Presumption of Conformity to NIS2 can be obtained through CyberFundamentals verification (assurance levels BASIC and IMPORTANT), CyberFundamentals certification (assurance level ESSENTIAL) or ISO/IEC 27001 certification (provided the scope and Statement of Applicability is found acceptable by the CCB). 

Conformity against the requirements of the respective assurance levels in the CyberFundamentals Framework will be assessed according to the requirements set out in the CyberFundamentals Conformity Assessment Scheme (CAS).

Conformity assessments in a NIS2 context (though CyFun® or ISO/IEC 27001) shall be performed by an accredited and authorised conformity assessment body.

Accreditation of a conformity assessment body is done according to EU Regulation 765/2008 setting out the requirements for accreditation and market surveillance, unless otherwise determined by the Belgian legislation. Accreditation requests can be addressed to the National Accreditation Body (BELAC for Belgium) according to the applicable procedure.

The authorisation for all conformity assessment bodies operating in a NIS2 context is provided by the CCB as National Cybersecurity Certification Authority (NCCA). Accreditation is one of the requirements for authorisation.

Image
cyber_at_work.jpg