{"id":187610,"date":"2026-04-24T19:11:05","date_gmt":"2026-04-24T17:11:05","guid":{"rendered":"https:\/\/factorialhr.com\/blog\/?p=187610"},"modified":"2026-04-24T19:32:23","modified_gmt":"2026-04-24T17:32:23","slug":"checklist-nis2","status":"publish","type":"post","link":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/","title":{"rendered":"Checklist da diretiva NIS2: a sua empresa est\u00e1 preparada?"},"content":{"rendered":"<p id=\"p-rc_e01b0be9a2f2f87e-172\" data-path-to-node=\"0\"><span data-path-to-node=\"0,0\">A <a href=\"https:\/\/factorialhr.pt\/blog\/nis2-portugal\/\">diretiva NIS2<\/a> j\u00e1 n\u00e3o \u00e9 algo que est\u00e1 para chegar. <\/span><span data-path-to-node=\"0,2\"><span class=\"citation-737\">J\u00e1 est\u00e1 aqui. <\/span><\/span><span data-path-to-node=\"0,5\"><span class=\"citation-736\">Milhares de empresas e fornecedores em Portugal t\u00eam de se adaptar a requisitos de ciberseguran\u00e7a muito mais exigentes para proteger os seus sistemas e evitar poss\u00edveis san\u00e7\u00f5es. <\/span><\/span><\/p>\n<p data-path-to-node=\"0\"><span data-path-to-node=\"0,8\"><span class=\"citation-735\">O problema \u00e9 que enfrentar o texto legal nem sempre \u00e9 simples. <\/span><\/span><span data-path-to-node=\"0,11\"><span class=\"citation-734\">Para muitos respons\u00e1veis de TI ou diretores, passar da teoria \u00e0 pr\u00e1tica pode tornar-se confuso. <\/span><\/span><\/p>\n<p data-path-to-node=\"0\"><span data-path-to-node=\"0,13\"> Por isso, vamos simplificar. <\/span><span data-path-to-node=\"0,15\"><span class=\"citation-733\">A seguir, encontrar\u00e1 uma <\/span><b data-path-to-node=\"0,15\" data-index-in-node=\"25\"><span class=\"citation-733\">checklist NIS2 clara e pr\u00e1tica<\/span><\/b><span class=\"citation-733\">. <\/span><\/span><span data-path-to-node=\"0,18\"><span class=\"citation-732\">Inclui as 10 medidas-chave exigidas pela diretiva (baseadas no seu Artigo 21) explicadas passo a passo, para que possa avaliar a sua empresa, detetar falhas e come\u00e7ar a cumprir desde hoje mesmo.<\/span><\/span><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-173\" data-path-to-node=\"1\"><span data-path-to-node=\"1,1\"><span class=\"citation-731\">Resumo da <\/span><i data-path-to-node=\"1,1\" data-index-in-node=\"10\"><span class=\"citation-731\">checklist<\/span><\/i><span class=\"citation-731\">: as 10 medidas do Artigo 21 (NIS2)<\/span><\/span><\/h2>\n<table data-path-to-node=\"2\">\n<thead>\n<tr>\n<td><strong>N\u00ba<\/strong><\/td>\n<td><strong>\u00c1rea de Seguran\u00e7a<\/strong><\/td>\n<td><strong>O que deve ter pronto? <\/strong><\/td>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>1<\/strong><\/td>\n<td><strong>An\u00e1lise de riscos e pol\u00edticas<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-175\" data-path-to-node=\"2,1,2,0\"><span data-path-to-node=\"2,1,2,0,1\"><span class=\"citation-729\">Invent\u00e1rio de ativos, mapa de riscos atualizado e pol\u00edtica de seguran\u00e7a oficial. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>2<\/strong><\/td>\n<td><strong>Resposta a incidentes<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-176\" data-path-to-node=\"2,2,2,0\"><span data-path-to-node=\"2,2,2,0,1\"><span class=\"citation-728\">Plano de resposta, fun\u00e7\u00f5es\/comit\u00e9 de crise definidos e protocolo rigoroso de notifica\u00e7\u00e3o (24h\/72h\/1 m\u00eas). <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>3<\/strong><\/td>\n<td><strong>Continuidade do neg\u00f3cio<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-177\" data-path-to-node=\"2,3,2,0\"><span data-path-to-node=\"2,3,2,0,1\"><span class=\"citation-727\">Plano de continuidade manual\/limitado, c\u00f3pias de seguran\u00e7a imut\u00e1veis e plano de recupera\u00e7\u00e3o de desastres. