NIS2 compliance statement for
Console Connect

Console Connect is deeply committed to providing secure and reliable network services for our partners and customers. Recognizing the increasing importance of network and cybersecurity in protecting essential services and fostering customer trust, we adhere to the principles and guidelines of the NIS2 Directive. Once implemented by the member states, NIS2 represents a significant step forward in strengthening the security posture of organizations across the EU, contributing to a more resilient digital landscape. It is a key element of the EU’s updated cybersecurity framework for electronic communications, critical infrastructure, data protection and e-privacy.

Scope of NIS2 compliance

Console Connect understands it is an “important” rather than an “essential” entity under NIS2, and we recognize the directive’s significance and strive to align our network and information security practices as an important entity with its obligations. As a provider of digital infrastructure and connectivity solutions, we understand that our services play a vital role in supporting organizations that may fall under the scope of NIS2. Thus, maintaining a high level of network and cybersecurity is paramount to our operations. We also consider that some of our larger enterprise customers, including those in the public administration, may be considered Essential Entities and that our security posture contributes to meeting their regulatory obligations.

Key NIS2 requirements

Console Connect acknowledges the following key requirements of the NIS2 Directive as particularly relevant to our operations and our customers, taking account of state of the art standards:

    • Risk management:We employ a robust risk management framework, aligned with the principles of ISO 31000, continuously assessing and monitoring our security risks. This includes proactive identification and mitigation of vulnerabilities throughout our software lifecycle.
    • Security policies: Console Connect maintains comprehensive security policies addressing data protection, access control, incident response, and business continuity. These policies reflect our commitment to maintaining the confidentiality, integrity, and availability of our services.
    • Incident reporting: We have established clear procedures for reporting and managing security incidents, ensuring timely communication and response. Our dedicated security team constantly monitors our systems for signs of compromise and prioritizes addressing reported vulnerabilities.
    • Business continuity and disaster recovery: Console Connect has developed and regularly tests business continuity and disaster recovery plans to maintain service availability in the event of cyberattacks or disruptions. This includes data backups and robust systems for applying critical security updates.
    • Supply chain security: We recognize the importance of supply chain security and conduct thorough security audits of all software components, including commercial products and open-source projects, before deployment.

Console Connect’s NIS2 implementation

Console Connect has implemented the following measures to align with NIS2 obligations in proportion to our risk exposure as assessed, our size as well as incident likelihood and impact:

  • ISO 27001 certification: We are ISO 27001 certified for:
    – The development and operation of the Console Connect Web Application and API
    – The operation and provision of core network and system services to PCCW Global and its internal customers, and the management and operations of the SD-WAN service.
    This certification demonstrates our commitment to information security best practices and provides a strong foundation for NIS2 alignment.
  • Dedicated security team: We maintain a dedicated team of security professionals who continuously monitor our systems, manage security incidents, and ensure compliance with relevant standards.
  • Security audits and vulnerability management: We conduct regular security audits of our software and infrastructure and have robust processes for vulnerability management and remediation.
  • Data security: We prioritise data security, encrypting sensitive data in transit and at rest, implementing strong access controls, and maintaining regular backups.
  • Employee training: All our developers receive security training as part of their onboarding, reinforcing a security-focused culture across the organisation.
  • Incident response plan: We have a documented incident response plan and conduct regular exercises to ensure our readiness and responsiveness to security events.

For any inquiries regarding Console Connect’s security practices and NIS2 alignment, please contact [email protected].

Please note that this NIS2 Compliance Statement is current as of 06 November 2024 and may be subject to change to reflect evolving regulatory requirements and our ongoing security enhancements.