This website uses cookies to enhance your experience. For more information, please refer to our Cookies Policy. Reject Accept Cookies
wesecure@roboyo.pt +351 932 942 002

Select language:

LEGAL FRAMEWORK FOR CYBERSPACE SECURITY (EU Directive 2019/881)

The European Directive 2019/881 (April 17, 2019) establishes a cybersecurity certification framework and outlines the obligations of entities operating within the European Union. Each member state transposes this directive into national law, ensuring compliance with cybersecurity requirements.
Thus, all
  •     Public Administration Entities,
  •     Operators of Critical Infrastructures and Essential Services
  •     Providers of Digital Services
      • are required to:
    •     Designate and communicate to the relevant national cybersecurity authority the identity and contact details of their security officer and a permanent contact within the organization;
    •     Develop an information security plan;
    •     Maintain an inventory of all assets and report it to the national cybersecurity authority;
    •     Prepare annual information security reports and submit them to the relevant authority;
    •     Conduct a risk assessment for all assets that ensure the continuity of network and information system operations.
      •
    •     Report security incidents to the national authority as quickly as possible.
    Each EU country implements these requirements through national legislation, adapting the framework to its specific context while ensuring alignment with the overarching European directive.

NEED HELP?

We work with you to produce all the necessary documentation related to the European Directive 2019/881, ensuring compliance within the scope of the Cybersecurity Certification Framework. Our deliverables include:

  •     ASSET INVENTORY
  •     RISK ASSESSMENT REPORT
  •     REVISED SECURITY PLAN
  •     INCIDENT RESPONSE
  •     ANNUAL REPORT

OUR SUPPORT

Our expert consultants have extensive experience in helping institutions ensure compliance with the requirements of EU cybersecurity regulations.
For each component, we will provide detailed guidance and, upon request, an effort estimate so you can choose the best approach based on your organization's maturity level.

If you are unsure about your current level of compliance, we offer full support across all phases (detailed above) or a preliminary cybersecurity compliance audit based on the European Directive 2019/881.


CONTACT US FOR + INFORMATION

ASSET INVENTORY

WeSecure provides full support in the asset inventory process, regardless of your current status.
All information and communication systems, equipment, and other physical and logical resources considered essential, which directly or indirectly support one or more services of your organization, are considered assets.
The essential assets for the provision of your organization's services will constitute the necessary inventory deliverable to demonstrate compliance, which, once finalized, will be signed by the security officer of your organization.

The asset inventory will be structured according to European cybersecurity compliance guidelines and best practices.

RISK ASSESSMENT

WeSecure will support the entire risk assessment process.
To ensure the required deliverable (Risk Assessment Report), WeSecure will first review any existing risk assessments, if available.
If no risk assessments exist, the process will be initiated.
To achieve this, WeSecure proposes a process-driven risk management implementation, enabling your organization to make prioritized and informed decisions in the context of cybersecurity.
Your organization's risk management will be conducted in a systematic and improvement-driven approach, allowing you to identify, quantify, and establish priorities based on risk acceptance criteria and relevant objectives.

Thus, Information Security Risk Management, based on the ISO/IEC 27005 standard, will follow these phases:

  •     1. Establishing the Context
  •     2. Risk Assessment
  •     3. Risk Treatment
  •     4. Risk Acceptance
  •     5. Communication and Consultation
  •     6. Risk Monitoring and Review


RELATORIO CNCS

CONTACT US FOR + INFORMATION

REVISED SECURITY PLAN

Your organization's Security Plan will be reassessed by WeSecure if it already exists.
Otherwise, it will be created to include network and information security measures.
In any case, it will be kept up to date, as required by law, and will include:

  •     The security policy, a description of organizational measures, and human resources training;
  •     A description of all measures adopted regarding security requirements and incident reporting;
  •     Identification of the security officer;
  •     Identification of the permanent contact point.

ANNUAL REPORT

WeSecure will assist in preparing the annual cybersecurity compliance report, which should be submitted to the relevant national authority by the last working day of January of the following calendar year.
This report will follow the structure defined by the applicable European regulations and national implementations.

CYBERSECURITY INCIDENT REPORTING

NATIONAL CYBERSECURITY AUTHORITY
The submission of incident notifications and relevant additional information must be done in accordance with the guidelines set by the competent national cybersecurity authority in each EU Member State.

Most national authorities provide an online portal, API integration, or email-based submission methods for reporting cybersecurity incidents. If an entity is technically unable to use the standard methods, alternative reporting options may be available.
If you need assistance, WeSecure will provide support through our specialized CSIRT team.

