top of page

NIS Directive Advisory

Call on experts flexibly for the more delicate elements, to be sure you have a favorable audit opinion!

Implement the NIS Directive and Law 362 intelligently!

Compliance with the NIS Directive and Law 362 / 2018 can be simple and fast if you work with correct advice! No one knows the organization better than you!

Only the field of cyber security is a niche one, requiring approved expertise.

Call on experts flexibly for the more delicate elements, to be sure you have a favorable audit opinion!

Flexible consulting line

Build according with Law 362 / 2018 intelligently, being guided by people with extensive experience in cybersecurity and compliance. 
Depending on the level of maturity, we build you a flexible consultancy package, so that we can help you with the delicate elements. 

We evaluate the level of compliance with the law

We analyze the specific security documentation and help you with recommendations for optimizing the security management system.
The structure and form of the work documentation are optimized.
We point out which processes are missing or which can be optimized
We implement new technical or organizational measures.

Implement the basics

We analyze or build the architecture of the information system
We will inventory the configurations of the computer systems (component, version, interactions between elements)
We analyze the flow of information and work processes
We analyze the technical configurations for the relevant information systems, and we audit them with the recommendations of the manufacturer or reference architectures. 
Threat and vulnerability matrix analysis 
provide a table of risks with impact levels 

Implement refinements 

We consult you to optimize the elements of finesse
Build with us a unitary and coherent system of general policies, adjusted and optimized work processes, but also new organizational measures (working procedures) in the field of information security
Select technical elements, perform guided  technical reconfigurations and optimizations of technical architectures.
We assist you in implementing security monitoring and response processes and solutions
We assist you in dealing with the Romanian state and certified auditors

Why us?

european-union-flag.jpg
We are authorized

Sectio Aurea is a DNSC certified auditor for
NIS Directive
CLE / 8020 series 

People on a Boat
The fundamental method

we have a very high quality standard of audit activity.

The Sectio Aurea audit team received praise and recommendations for the attention it showed in the audit missions

Wooden Billets
Flexibility

we have people with experience in the field, we understand the IT business and understand the context. We are not rigid.

Certificari
Skills

Our Team - Your Cybersecurity Experts

The team consists exclusively of professionals with an average of over 10 years of experience, coming from complex and mature organizational environments.

With Sectio Aurea, you gain not only services, but trusted partners in cyber security.

Testimonials

NIS Directive Audit
NIS Directive Consulting

What else would you be interested in?

Complete documentation for compliance with the Law 362 
Operational Policies and Procedures and documents for audit records that meet the requirements of the law for 67 auditable control indicators
Documentation updated with the latest legislation
100% editable documentation

Do you think you are ready to prove your compliance with Law 362?

Sectio Aurea is a DNSC certified auditor for the NIS audit. 

We have 4 auditors in the team and we can scale up to 8 through our strategic partners. 

We are authoritative voices in the field of NIS law. 

DSC03918.jpg

Madalin Bratu, founder of Sectio Aurea, with a professional experience of 20 years in IT. His experience covers a wide range of fields, from cybersecurity and IT service management to process management, hardware and software maintenance, and advanced consulting in secure information governance.

Madalin Bratu spent a decade working at IBM, where he contributed to some of the most sophisticated service projects in Central and Eastern Europe. He played a key role as Global Portfolio Manager for Cybersecurity Services at Atos - Eviden, one of the leading multinationals in the field of cybersecurity, managing global cybersecurity projects in areas such as identity management and cloud security. His experience also includes valuable contributions to local companies, such as Safetech Innovations, one of the most dynamic cybersecurity firms in Romania.

Through Sectio Aurea, he offers unique, flexible, and relevant services. The company's business model, refined over nearly 5 years, is based on an innovative concept - that of microservices. Madalin is accompanied by a carefully selected team of experts and authoritative voices in the field of cybersecurity (CISO, DPO, CIO, architects), with whom he has built a healthy professional relationship through successful projects. This relationship has led to the optimization of an innovative delivery method (microservices in audit and consulting). These experts are actively involved in solving the challenges you face, ensuring customized and high-quality solutions.

 

Madalin has served many clients as a consultant in the implementation of the NIS Directive across various sectors (water companies, banking, utilities) but has also participated as a certified NIS auditor in various audit missions in complex or difficult-to-analyze environments. Most of his clients recommend him from the level of general director to IT Managers, Security Managers, and technical managers.

Image by Guillaume Périgois

About the European NIS Directive and Law 362/2018

As of January 12, 2019, the NIS Directive (EU Directive 2016/1148 of the European Parliament and of the Council of 6 July 2016) was adopted by Law no. 362/2018 by the Romanian Parliament.
Its aim is to achieve a high common standard for network and information security in all Member States of the Union that provide essential services to society.
As services increasingly rely on IT network infrastructures, these measures are aimed at strengthening the readiness of EU states to respond to cyber security threats, thus leveraging their overall confidence in the digital single market.
Therefore, the NIS Directive is an essential European regulation that ensures the sustainability of the new digital economy.

Is the NIS Directive addressed to you?
YES. If you have a business in the following sectors of activity and meet certain indicators

Energy
Transport
Banking
Financial market infrastructures
Supply and distribution of drinking water
Digital infrastructure
Online markets
Search engines
Health
Cloud computing

What are your obligations?

Implement the minimum security requirements according to the law.
Prepare and implement in the business a structured system of policies, procedures, regulations
Continuous (permanent) monitoring of the level of security and interfacing with the authorities 

December 17, 2020

Performing a classification analysis as an essential service operator (OSE)
Registration in the Register of Essential Service Operators (ROSE)
Self-declaration on compliance with the law
Documentation of self-assessment of compliance with minimum security requirements

2 years since enrolling in ROSE

Implement minimum security requirements in line with industry best practices.
Preparation of audit indicators auditable by the state and by authorized auditors. 
Performing risk analysis, Implementing security procedures and policies in the organization, implementing an appropriate set of technologies.
COMPLIANCE AUDIT. 

Penalties for non-fulfillment of legal obligations

Up to 5% of YOUR TURNOVER

For more information we recommend the following

CERT-RO_banner.png
ec.png
bottom of page