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>4<\/strong><\/td>\n<td><strong>Cadeia de abastecimento<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-178\" data-path-to-node=\"2,4,2,0\"><span data-path-to-node=\"2,4,2,0,1\"><span class=\"citation-726\">Invent\u00e1rio de fornecedores cr\u00edticos, avalia\u00e7\u00e3o de seguran\u00e7a de terceiros e cl\u00e1usulas contratuais. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>5<\/strong><\/td>\n<td><strong>Desenvolvimento e manuten\u00e7\u00e3o<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-179\" data-path-to-node=\"2,5,2,0\"><span data-path-to-node=\"2,5,2,0,1\"><span class=\"citation-725\">Processo de gest\u00e3o de patches\/vulnerabilidades, pol\u00edtica de aquisi\u00e7\u00e3o segura e desenvolvimento seguro. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>6<\/strong><\/td>\n<td><strong>Avalia\u00e7\u00e3o de efic\u00e1cia<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-180\" data-path-to-node=\"2,6,2,0\"><span data-path-to-node=\"2,6,2,0,1\"><span class=\"citation-724\">Auditorias peri\u00f3dicas, testes de intrus\u00e3o (<\/span><i data-path-to-node=\"2,6,2,0,1\" data-index-in-node=\"43\"><span class=\"citation-724\">pentesting<\/span><\/i><span class=\"citation-724\">) e m\u00e9tricas de seguran\u00e7a para a dire\u00e7\u00e3o. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td><strong>Higiene cibern\u00e9tica e forma\u00e7\u00e3o<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-181\" data-path-to-node=\"2,7,2,0\"><span data-path-to-node=\"2,7,2,0,1\"><span class=\"citation-723\">Planos de forma\u00e7\u00e3o cont\u00ednua, simula\u00e7\u00f5es de <\/span><i data-path-to-node=\"2,7,2,0,1\" data-index-in-node=\"43\"><span class=\"citation-723\">phishing<\/span><\/i><span class=\"citation-723\"> e manual de boas pr\u00e1ticas di\u00e1rias. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>8<\/strong><\/td>\n<td><strong>Criptografia e encripta\u00e7\u00e3o<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-182\" data-path-to-node=\"2,8,2,0\"><span data-path-to-node=\"2,8,2,0,1\"><span class=\"citation-722\">Encripta\u00e7\u00e3o de dados armazenados (em repouso), encripta\u00e7\u00e3o de dados em tr\u00e2nsito e gest\u00e3o segura de chaves. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>9<\/strong><\/td>\n<td><strong>RH e controlo de acessos<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-183\" data-path-to-node=\"2,9,2,0\"><span data-path-to-node=\"2,9,2,0,1\"><span class=\"citation-721\">Pol\u00edtica rigorosa de admiss\u00f5es\/sa\u00eddas (<\/span><i data-path-to-node=\"2,9,2,0,1\" data-index-in-node=\"39\"><span class=\"citation-721\">onboarding<\/span><\/i><span class=\"citation-721\">\/<\/span><i data-path-to-node=\"2,9,2,0,1\" data-index-in-node=\"50\"><span class=\"citation-721\">offboarding<\/span><\/i><span class=\"citation-721\">), princ\u00edpio de privil\u00e9gio m\u00ednimo e gest\u00e3o de ativos. