NIS2 Compliance with ITIL: Interview with Kaïs Albassir

Date: 15/07/2025| Category: Tips and Interviews| Tags:

NIS2 (Network and Information Security Directive 2) is a European Union directive that aims to enhance cybersecurity measures of organisations active across the EU introducing stricter cybersecurity requirements for a wider range of organisations, particularly those in critical infrastructure and essential services.

In our blog Kaïs Albassir, ITIL trainer and consultant, discusses how ITIL can help your organisation seamlessly adapt to GDPR, NIS2, and upcoming legal changes ensuring efficiency, security, and compliance with ease.

In our interview with Kaïs we explore how ITIL can support the implementation of NIS2 in your company.

Can you tell us what you do and how you came across NIS2? What is NIS2 and why is it important for IT professionals?

For the last 15 years, I have accompanied organisations in the implementation of the ITIL best practices. I came across NIS2 through concepts like Security Incidents, Configuration Management Database and others.

NIS2 is a European directive, in which Europe asks organisations to reinforce their cybersecurity posture so that they meet certain criteria. Information Security is a very important responsibility of IT professionals.

How can ITIL help companies in being compliant with NIS2?

The easiest road to NIS2 compliance is through an ISO27001 or a Cyber Fundamentals certification. To successfully pass such a certification, an organisation must be able to demonstrate its compliance with several requirements. Defining the scope of what an organisation protects is done through the ITIL Configuration Management practice.

Incident Management, another ITIL practice, enables organisations to be compliant with the NIS2 requirement to communicate any significant security incident to the national competent cyber security authority: in Belgium the Center for Cybersecurity Belgium (CCB) within 24 hours.

I recently came across these concepts more and more often in hospitals and other health organisations

What has been your experience working with hospitals that have to adapt to NIS2?

The ITIL maturity in hospitals varies strongly from one to the other. Some, mostly those linked to universities, are ISO27001 certified, which de facto ensures 80% of NIS2 compliance. In other hospitals, the maturity is often much lower, and even sometimes non-existent. Most hospitals are categorised as essential by NIS2 and must therefore respect the most severe criteria by April 2027.

Can you share some relevant examples from your experience with hospitals?

Hospitals are organised in departments like Radiology, Oncology, Childcare, etc. Experience shows that each one of these departments is in fact an SME by itself, with its manager and its own budget. It can be a challenge to convince the management of each of these SME’s to join the hospital’s efforts to meet the expected information security standards.

How can ITIL Practices like Configuration Management, Incident Management and Change Management support organisations in being NIS2 compliant?

Configuration Management will guide an organisation in setting up and maintaining the Configuration Management Database (CMDB). In this database, one finds all hardware, software, SaaS platforms, storage spaces and more used by the organisation. This is the answer to the NIS2 requirement to identify the scope of what we must protect.

In order to react to Security Incidents and respect NIS2 requirements, the first step is to catch all Incidents, differentiate Incidents from other things like Service Requests or Events and this is done through Incident Management.

NIS2 states explicitly that every modification to our IT environment must undergo security scrutiny. Implementing ITIL Change Management in your organisation will not only help you to catch every Change, but will also guide your team through an efficient handling process, without forgetting this essential step.

One of the main topics that is emerging is how AI can help with an ITIL workflow?

In a number of ways AI will smoothen the communication between the actors of a workflow and therefore facilitate interactions between individuals.

Smart chatbots can drastically improve the quality of capturing information when logging Incidents and Service Requests.

Risk assessment (at the heart of NIS2 and Change Management) can be partially automated, definitely sped up and certainly improved if your AI can lean on your CMDB.
And much, much more!

Are you interested in having a comprehensive overview of ITIL? Download our infographic “ITIL 4: The Big Picture” to have an overview on how ITIL can support your needs.

For more information visit our ITIL website page or contact us!

Kais Albassir

Kaïs Albassir

Trainer and Consultant for ITIL, IT Service Management and Prince2

As an ex-technical person, Kaïs can help your organisation to implement processes, to select the right set of tools, drive the implementation and train your employees, making sure that these best practices are adopted at every level of the organisation.

Share this post, choose Your platform!

Back to Articles

Categories

Tags

Newsletter

Subscribe to the QRP International neswletter and get all the news on trends, useful contents and invitations to our upcoming events.

* indicates required

At QRP International, we are committed to supporting your career. By signing up, you will receive updates on upcoming events, webinars, and workshops — as well as news on training opportunities, certification programs, and expert insights to help advance your professional development. Please confirm how you would like to hear from us:

You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices.