Nord Energi is a utility company that supplies approximately 100,000 installations with electricity and distributes fiber networks to approximately 127,000 households.
Nord Energi owns and operates the electricity and fiber network in Vendsyssel – a region in North Jutland – and is classified as critical infrastructure.
This means that Nord Energi, also due to the size of the company, has been subject to stricter cyber security requirements since the NIS1 directive was published:
“Since the introduction of NIS1, it has become routine for us to report on our IT contingency plans. The contingency plans are approved by the Danish Energy Agency and the Center for Cyber Security, respectively.”
IT Manager at Nord Energi
Jane Knudsen is IT Manager at Nord Energi and is responsible for IT security preparedness and GDPR.
Jane Knudsen already had experience working in a structured way with preparedness work from the Danish Energy Agency due to Nord Energi’s core business and GDPR, which came into force in 2018. And from this experience, she also knew that it was crucial to be at the forefront of new directives such as NIS2.
The NIS2 Directive aims to protect critical infrastructure and EU citizens from cyber attacks. In doing so, NIS2 sets out a series of minimum requirements to strengthen cybersecurity in the EU.
As soon as the NIS2 Directive began to simmer, Nord Energi started the preparatory work.
But in a busy day-to-day life with a focus on growth, Nord Energi also sought to meet the NIS2 requirements in the most efficient way possible. Therefore, it was about finding a balance between cutting to the bone and at the same time not compromising on all the preparatory work that would ensure Nord Energi’s NIS2 compliance.
Jane Knudsen knew that Nord Energi could find that balance through ComplyCloud.
“When implementing GDPR, we decided to use ComlyCloud’s software solution to help us comply with the regulations. The annual cycle of work in this ensures that we review documents and other materials in an easy and simple way.”
As Jane Knudsen was already working efficiently and determined with GDPR in ComplyCloud, she asked if they could also solve her NIS2 challenges – both in preparation and in the future. And they could.
The NIS2 Directive requires that companies document new IT security policies and procedures, among other things. With ComplyCloud, Jane Knudsen could now be guided through the entire process and prepare the necessary NIS2 documentation without legal assistance:
“It’s great that we’re automatically assigned tasks every month in the platform. It’s easy and straightforward, and it gives you peace of mind knowing that the documentation is in place.”
She also appreciates the fact that she can show an overall compliance overview from one platform, as well as the tasks that have been solved in connection with the preparatory NIS2 work.
To top it off, Jane Knudsen highlights that the time-saving element makes a world of difference in her everyday life:
“Now, I only spend 3-4 hours a month on IT-compliance thanks to ComplyCloud. And it doesn’t take time away from all my other tasks.”
Jane Knudsen is still working on the preparatory work for NIS2, guided by ComplyCloud’s award-winning software and legal advice.
Want to learn more about how we can also help your organization become NIS2 compliant before the NIS2 Directive is implemented by law in October 2024? Set up a meeting with us here.