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td><strong>10<\/strong><\/td>\n<td><strong>Autentica\u00e7\u00e3o e comunica\u00e7\u00f5es<\/strong><\/td>\n<td>\n<p id=\"p-rc_e01b0be9a2f2f87e-184\" data-path-to-node=\"2,10,2,0\"><span data-path-to-node=\"2,10,2,0,1\"><span class=\"citation-720\">Autentica\u00e7\u00e3o multifator (MFA) obrigat\u00f3ria, comunica\u00e7\u00f5es internas encriptadas e canais de emerg\u00eancia alternativos. <\/span><\/span><\/p>\n<div class=\"source-inline-chip-container ng-star-inserted\"><\/div>\n<p>&nbsp;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr data-path-to-node=\"3\" \/>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-185\" data-path-to-node=\"4\"><span data-path-to-node=\"4,1\"><span class=\"citation-719\">1. Pol\u00edticas de an\u00e1lise de riscos e seguran\u00e7a da informa\u00e7\u00e3o<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-186\" data-path-to-node=\"5\"><span data-path-to-node=\"5,1\"><span class=\"citation-718\">O primeiro passo para cumprir a NIS2 \u00e9 conhecer as amea\u00e7as que enfrenta. <\/span><\/span><span data-path-to-node=\"5,4\"><span class=\"citation-717\">A diretiva exige que a ciberseguran\u00e7a deixe de ser algo improvisado e <\/span><b data-path-to-node=\"5,4\" data-index-in-node=\"70\"><span class=\"citation-717\">passe a estar formalmente organizada<\/span><\/b><span class=\"citation-717\">. <\/span><\/span><span data-path-to-node=\"5,7\"><span class=\"citation-716\">N\u00e3o basta instalar ferramentas de prote\u00e7\u00e3o; tamb\u00e9m precisa de ter claro o que est\u00e1 a proteger e sob que normas. <\/span><\/span><span data-path-to-node=\"5,10\"><span class=\"citation-715\">Para dar este ponto como conclu\u00eddo na sua <\/span><i data-path-to-node=\"5,10\" data-index-in-node=\"42\"><span class=\"citation-715\">checklist<\/span><\/i><span class=\"citation-715\">, certifique-se de ter o seguinte:<\/span><\/span><\/p>\n<ul data-path-to-node=\"6\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-187\" data-path-to-node=\"6,0,1\"><span data-path-to-node=\"6,0,1,0\"><b data-path-to-node=\"6,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-714\">Invent\u00e1rio de ativos:<\/span><\/b><span class=\"citation-714\"> conhecer exatamente que <\/span><i data-path-to-node=\"6,0,1,0\" data-index-in-node=\"46\"><span class=\"citation-714\">hardware<\/span><\/i><span class=\"citation-714\">, <\/span><i data-path-to-node=\"6,0,1,0\" data-index-in-node=\"56\"><span class=\"citation-714\">software<\/span><\/i><span class=\"citation-714\">, sistemas e dados cr\u00edticos a empresa gere. <\/span><\/span><span data-path-to-node=\"6,0,1,3\"><span class=\"citation-713\">Se n\u00e3o sabe o que tem, n\u00e3o o pode proteger.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-188\" data-path-to-node=\"6,1,1\"><span data-path-to-node=\"6,1,1,0\"><b data-path-to-node=\"6,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-712\">An\u00e1lise de riscos peri\u00f3dica:<\/span><\/b><span class=\"citation-712\"> contar com um mapa atualizado que identifique as vulnerabilidades dos seus sistemas e avalie o impacto real de um ciberataque nas opera\u00e7\u00f5es do neg\u00f3cio.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-189\" data-path-to-node=\"6,2,1\"><span data-path-to-node=\"6,2,1,0\"><b data-path-to-node=\"6,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-711\">Pol\u00edtica de seguran\u00e7a da informa\u00e7\u00e3o:<\/span><\/b><span class=\"citation-711\"> um documento oficial aprovado pela dire\u00e7\u00e3o que defina as normas e procedimentos para gerir e proteger a informa\u00e7\u00e3o no dia a dia da organiza\u00e7\u00e3o.