.2: Internal audit
ISO 27001
CC1.5: Accountability for responsibilities
SOC 2
Article 5: Governance and organisation
DORA
See all related requirements and other information from tasks own page.
Go to >
Internal audit procedure -report publishing and maintenance
ISMS description and maintenance
Critical
High
Normal
Low
Cyber security management
60
requirements

Examples of other requirements this task affects

2.1: Tietoturvallisuusvastuiden määrittely
TiHL tietoturvavaatimukset
2.3: Tietoturvallisuus tiedonhallintamallissa
TiHL tietoturvavaatimukset
1.2.1: Scope of Information Security management
TISAX
PR.AT-5: Physical security and cybersecurity personnel understand their roles and responsibilities.
CyberFundamentals
Article 21: Ensuring the network is free from interference, damage or unauthorized access
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
ISMS description and maintenance
Defining the frameworks that serve as the basis of the management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

CC3.1: Sufficient specifying of objectives
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Defining the frameworks that serve as the basis of the management system
Business continuity legal and policy compliance review
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Business continuity legal and policy compliance review
System administrator appointment and responsibilities
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

21: Administratoriaus paskyrimas ir pareigos
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
System administrator appointment and responsibilities
Notification of the appointment of a cybersecurity officer (Lithuania)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

17-18: Pranešimas apie paskirtus kibernetinio saugumo atsakingus asmenis
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Notification of the appointment of a cybersecurity officer (Lithuania)
Security instructions and account compliance
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

20: Kibernetinio saugumo vadovo ir (arba) saugumo pareigūno pareigos
NIS2 Guide Lithuania
69.75: Vietinės paskyros atitiktis reikalavimams
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Security instructions and account compliance
Periodic review of the information security policy (Hungary)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

6. § (4): A biztonsági intézkedések időszakos felülvizsgálata
NIS2 Hungary
6. § (3).7: Információbiztonsági politika kezelése
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Periodic review of the information security policy (Hungary)
Management reporting on information security
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 15: Rapportering till ledningen
MSBFS 2020:6
See all related requirements and other information from tasks own page.
Go to >
Management reporting on information security
Delegating security decision-making authority
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

A1.c: Decision-making
CAF 4.0
See all related requirements and other information from tasks own page.
Go to >
Delegating security decision-making authority
Compliance with the regulatory guidelines of competent cybersecurity authorities
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

40°: Notificação obrigatória
NIS2 Portugal
6. § (5).g: A hatósági iránymutatásoknak való megfelelés
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Compliance with the regulatory guidelines of competent cybersecurity authorities
Designation and responsibilities of the cybersecurity officer (Portugal)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

31°: Designação do responsável de cibersegurança
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Designation and responsibilities of the cybersecurity officer (Portugal)
Establishment of security policies and measures (Portugal)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

29°.2: Adoção de medidas de cibersegurança
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Establishment of security policies and measures (Portugal)
Monitoring of technical and regulatory developments (Portugal)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

29°.2: Adoção de medidas de cibersegurança
NIS2 Portugal
See all related requirements and other information from tasks own page.
Go to >
Monitoring of technical and regulatory developments (Portugal)
Cybersecurity management roles and responsibilities
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 20.4.h: Určenie zodpovednosti za schvaľovanie bezpečnostných opatrení
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity management roles and responsibilities
Appointment and role of the cybersecurity manager
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 20.4.a: Vymenovanie nezávislého manažéra kybernetickej bezpečnosti
NIS2 Slovakia
6. § (6): A vezetői felelősség köre
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Appointment and role of the cybersecurity manager
Plan for remedying non-compliances
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Člen 25: Ocena skladnosti in samoocenjevanje organizacij
NIS2 Slovenia
See all related requirements and other information from tasks own page.
Go to >
Plan for remedying non-compliances
Procedure for advisory assignments
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 18 : Rådgivande uppdrag
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Procedure for advisory assignments
Principles for personal data protection audits
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 36.1-2: Auditing
PDPL
Article 17.3-4: Periodic assessment of processor compliance
PDPL
See all related requirements and other information from tasks own page.
Go to >
Principles for personal data protection audits
Establishing leadership roles in preparedness and security (Denmark)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 11: Koordinator for beredskab, cyberkoordinator og sikringskoordinatorer
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Establishing leadership roles in preparedness and security (Denmark)
Management approval of key risk and preparedness documentation
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