ROLE COMMUNICATION

The designated security officer and permanent contact point must be reported to the relevant national cybersecurity authority, following the specific procedures established in each country.
Note that the same person can fulfill both roles, provided they can ensure continuous availability, 24/7, for the permanent contact point.

CONTACT US FOR + INFORMATION

EXPERIENCED TEAM

SMEs, public government entities in Portugal, and operators of critical infrastructures and services rely on our experience to support them in the implementation and/or certification according to the international standard ISO/IEC 27001:2022.

We have specialized resources available to work in this area in a senior team, using agile methodologies and holding international certifications, including but not limited to:

  • ISO 27032 Lead Cybersecurity Manager
  • ISO 27001 Lead Auditor
  • ISO 27701 Lead Auditor
  • ISO 22301 Lead Auditor
  • ISO 22301 Lead Implementer
  • ISO 27001 Lead Implementer
  • ISO 27005 Senior Lead Risk Manager
  • Certified Information Security Manager
  • Certified Information Privacy Manager
  • Certified Information Privacy Professional
  • Internationally certified DPOs

YOUR TRUSTED PARTNER

We are certified by international standards:

  • ISO 27001 (since 2018)
  • ISO 9001 (since 2003)
And all the areas of our certifications focus precisely on our specialized services.

With pride, our clients impartially testify to our work.
Know who they are and talk to them.
It's common in cybersecurity...
We're here for you.

Recursos certificados em ISO 27001 Lead Auditor Recursos certificados em ISO 27001 Lead Implementer Recursos certificados em ISO 27005 Cyber Risks Recursos certificados em ISO cybersecurity Lead manager Recursos certificados em ISO 22301 Lead Auditor Auditor certificado em Sistemas de Gestão de Privacidade da Informação Recursos certificados em Privacidade e Proteção de Dados Recursos certificados em Privacidade e Proteção de Dados Recursos certificados em Cobit Recursos certificados em ITIL Recursos certificados em Privacidade e Proteção de Dados Recursos certificados em Privacidade e Proteção de Dados Recursos certificados em Privacidade e Proteção de Dados Recursos certificados em Privacidade e Proteção de Dados Recursos certificados em Agile Recursos certificados em Agile Recursos certificados em PMI Recursos certificados em Management 3.0 Recursos certificados em CISM - ISACA Recursos certificados internacionalmente

SEE MORE:

GDPR CONSULTING, IMPLEMENTATION, AND AUDIT  DPO AS A SERVICE  GRC  IMPLEMENTATION AND CERTIFICATION OF ISMS ISO 27001  GDPR PLATFORM  ICS PENETRATION TESTING / PENTESTS / TECHNICAL AUDITS  BUSINESS CONTINUITY MANAGEMENT SYSTEM: ISO 22301  GOVERNANCE, RISK & COMPLIANCE  LEGAL REGIME FOR CYBERSPACE SECURITY (DL 65/2021)  DIGITAL FORENSIC ANALYSIS LAB  SOFTWARE RGPD  ISO 27701 EXTENSION TO ISMS  DIGITAL FORENSIC AUDITS  GENERAL REGIME FOR CORRUPTION PREVENTION - RGPC  ISMS SOFTWARE  ISO 27001:2022  CLOUD SECURITY REVIEW  ATSG  INCIDENT RESPONSE SERVICE  RISK & OPPORTUNITY ASSESSMENTS  WHISTLEBLOWING CHANNEL  RCM 41/2018  SECURITY WALL  RGPC  QNRCS  CSIRT  ISO 27005  NIST CSF  CIS CSC  TISAX  Virtual CISO / vCISO / CISO AS A SERVICE  SOURCE CODE REVIEW  GISG  PCI-DSS  SECURE SOFTWARE DEVELOPMENT  CYBER RISK MITIGATION  CYBERSECURITY AWARENESS  CLOUD PENTESTING SERVICES  LEGAL COMPLIANCE AUDIT AND ASSESSMENT  IMPLEMENTATION & CERTIFICATION OF PIMS ISO 27701  PENETRATION TESTING AND GDPR  EU DIRECTIVE 2019/881  DIGITAL MATURITY SEALS  CYBERSECURITY CERTIFICATION  . . . 

Contact us

Contact us for more information

SUCCESS!!! Your message has been successfully sent. Thank you!

WESECURE HEADQUARTERS

Rua Soares dos Reis, nº765 - 3
4400 - 317 Vila Nova de Gaia
PORTUGAL

Contacts

+351 932 942 002

+351 223 744 827

(Call charges may apply)

Email

info@wesecure.pt
or

wesecure@roboyo.pt

WE HAVE OFFICES IN 14 COUNTRIES AROUND THE WORLD. Come visit us at:

Offices in 14 countries
Back