With the new NIS2 directive on the horizon, HSE was one of many companies in need of a clear picture of how its current cybersecurity efforts aligned with the new directive.
The need for a clear direction
With the NIS2 directive placing greater demands on information and cyber security, the HSE wanted to identify its current position and identify any gaps in its work in order to work effectively and strategically going forward. Their aim was to map how well the business was complying with the new requirements, as well as get recommendations to close any gaps and ensure a robust security structure.
Working together for greater clarity
The company chose to carry out a GAP analysis to ensure that their work on cybersecurity and information security was in line with the requirements of the NIS2 Directive. Two of our subject matter experts, Beatrice Orback and Marcus Skymne, provided expertise in both regulatory and technical cybersecurity. By combining knowledge from different areas, the project was carried out with a focus on creating clear insights and concrete actions for the business.
A structured process focused on insights
Over the course of just over two months, a comprehensive GAP analysis was carried out. The project included:
- Mapping of existing procedures and systems: By analyzing the HSE's management system and cybersecurity measures, strengths and potential areas for improvement were identified.
- Link to ISO27001: The GAP analysis integrated international standards to provide a solid basis for further work.
- Recommendations for action: In addition to identifying gaps, the HSE received concrete suggestions on how to address them effectively.
The result: A clear way forward
At the end of the project, a detailed report was presented that contained concrete recommendations for HSE's further work to fulfill both the NIS2 directive and ISO27001.
Cecilia Jacobsson, Business Area Manager, Plantvision Technology, underlines the importance of GAP analysis:
"A GAP analysis gives companies a clear overview of where they stand today, what their strengths are and what actions are needed to meet future requirements. It is a crucial part of building a strategic and sustainable cybersecurity program."
Success through cooperation
By bringing together insights from multiple disciplines and applying a well-structured working methodology, the project team succeeded in providing Hermes Medical Solutions AB with a holistic perspective and a solution that was both sustainable and effective. The analysis gave the organization the tools they needed to strengthen their cybersecurity efforts and meet the requirements of the NIS2 directive in a strategic way.
The key words for the success of this project?
Competence, technical expertise and a deep understanding of regulations. The fact that HMS also provided the team with excellent conditions naturally contributed to the successful delivery.
An investment in the future of cybersecurity
Performing a GAP analysis not only provides insights into where the business is today - it creates a strategic foundation for future cybersecurity efforts. By identifying and prioritizing the necessary actions, companies like HSE can strengthen their security, meet regulatory requirements and build trust with customers and partners.
"The GAP analysis gave us a clear picture of our cyber security and concrete measures to meet the NIS2 requirements. It has been valuable input to strengthen our security structure and future-proof our business", says Hanne Grinaker, Chief Quality and Regulatory Officer, Hermes Medical Solutions AB.
Beatrice Orback, Project Manager at Plantvision, concludes:
"It is crucial to see cybersecurity as an integral part of the business. With a GAP analysis, we lay the foundation for a strategic and proactive way of working - and that's where the future lies."
We at Plantvision thank Hermes Medical Solutions AB for a rewarding collaboration and look forward to following their continued journey in medical device manufacturing!
Find out more about the impact of NIS2 on your business and why commissioning a GAP analysis can be a smart, strategic decision.
