themselves suitably ‘ incentivised ’ to begin planning seven-figure , multi-year transformation programmes .

Scope

The six key areas covered by the Act and its supplementary regulations include :

• Network Security : Redesigning networks so that they are more secure , stopping any would-be attack on one part of the network from affecting another .

• Infrastructure-as-Code : Operational practices should be automated wherever possible , with any manual administration creating an alert .

• Security Patching : Patches must be implemented within 14 days and services relating to network oversight functions rebuilt every 24 months – including both the operating system and app software .

• Observability : Providers must automate monitoring and analysis of security critical functions , ensuring that all data is held securely for at least 13 months .

• Supply Chain : There is a marked change in how providers select , manage and work with any third parties . They will be expected to retain sufficient in-house expertise to re-tender their managed services arrangements ( including public cloud ) at any time .

• National Security : Providers must ensure they are able to identify the risks of security compromises occurring and be able to operate the network without relying on services from outside the UK .

It is also important to note that this is just the beginning ; the Act is clearly a step-change in the expectations put upon providers and we should expect future revisions

www . intelligentcio . com INTELLIGENTCIO EUROPE 51