§ 10: Ledelsesorganets forpligtelser
Energisektor beredskabsbekendtgørelse
§ 19: Beredskabs- og krisestyringsplaner
Energisektor beredskabsbekendtgørelse
§ 28: Godkendelse af risikovurderinger
Energisektor beredskabsbekendtgørelse
§ 18: Risiko- og sårbarhedsvurdering
Energisektor beredskabsbekendtgørelse
10: Rizikos vertinimo ataskaitos ir rizikos valdymo plano patvirtinimas
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Management approval of key risk and preparedness documentation
Operational contact point management (Denmark-energy)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 73: Operationelt kontaktpunkt
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Operational contact point management (Denmark-energy)
External reporting process for the management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
External reporting process for the management system
Establishment of an independent security management body
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 34.1: Establish independent security management institutions
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Establishment of an independent security management body
Compliance and government interaction protocol for security risks
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 56: Measures to effect rectification and eliminate hidden dangers
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Compliance and government interaction protocol for security risks
Cooperation mechanisms to strengthen cybersecurity coordination
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 29: Cybersecurity cooperation among network operators
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Cooperation mechanisms to strengthen cybersecurity coordination
Code of conduct for business ethics
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 9: Cybersecurity protection obligations
CSL (China)
See all related requirements and other information from tasks own page.
Go to >
Code of conduct for business ethics
National cybersecurity ICT system usage (Poland)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

11: Zgłaszanie incydentów do CSIRT oraz odbiorców usług
NIS2 Poland
9: Współpraca z podmiotami Krajowego Systemu Cyberbezpieczeństwa
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
National cybersecurity ICT system usage (Poland)
Regular security audits of IT systems (Poland)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

15: Wymogi audytu bezpieczeństwa dla operatorów usług kluczowych
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Regular security audits of IT systems (Poland)
Qualifications of the auditor (Poland)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

15: Wymogi audytu bezpieczeństwa dla operatorów usług kluczowych
NIS2 Poland
See all related requirements and other information from tasks own page.
Go to >
Qualifications of the auditor (Poland)
Notification of participation in information exchange agreements (Estonia)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Notification of participation in information exchange agreements (Estonia)
Regular review of the cyber security risk documentation
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

Article 13.7: Documenting cybersecurity
CRA
2.1.4: Review of risk assessments and treatment plans
NIS2 Guide
7-9: Kibernetinio saugumo rizikos vertinimas ir valdymas
NIS2 Guide Lithuania
11: Rizikos vertinimo ataskaita
NIS2 Guide Lithuania
6. § (3).10: A biztonsági intézkedések időszakos értékelése
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Regular review of the cyber security risk documentation
Documentation of risk assessment
Critical
High
Normal
Low
Cyber security management
13
requirements

Examples of other requirements this task affects

Article 13.3: Documenting risk assessment
CRA
11.7: Listei de active și riscuri
NIS2 Romania
12.2: Risk assessment measures
CER
§ 4-4: Krav til dokumentasjon
Sikkerhetsloven
§ 13: Riskbedömning
NIS2 Åland
See all related requirements and other information from tasks own page.
Go to >
Documentation of risk assessment
Provision of product information to the market surveillance authority
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 13.22: Conformity
CRA
See all related requirements and other information from tasks own page.
Go to >
Provision of product information to the market surveillance authority
Single point of contact for reporting vulnerabilities
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 13.17: Single point of contact
CRA
See all related requirements and other information from tasks own page.
Go to >
Single point of contact for reporting vulnerabilities
Maintaining a coordinated vulnerability disclosure policy and reporting procedure
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Vuln.5: Coordinated vulnerability disclosure
CRA
§ 24.5: Hlásenie kybernetických hrozieb a zraniteľností
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Maintaining a coordinated vulnerability disclosure policy and reporting procedure
Cybersecurity requirements related to the use of AI
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 12.1: High risk AI
CRA
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity requirements related to the use of AI
Integration of change management procedures
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Integration of change management procedures
Disciplinary process for non-conformance
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

10.4: Disciplinary process
NIS2 Guide
See all related requirements and other information from tasks own page.
Go to >
Disciplinary process for non-conformance
Cyber security policy and procedure compliance requirements
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

Article 10: Technical measures and other necessary measures to ensure secure and stable network operation
CSL (China)
§ 17: Standarder för kritiska verksamhetsutövare
NIS2 Åland
Article 23: Information security
PDPL
See all related requirements and other information from tasks own page.
Go to >
Cyber security policy and procedure compliance requirements
Security related policies and procedures for all assets
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

Art. 13.2.1: Mesures permanentes de sécurité intérieure
Loi infrastructures critiques
§ 44: Politik for informationssystemsikkerhed
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Security related policies and procedures for all assets
Defining triggers for evaluating the information security management system
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Defining triggers for evaluating the information security management system
Review of information security management system best practices
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

§ 6.1: Sikkerhetsstyringssystem
NIS2 NO
47.37: OWASP pagrįsti žiniatinklio saugumo standartai
NIS2 Guide Lithuania
See all related requirements and other information from tasks own page.
Go to >
Review of information security management system best practices
Defining system auditing roles and responsibilities
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