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3><span data-path-to-node=\"8,0\"><b data-path-to-node=\"8,0\" data-index-in-node=\"0\"><span class=\"citation-710\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"8\"><span data-path-to-node=\"8,3\"><span class=\"citation-709\">Pense numa empresa m\u00e9dia de produ\u00e7\u00e3o e distribui\u00e7\u00e3o de bens alimentares em Portugal, um setor que a diretiva considera obrigat\u00f3rio. <\/span><\/span><span data-path-to-node=\"8,6\"><span class=\"citation-708\">Ao rever o seu invent\u00e1rio, identificam que o sistema industrial SCADA, encarregue de controlar as temperaturas das c\u00e2maras frigor\u00edficas, \u00e9 o seu ativo mais cr\u00edtico. <\/span><\/span><\/p>\n<p data-path-to-node=\"8\"><span data-path-to-node=\"8,9\"><span class=\"citation-707\">A an\u00e1lise de riscos mostra que, se um <\/span><i data-path-to-node=\"8,9\" data-index-in-node=\"38\"><span class=\"citation-707\">ransomware<\/span><\/i><span class=\"citation-707\"> afetasse esses sensores, a cadeia de frio seria quebrada, perder-se-iam toneladas de produto e a cadeia de abastecimento seria interrompida. <\/span><\/span><span data-path-to-node=\"8,12\"><span class=\"citation-706\">Para o evitar, a dire\u00e7\u00e3o aprova uma pol\u00edtica de seguran\u00e7a oficial que obriga a isolar a rede da maquinaria, de modo que n\u00e3o esteja ligada ao Wi-Fi dos escrit\u00f3rios, e pro\u00edbe a utiliza\u00e7\u00e3o de pens USB nos equipamentos da f\u00e1brica. <\/span><\/span><\/p>\n<h2 data-path-to-node=\"8\"><span data-path-to-node=\"10,1\"><span class=\"citation-705\">2. Protocolos de gest\u00e3o e resposta a incidentes<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-192\" data-path-to-node=\"11\"><span data-path-to-node=\"11,1\"><span class=\"citation-704\">Sofrer um ciberataque j\u00e1 n\u00e3o \u00e9 apenas um problema t\u00e9cnico. <\/span><\/span><span data-path-to-node=\"11,4\"><span class=\"citation-703\">Com a NIS2 \u00e9 tamb\u00e9m uma quest\u00e3o legal com prazos muito claros. <\/span><\/span><span data-path-to-node=\"11,7\"><span class=\"citation-702\">Quando ocorre um incidente grave n\u00e3o h\u00e1 margem para improvisar. <\/span><\/span><span data-path-to-node=\"11,10\"><span class=\"citation-701\">A diretiva exige que tenha definido como atuar desde o primeiro momento, quem lidera a resposta e a quem deve informar. <\/span><\/span><span data-path-to-node=\"11,13\"><span class=\"citation-700\">Para dar este ponto como conclu\u00eddo, a sua organiza\u00e7\u00e3o dever\u00e1 contar com o seguinte:<\/span><\/span><\/p>\n<ul data-path-to-node=\"12\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-193\" data-path-to-node=\"12,0,1\"><span data-path-to-node=\"12,0,1,0\"><b data-path-to-node=\"12,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-699\">Plano de resposta a incidentes:<\/span><\/b><span class=\"citation-699\"> um documento pr\u00e1tico que detalhe passo a passo como detetar, conter, analisar e resolver uma amea\u00e7a. <\/span><\/span><span data-path-to-node=\"12,0,1,3\"><span class=\"citation-698\">Por exemplo, isolar equipamentos infetados por <\/span><i data-path-to-node=\"12,0,1,3\" data-index-in-node=\"47\"><span class=\"citation-698\">ransomware<\/span><\/i><span class=\"citation-698\"> desde o primeiro momento.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-194\" data-path-to-node=\"12,1,1\"><span data-path-to-node=\"12,1,1,0\"><b data-path-to-node=\"12,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-697\">Fun\u00e7\u00f5es definidas e comit\u00e9 de crise:<\/span><\/b><span class=\"citation-697\"> deve ficar claro quem toma as decis\u00f5es-chave a n\u00edvel de neg\u00f3cio e quem se encarrega da resposta t\u00e9cnica, quer seja uma equipa interna ou um fornecedor externo.