0333 444 0881
0333 444 0881

NIS Directive Alignment Service


As part of the Government’s £1.9 billion National Cyber Security Strategy to protect the UK in cyber space, the NIS Regulations, which came into force on 10 May 2018 provide legal measures to boost the overall level of security (both cyber and physical resilience) of network and information systems that are critical for the provision of digital services (online marketplaces, online search engines, cloud computing services) and essential services (transport, energy, water, health, and digital infrastructure services). Our NIS Directive Alignment Service is also a component of our broader Operational Technology Services capability.


Our NIS Directive Alignment Service has been designed to help organisations meet their NIS obligations, and comprises the following steps:

  • We help you Identify if you are subject to NIS Regulations and what is in scope.
  • We’ll complete a NIS Regulations & CAF  Assessment.
  • We then propose changes under the NCSC’s Cyber Assessment Framework.
  • Produce a service definition/scope definition.
  • Provide a final assessment and report with improvement actions.

The Security of Network & Information Systems Regulations

The NIS Regulations establish multiple competent authorities which are responsible for the oversight and enforcement of the NIS Regulations in each sector or region covered by the NIS Regulations. The Government has published guidance for the Competent Authorities to help them carry out their functions under the NIS Regulations. The guidance can be found here.

Cyber incidents can result in a number of different consequences, depending on the nature of the computer systems targeted, and intention of the perpetrators. Circumstances in which the possible consequences of cyber incidents are extremely serious or even, perhaps, catastrophic generally require very robust levels of cyber security and resilience. It is for these circumstances that the National Cyber Security Centre (NCSC) has developed the Cyber Assessment Framework (CAF) collection which is intended for use by organisations that are responsible for services and activities that are of vital importance to us all.

The organisations likely to find the Cyber Assessment Framework most useful fall into three broad categories, namely

  • Organisations within the UK Critical National Infrastructure (CNI)
  • Organisations subject to NIS Directive cyber regulation
  • Organisations managing cyber-related risks to public safety

Service Features

Identifying the assets that require protection.

Analysis of Connection Interfaces.

Analysis of legacy or proprietary communications protocols.

Identifying relevant threats and weaknesses, and identifying exploitable vulnerabilities.

Assessing the level of threat posed by threat agents.

Determining the business impacts of risks being realised.

Producing a technical risk assessment.

Advising on suitable control implementation.

Service Benefits

Establish a baseline risk position for your security programme.

Understand impact of existing control gaps to drive security improvements.

Inform more effective operations, architecture, strategy built on prioritised guidance.

Development of a robust security architecture aligned to business objectives, and improve cost control.

Getting Started

During a Client engagement our Consultants pass through six key phases that form the anatomy of how we manage a typical consulting project.  We appreciate every assignment is different, so we have flexible processes in place to bring our experts onboard quickly and effectively without disrupting existing work programmes. We are happy to provide our services at any stage of the lifecycle.

Cyber Security Engagement Lifecycle

Pragmatic & Business Focused Security Consultancy Services

We deliver security capability at all levels of an organisation and are on hand to help ensure that your projects deliver solutions
that are appropriately aligned to your cyber security risk position and satisfy your regulatory compliance requirements.
Learn more about how we can help you achieve your critical priorities:

    The Cyber Smart Consulting Team will respond within 48 hours.