Krajowy System Cyberbezpieczeństwa
Kokpit zgodności KSC
Wymaganie po wymaganiu. Nie arkusz kalkulacyjny.
NIS2 Art. 21 definiuje dziesięć minimalnych środków bezpieczeństwa, które musi wdrożyć każdy podmiot objęty dyrektywą. Compliance Cockpit mapuje kontrole Twojej organizacji względem tych środków w sposób ciągły – czerpiąc z aktualnych danych z całej platformy.
Zakres:
- Analiza luk środek po środku z Art. 21: polityki, kontrola dostępu, obsługa incydentów, BCM, łańcuch dostaw, szyfrowanie, bezpieczeństwo kadrowe, MFA, zarządzanie aktywami, zarządzanie podatnościami
- Status kontroli aktualizowany automatycznie wraz ze zmianami w źródłowych rejestrach – rejestrze ryzyk, dzienniku incydentów, ocenach dostawców, BIA
- Pakiet raportowy dla zarządu: NIS2 Art. 20 wymaga, aby organy zarządzające zatwierdzały środki bezpieczeństwa i nadzorowały ich wdrożenie. Cockpit generuje ścieżkę dowodową dla governance
- Eksport gotowy dla regulatora – dla CSIRT, nadzoru sektorowego i audytu wewnętrznego
NIS2 Supply Chain Risk
NIS2 explicitly requires covered entities to address cybersecurity in their supply chain – including security practices of direct suppliers and service providers. This is not a checkbox. Supervisors are asking for evidence of ongoing supplier assessment, not a one-time due diligence exercise.
What BCMLogic Next manages:
- Supplier cybersecurity assessment: structured questionnaires aligned with ENISA guidelines on ICT supply chain security
- Criticality classification: which suppliers affect essential services, which handle sensitive data, which have access to your infrastructure
- Continuous monitoring: assessment status, contract review dates, identified gaps, remediation tracking – all in one register
- Subcontractor visibility: who your critical suppliers depend on, and whether those dependencies introduce concentration risk
- Integration with the Compliance Cockpit: supply chain gaps automatically reflected in your Art. 21 compliance posture
NIS2 Incident Reporting
24 hours to notify. 72 hours for the initial report. 1 month for the final report. The clock starts immediately.
NIS2 Art. 23 introduces strict incident notification timelines. An early warning to the relevant CSIRT within 24 hours of becoming aware of a significant incident. An initial notification within 72 hours. A final report within one month. Missing these deadlines is itself a reportable failure.
BCMLogic Next automates the reporting workflow from detection to submission.
How it works:
- Incident classification engine: AI-assisted triage against NIS2 significance thresholds – impact on service continuity, number of affected users, financial loss, reputational damage
- Automatic timeline tracking: from first detection, the system tracks each reporting deadline and alerts responsible owners
- Structured notification templates: pre-filled with incident data already in the system, aligned with ENISA reporting format and national CSIRT requirements
- Escalation logic: incidents that cross significance thresholds trigger automatic notification workflow to CISO and designated NIS2 reporting officer
- Full audit trail: every classification decision, every notification, every status change – timestamped and signed