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-195\" data-path-to-node=\"12,2,0\"><span data-path-to-node=\"12,2,0,0\"><b data-path-to-node=\"12,2,0,0\" data-index-in-node=\"0\">Protocolo de notifica\u00e7\u00e3o:<\/b> aqui est\u00e1 uma das grandes mudan\u00e7as da NIS2. <\/span><span data-path-to-node=\"12,2,0,2\"><span class=\"citation-696\">N\u00e3o pode ocultar um incidente. <\/span><\/span><span data-path-to-node=\"12,2,0,5\"><span class=\"citation-695\">Precisa de um procedimento claro para notificar o <\/span><b data-path-to-node=\"12,2,0,5\" data-index-in-node=\"50\"><span class=\"citation-695\">Centro Nacional de Ciberseguran\u00e7a (CNCS)<\/span><\/b><span class=\"citation-695\"> dentro dos prazos estabelecidos:<\/span><\/span><\/p>\n<ul data-path-to-node=\"12,2,1\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-196\" data-path-to-node=\"12,2,1,0,0\"><span data-path-to-node=\"12,2,1,0,0,1\"><span class=\"citation-694\">Nas primeiras <\/span><b data-path-to-node=\"12,2,1,0,0,1\" data-index-in-node=\"14\"><span class=\"citation-694\">24 horas<\/span><\/b><span class=\"citation-694\">, \u00e9 enviado um alerta precoce desde que o incidente \u00e9 detetado.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-197\" data-path-to-node=\"12,2,1,1,0\"><span data-path-to-node=\"12,2,1,1,0,1\"><span class=\"citation-693\">Num m\u00e1ximo de <\/span><b data-path-to-node=\"12,2,1,1,0,1\" data-index-in-node=\"14\"><span class=\"citation-693\">72 horas<\/span><\/b><span class=\"citation-693\">, realiza-se a notifica\u00e7\u00e3o formal com uma primeira avalia\u00e7\u00e3o do impacto.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-198\" data-path-to-node=\"12,2,1,2,0\"><span data-path-to-node=\"12,2,1,2,0,1\"><span class=\"citation-692\">No prazo de <\/span><b data-path-to-node=\"12,2,1,2,0,1\" data-index-in-node=\"12\"><span class=\"citation-692\">1 m\u00eas<\/span><\/b><span class=\"citation-692\">, \u00e9 apresentado um relat\u00f3rio completo com o que ocorreu e as medidas aplicadas.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-199\" data-path-to-node=\"14\"><span data-path-to-node=\"14,0\"><b data-path-to-node=\"14,0\" data-index-in-node=\"0\"><span class=\"citation-691\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"14\"><span data-path-to-node=\"14,3\"><span class=\"citation-690\">Imagine uma rede de hospitais regionais em Portugal, dentro do setor da sa\u00fade, considerado Entidade Essencial. <\/span><\/span><span data-path-to-node=\"14,6\"><span class=\"citation-689\">Numa sexta-feira de madrugada, um <\/span><i data-path-to-node=\"14,6\" data-index-in-node=\"34\"><span class=\"citation-689\">malware<\/span><\/i><span class=\"citation-689\"> bloqueia o acesso ao sistema de processos cl\u00ednicos nas urg\u00eancias. <\/span><\/span><\/p>\n<p data-path-to-node=\"14\"><span data-path-to-node=\"14,9\"><span class=\"citation-688\">Seguindo o seu plano de resposta, a equipa t\u00e9cnica atua de imediato e isola os servidores afetados para evitar que a infe\u00e7\u00e3o se propague a outros centros. <\/span><\/span><\/p>\n<p data-path-to-node=\"14\"><span data-path-to-node=\"14,12\"><span class=\"citation-687\">Em vez de tentar geri-lo em sil\u00eancio, o respons\u00e1vel de conformidade ativa o protocolo. <\/span><\/span><span data-path-to-node=\"14,15\"><span class=\"citation-686\">Antes que passem 24 horas, envia um alerta precoce ao CNCS (atrav\u00e9s do CERT.PT). <\/span><\/span><span data-path-to-node=\"14,18\"><span class=\"citation-685\">Em menos de 72 horas, enquanto os sistemas j\u00e1 est\u00e3o a recuperar, realizam a notifica\u00e7\u00e3o formal com uma primeira avalia\u00e7\u00e3o e confirmam que o atendimento aos doentes n\u00e3o foi gravemente afetado. <\/span><\/span><\/p>\n<p data-path-to-node=\"14\"><span data-path-to-node=\"14,21\"><span class=\"citation-684\">Gra\u00e7as a uma resposta r\u00e1pida e transparente, n\u00e3o s\u00f3 controlam o incidente, como tamb\u00e9m evitam as san\u00e7\u00f5es que a lei portuguesa prev\u00ea em casos de oculta\u00e7\u00e3o.