Cheops becomes first Belgian managed service provider to earn the NIS2 Essential label: what does this mean for you?

Cheops becomes first Belgian managed service provider to earn the NIS2 Essential label: what does this mean for you?

How do you know whether a managed service provider really has its cybersecurity in order? Not based on what a website says, but with a rigorous, independent audit. Cheops is the first Belgian managed services provider to earn the CyberFundamentals Essential label, better known as the NIS2 Essential label. This recognition shows that our approach to security also holds up in practice. What does it mean for you? Anneleen Vermeulen, Security Officer at Cheops, explains.

The CyberFundamentals Essential label is an official cybersecurity label from the Centre for Cybersecurity Belgium (CCB). It closely follows the principles of the European NIS2 Directive and confirms that an organisation manages cyber risks in a structured way.

The NIS2 Essential label is independent confirmation that cybersecurity doesn’t just work on paper, but is also applied day to day,'' explains Vermeulen. ''From risk management and access control to monitoring, incident management and business continuity: all essential processes are thoroughly assessed. An audit objectively demonstrates that we have our security processes under control. That gives customers the assurance that we deliver on our promises.

A logical next step

For Cheops, earning the label wasn’t a standalone project but a logical continuation of our existing approach to security. Thanks to our ISO 27001 certification, Cheops already had a high level of information security. “We first identified areas where we could still improve, then continued to refine a number of processes and broadened our analysis of potential risks,'' says Vermeulen. ''Over roughly four months, we implemented the final optimisations.”

During the process, risk analysis, documentation and processes were tightened up further. The Security Incident Response Plan (SIRP) and Cheops’s Business Continuity Plan were also updated so that they align even more closely with current threats. “That’s what I’m most proud of,” continues Vermeulen. “Our Security Incident Response Plan works particularly well. And the roll-out of the Cheops Security Operations Center is also a real achievement for the team.”

Security doesn’t stop after an audit

The NIS2 Essential label is valid for one year only. This means that every year organisations need to demonstrate that their security still meets the requirements.

That continuous improvement has been part of Cheops’s DNA for years. Every month we carry out thorough checks: we review vulnerabilities, access rights, business continuity and security processes, and we regularly run pentests. Any deviations are logged, assessed and addressed where necessary. In cybersecurity, standing still means falling behind. That’s why we keep evaluating and improving our processes.

  • Anneleen Vermeulen, CISO bij Cheops Technology

Business continuity as the foundation

Cybersecurity has climbed steadily up the agenda in recent years. Where NIS1 remained fairly abstract for many organisations, NIS2 has made cybersecurity a boardroom priority. Directors carry more responsibility and incidents are making the news more often than ever before.

Non-urgent operations at two Belgian hospitals recently had to be postponed because the servers holding patient records overheated. “That really shouldn’t happen these days,” says Vermeulen. “If one of our servers goes down, we switch to another environment within minutes. That business continuity is the real foundation.”

At the same time, cyber threats are on the rise. Ransomware, phishing and supply-chain attacks make it clear that organisations have to not only organise their own security, but also take a critical look at the parties they work with. For a managed service provider, that also means taking responsibility for its own environment. “We assess our suppliers, identify risks and regularly test our continuity plans. This limits the impact of any incident as much as possible.”

Confirmation of our ambition

The fact that Cheops is one of the first organisations in Belgium to earn the NIS2 Essential label underlines our choice to proactively invest in quality, expertise and cyber resilience. Not because regulation demands it, but because customers should be able to expect their IT partner to lead by example. The label is therefore not an end point, but the next step on a journey of ongoing improvement.

Want to know how your organisation can prepare for its NIS2 obligations, or how you can increase your cyber resilience?

Our security specialists are happy to help.

Contact us

Need more insights?

You want to stay current on how Cheops assists companies with their growth strategy? Our newsletters provide you with practical tips and tricks.