15: Wymogi audytu bezpieczeństwa dla operatorów usług kluczowych
NIS2 Poland
Člen 49: Določitev revizorja informacijskih sistemov
NIS2 Slovenia
See all related requirements and other information from tasks own page.
Go to >
Defining system auditing roles and responsibilities
Reviewing security policies and procedures
Critical
High
Normal
Low
Cyber security management
4
requirements

Examples of other requirements this task affects

5.1: Beleid voor informatiebeveiliging
NEN 7510
§ 71: Politik og procedurer for sikkerhedsevaluering
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Reviewing security policies and procedures
Conducting business impact analysis
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

4.1.3: Business impact analysis
NIS2 Guide
See all related requirements and other information from tasks own page.
Go to >
Conducting business impact analysis
Creating and maintaining an asset management policy
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

12.2: Handling of assets
NIS2 Guide
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining an asset management policy
Creating and maintaining physical and environmental security policy
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Člen 22.2.9: Upravljanje omrežja in komunikacij
NIS2 Slovenia
13.2: Protection against physical and environmental threats
NIS2 Guide
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining physical and environmental security policy
Creating and maintaining report on the review of the ICT risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating and maintaining report on the review of the ICT risk management framework
Develop and maintain an ICT project management policy
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Develop and maintain an ICT project management policy
Requirements for creating policies
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Requirements for creating policies
Establishing risk profile
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Establishing risk profile
Safeguards to protect PHI
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

5.12: Classificatie van informatie
NEN 7510
8.13: Back-up van informatie
NEN 7510
5.39: HLT – Unieke identificatie van zorgontvangers
NEN 7510
Article 26: Processing health data
PDPL
See all related requirements and other information from tasks own page.
Go to >
Safeguards to protect PHI
Security officer appointment and responsibilities (HIPAA)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Security officer appointment and responsibilities (HIPAA)
Evaluating compliance with HIPAA requirements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Evaluating compliance with HIPAA requirements
Establishing and maintaining the comprehensive ePHI security program
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

5.12: Classificatie van informatie
NEN 7510
Article 26: Processing health data
PDPL
See all related requirements and other information from tasks own page.
Go to >
Establishing and maintaining the comprehensive ePHI security program
Protection from retaliation and intimidation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Protection from retaliation and intimidation
Protecting HIPAA rights from being waived
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Protecting HIPAA rights from being waived
Implementation of policies and procedures
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Implementation of policies and procedures
Policies and procedures for HIPAA compliance
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Policies and procedures for HIPAA compliance
Appointing a qualified cybersecurity auditor (Malta)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

14.1: Appointment and approval of a qualified auditor for the verification of cybersecurity measures
NIS2 Malta
See all related requirements and other information from tasks own page.
Go to >
Appointing a qualified cybersecurity auditor (Malta)
Designation of the information security officer (Spain)
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Artículo 16.1: Designación del responsable de la seguridad de la información
NIS2 Spain
Artículo 16.2: Comunicación de la designación del responsable
NIS2 Spain
Artículo 16.4: Cualificaciones y posición organizativa
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Designation of the information security officer (Spain)
Statement of applied security measures (Spain)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Artículo 15.5: Declaración de aplicabilidad de sistemas
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Statement of applied security measures (Spain)
Cybersecurity compliance requirements for essential and important entities (Spain)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Artículo 15.4: Demostración y certificación de cumplimiento
NIS2 Spain
See all related requirements and other information from tasks own page.
Go to >
Cybersecurity compliance requirements for essential and important entities (Spain)
Adoption and implementation of security measures
Critical
High
Normal
Low
Cyber security management
6
requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure
Loi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak
Sikkerhetsloven
§ 6: Hur informationssäkerhetsarbetet ska bedrivas
MSBFS 2020:6
§ 19.6.g: Implementácia bezpečnostných opatrení
NIS2 Slovakia
§ 29.2: Povinnosť auditu pri bezpečnostných zmenách
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Adoption and implementation of security measures
Risk-based selection of security measures
Critical
High
Normal
Low
Cyber security management
5
requirements

Examples of other requirements this task affects

Art. 13.3.4: Identification, sélection et priorisation des mesures de sécurité intérieure
Loi infrastructures critiques
§ 4-3.(1-2): Plikt til å gjennomføre sikkerhetstiltak
Sikkerhetsloven
29°.2: Adoção de medidas de cibersegurança
NIS2 Portugal
2.1.3: Selection of risk treatment measures
NIS2 Guide
6. § (3).9: A biztonsági intézkedések kezdeti értékelése
NIS2 Hungary
See all related requirements and other information from tasks own page.
Go to >
Risk-based selection of security measures
Security Plan development and implementation
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 13.4: Période de mise en œuvre des mesures de sécurité
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Security Plan development and implementation
Security contact point for critical infrastructure
Critical
High
Normal
Low
Cyber security management
3
requirements

