The Network and Information Systems (NIS) Directive (EU 2016/1148) is the first cybersecurity law to cover the entire the European Union, and is intended to boost the overall cybersecurity level for critical infrastructure in the EU.
IBM maintains standard technical and organizational measures appropriate and proportionate to manage the risks posed to the security of network and information systems. This includes a security monitoring program and a global incident response process to respond to cybersecurity threats and attacks. In addition, IBM utilizes a combination of online training, educational tools, videos and other awareness initiatives to foster a culture of security awareness and responsibility among its workforce. More information on these technical and organizational measures is available in IBM certifications and audit reports such as ISO 27001 and SOC 2.