EMERA Group: NIS2 compliance & CISO as a Service

Home > Cas Clients > EMERA Group: NIS2 compliance & CISO as a Service

Find out how Netsystem supported the EMERA Group in achieving NIS2 compliance & with an ongoing RSSI as a Service service.

Context & objectives

Emera is a major player in the field of accommodation and services for seniors (nursing homes, EHPAD, senior services residences, etc.) in Europe. At a time of digital transformation in the healthcare and medico-social sector, Emera handles sensitive data (personal, medical, etc.) and relies on critical infrastructures to guarantee continuity of service and the security of its residents.

Faced with the entry into force of the NIS2 (Network and Information Systems Directive 2) and the rapid evolution of cyber threats, Emera wants to strengthen its regulatory compliance and have a robust cybersecurity organisation.

Business challenge

Compliance with regulatory and sectoral obligations
Ensuring compliance with NIS2, RGPD and other health/medico-social standards.
Maintaining the trust of patients, families and institutional partners.

Protecting critical data and systems
Securing medical information systems (patient records, teleconsultation tools), as well as cloud and on-premises infrastructures, and guaranteeing the availability of essential services (access to medical data, devices connected to the institution).

Managing cyber security and pooling resources
The need for expert cybersecurity skills in a complex, geographically distributed environment.
Cost control and operational flexibility via a CISO as a Service model.

Improving cyber culture
Raising awareness and training all staff, from medical to administrative, to reduce human risk.
Adapt training and protocols to the different professions and responsibilities within Emera.

Response & method

Compliance with the requirements of the NIS2 directive and anticipation of regulatory changes.
Setting up effective security management with an outsourced CISO (CISO as a Service).
Strengthening the protection of sensitive data (medical and personal) and securing critical infrastructures.
Developing a culture of cybersecurity shared at all levels of the organisation.
Implementing third-party management in line with NIS2 requirements.
Preparing the organisation for cyber crisis management to ensure business continuity (BCP/ERP).

Key success factors

Mastery of regulatory issues

In-depth knowledge of the NIS2 directive and seamless integration of other current legislation (RGPD, medico-social regulations); ability to anticipate legislative changes and adjust security policy on an ongoing basis.

Sector expertise

Experience in the healthcare/silver economy sector, guaranteeing a detailed understanding of the risks associated with medical data and service continuity.
Tailor-made approach for retirement homes, combining regulatory compliance with human imperatives.

Flexible, efficient model

CISO as a Service for global, shared and agile management, adapted to changes in the threat and Emera’s needs.
Dedicated Service Centre ensuring greater responsiveness and better coordination between all stakeholders.

A people-centred approach

Targeted training and awareness-raising, taking into account differences in digital culture and business constraints.
Close collaboration with care, administrative and technical teams to ensure smooth adoption of best practices.

Continuous improvement

Regular measurement of cyber maturity and monitoring of key KPIs (number of incidents, response time, percentage of staff trained, etc.)
Constant adaptation of the roadmap in line with the results of audits, feedback and changes in the threat landscape.