Examples of other requirements this task affects

Art. 12.1-3: Point de contact pour la sécurité
Loi infrastructures critiques
13.3: Designated personnel
CER
§ 73: Operationelt kontaktpunkt
Energisektor beredskabsbekendtgørelse
See all related requirements and other information from tasks own page.
Go to >
Security contact point for critical infrastructure
Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Art. 13.1: Plan de sécurité de l'opérateur
Loi infrastructures critiques
Art. 13.6: Organisation des exercices et mise à jour de l'P.S.E.
Loi infrastructures critiques
See all related requirements and other information from tasks own page.
Go to >
Development and maintenance of the Operator Security Plan (O.S.P.) (Belgium)
Self-declaration submission (Austria)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 33.(1): Selbstdeklaration
NIS2 Austria
See all related requirements and other information from tasks own page.
Go to >
Self-declaration submission (Austria)
Audit requirements and compliance reporting for operators of critical infrastructure (Germany)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 39.(1): Prüfungsanforderungen und Compliance-Berichterstattung für Betreiber kritischer Infrastrukturen
NIS2 Germany
See all related requirements and other information from tasks own page.
Go to >
Audit requirements and compliance reporting for operators of critical infrastructure (Germany)
Annual cybersecurity maturity self-assessment and reporting
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

12.4: Transmiterea autoevaluării anuale a maturității cibernetice
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Annual cybersecurity maturity self-assessment and reporting
Appointment of a Cyber Security Officer (Romania)
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

14.3: Alocarea resurselor și desemnarea responsabililor de securitate
NIS2 Romania
14.4: Cerințe pentru responsabilul cu securitatea
NIS2 Romania
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Cyber Security Officer (Romania)
Registration for official communication systems
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 9: Registrierung
CSV
See all related requirements and other information from tasks own page.
Go to >
Registration for official communication systems
Process for clarifying reporting obligations (Switzerland)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Art. 13: Einreichung von Unterlagen zur Abklärung der Meldepflicht
CSV
See all related requirements and other information from tasks own page.
Go to >
Process for clarifying reporting obligations (Switzerland)
Cooperation with supervisory authorities
Critical
High
Normal
Low
Cyber security management
6
requirements

Examples of other requirements this task affects

§ 4-5.2: Varsling av tilsynsmyndigheten
Sikkerhetsloven
§ 14: Opplysningsplikt og tilgang til lokaler og utstyr
NIS2 NO
Article 28: Technical support and assistance to public security organs
CSL (China)
Article 49: Complaint and reporting systems for network information security
CSL (China)
§ 19.6.c: Povinnosť spolupracovať
NIS2 Slovakia
See all related requirements and other information from tasks own page.
Go to >
Cooperation with supervisory authorities
Ensure the integrity of critical national information
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 5-2: Beskyttelse av skjermingsverdig informasjon
Sikkerhetsloven
§ 6-2: Beskyttelse av skjermingsverdige informasjonssystemer
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Ensure the integrity of critical national information
Notifying authorities of high-risk procurements
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 9-4.2: Varsling til departementet
Sikkerhetsloven
See all related requirements and other information from tasks own page.
Go to >
Notifying authorities of high-risk procurements
Notify termination of security-sensitive activity
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt
SSL
See all related requirements and other information from tasks own page.
Go to >
Notify termination of security-sensitive activity
Notify start of security-sensitive activity
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.6: Anmälningsplikt
SSL
See all related requirements and other information from tasks own page.
Go to >
Notify start of security-sensitive activity
Appointment and role of the Security Protection Manager
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

§ 2.7: Säkerhetsskyddschef
SSL
See all related requirements and other information from tasks own page.
Go to >
Appointment and role of the Security Protection Manager
Appointment of a Chief Information Security Officer (Greece)
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

15.5.α: Υπεύθυνος ασφάλειας πληροφοριών
NIS2 Greece
See all related requirements and other information from tasks own page.
Go to >
Appointment of a Chief Information Security Officer (Greece)
Review reporting of simplified ICT risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 41: Format and content of the report on the review of the simplified ICT risk management framework
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Review reporting of simplified ICT risk management framework
ICT project management procedure
Critical
High
Normal
Low
Cyber security management
2
requirements

Examples of other requirements this task affects

Article 38: ICT project and change management
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
ICT project management procedure
Auditing of risk management framework
Critical
High
Normal
Low
Cyber security management
1
requirements

Examples of other requirements this task affects

Article 28: Governance and organization
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Auditing of risk management framework

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templatesTrust center
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessmentsInternal audits
Resources
AcademyWebinarsBlogHelp articlesVideo coursesTrust centerContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security