SOMI Systems a.s. provides analysis, processing, and implementation of cybersecurity measures required by Act No. 69/2018 Coll. on Cybersecurity and the NIS2 Directive.
We will prepare you for a cybersecurity audit - just as we have already prepared more than 120 organizations.
You can contact us at obchod@somi.sk or via the contact form at the bottom of the page.
Cybersecurity (Act No. 69/2018 Coll. on Cybersecurity + NIS2)
How to fight cyber threats and approach cybersecurity in a rational and effective way?
In practice, cybersecurity means developing and implementing security policies in a scope that corresponds to the requirements of the security measures required by Act No. 69/2018 Coll. on Cybersecurity.
Meeting regulatory requirements that define the level of security measures within organizations is a difficult task that places high demands on human and financial resources.
In addition to technical safeguards, knowledge and experience are the key factors for cyber resilience.
On January 1, 2025, an amendment to Act No. 69/2018 Coll. on Cybersecurity came into force, which:
- Comprehensively regulates the area of cyber and information security and expands the sectors of operators of essential services.
- It introduces basic security requirements and measures important for the coordinated protection of information, communication, and control systems.
- At the same time, it transposes the European Network and Information Security Directive (NIS2) into Slovak law.
Obligations under the Amended Act
By complying with the rules of NIS2 and the Cybersecurity Act, you will gain several significant benefits for your organization:
- prevention of financial losses
- support from the state and the National Security Authority (NBÚ)
- compliance with regulations
- improved reputation with customers and partners
- increased data and infrastructure security
- increased resilience to cyber threats
Comprehensive Cybersecurity Implementation and Audit Preparation Includes:
- checking compliance with cybersecurity requirements (GAP analysis)
- vulnerability testing, monitoring of local infrastructure
- preparation of documentation
- proposal of measures and processes to achieve compliance
- consulting on the implementation of measures and processes to eliminate cyber attacks
- design of tools for monitoring and evaluating cyber attacks
- training of employees in cyber security issues
- assistance during cybersecurity audits under Act No. 69/2018 Coll
- performance of the role of Cybersecurity Manager or Risk Management Manager
Essential Service Provider
The Act defines essential services and their operators. Essential services include banking, digital infrastructure, digital service providers, transport, energy, drinking water and wastewater, healthcare, public administration, food production and distribution, manufacturing enterprises, and research.
We have implemented cybersecurity (NIS2) in more than 100 organizations
(private sector, public and state administration, hospitals, water companies).
Within 12 months of the date of notification of inclusion in the register of essential service operators, the essential service operator is required to adopt and comply with general security measures at least to the following extent:
- organization and management of information security and cybersecurity,
- management of vulnerabilities and cyber threats,
- management of primary and supporting assets,
- management of asset owners and risk owners,
- management of events and cyber security incidents,
- business continuity management, backup, disaster recovery, and crisis management,
- security in the acquisition, development, and maintenance of networks, information systems, applications, and configurations,
- procedures for assessing the effectiveness of measures, compliance management, and control activities,
- cryptographic measures and principles for the use of cryptography,
- security and competence of human resources,
- identity and access management,
- security in the operation of networks and information systems,
- protection against malicious code and unwanted content
- system security, network security, and communication security,
- monitoring, recording, and reporting of events,
- physical security, environmental security, and management of end devices,
- protection of records, privacy, and labeling of information,
- supply chain security,
- procurement and use of certified products, services, and processes.
We offer risk analysis, preparation, and implementation of cybersecurity policies in accordance with Act No. 69/2018 Coll. and the NIS2 Directive, including full preparation for a cybersecurity audit.
An operator of essential services is required to verify the effectiveness of implemented security measures and compliance with legal requirements by conducting a cybersecurity audit within two years of being entered into the register.
Operators already registered will be automatically transferred to the new register established under the amended Cybersecurity Act.
If you identify as an operator of essential services, you are obliged to register within 60 days of the law's entry into force. The registration form can be found on the National Security Authority (NBÚ) website under 'Notification of entry into the register of operators of essential services'. If you are unsure whether the amendment to the law applies to you, please verify this on the NBÚ website using the 'Indicative tool for identifying an entity as an essential service provider'.
Who is affected by the NIS2 directive?
Benefits of Working with Us:
- Assurance of compliance with legal requirements - we track and apply all current updates.
- Clear recommendations and support for critical decisions - our certified CSMs are available to assist you.
- Ongoing support even after implementation - a broad team of experts is at your disposal.
- One-stop solution - no need to search for multiple vendors.
References and experience:
For more information on how to comprehensively address current cybersecurity threats, do not hesitate to contact us.