<\/span><\/span><\/p>\n<p data-path-to-node=\"14\"><div class=\"factorial-banner inline-banner banner-other category-nis2\"\n    data-banner-id=\"187216\"\n    data-banner-type=\"other\"\n    data-category=\"NIS2\">\n    <div class=\"banner-content\">\n        <div class=\"banner-text\">\n                            <h4>Prepare-se para a NIS2 com mais controlo e menos caos<\/h4>\n            \n                            <p>Centralize dispositivos, acessos e processos de IT num \u00fanico local para reduzir tarefas manuais e ganhar visibilidade operacional.<\/p>\n            \n                            <a href=\"https:\/\/factorialhr.pt\/nis2-factorial-it#factorial-it-demo-form-nis2\"\n                    class=\"factorial-cta-button not-prose freebie\" data-cta=\"other\" data-cta-position=\"inline-banner\">\n                    Saber mais                <\/a>\n                    <\/div>\n\n        <div class=\"banner-image has-image\">\n            <img decoding=\"async\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/04\/21114414\/PT-sidebar-1-nis-iso.png\" class=\"not-prose\" \/>\n        <\/div>\n    <\/div>\n<\/div><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-200\" data-path-to-node=\"16\"><span data-path-to-node=\"16,1\"><span class=\"citation-683\">3. Continuidade do neg\u00f3cio, c\u00f3pias de seguran\u00e7a e gest\u00e3o de crises<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-201\" data-path-to-node=\"17\"><span data-path-to-node=\"17,0\">A ciberseguran\u00e7a total n\u00e3o existe. <\/span><span data-path-to-node=\"17,2\"><span class=\"citation-682\">Mais cedo ou mais tarde, um ataque ou uma falha grave pode superar as defesas. <\/span><\/span><span data-path-to-node=\"17,5\"><span class=\"citation-681\">A diretiva NIS2 parte desta ideia e foca-se em algo fundamental: que <\/span><b data-path-to-node=\"17,5\" data-index-in-node=\"69\"><span class=\"citation-681\">a sua empresa seja capaz de continuar a funcionar<\/span><\/b><span class=\"citation-681\">, proteger o que \u00e9 cr\u00edtico e recuperar rapidamente sem depender de pagar aos atacantes. <\/span><\/span><span data-path-to-node=\"17,8\"><span class=\"citation-680\">Para dar este ponto como cumprido na sua <\/span><i data-path-to-node=\"17,8\" data-index-in-node=\"41\"><span class=\"citation-680\">checklist<\/span><\/i><span class=\"citation-680\">, dever\u00e1 contar com o seguinte:<\/span><\/span><\/p>\n<ul data-path-to-node=\"18\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-202\" data-path-to-node=\"18,0,1\"><span data-path-to-node=\"18,0,1,0\"><b data-path-to-node=\"18,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-679\">Plano de continuidade de neg\u00f3cio:<\/span><\/b><span class=\"citation-679\"> define como vai operar a empresa quando os sistemas falharem. <\/span><\/span><span data-path-to-node=\"18,0,1,3\"><span class=\"citation-678\">Inclui cen\u00e1rios em que seja necess\u00e1rio trabalhar de forma manual ou com servi\u00e7os limitados enquanto o incidente \u00e9 resolvido.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-203\" data-path-to-node=\"18,1,1\"><span data-path-to-node=\"18,1,1,0\"><b data-path-to-node=\"18,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-677\">C\u00f3pias de seguran\u00e7a imut\u00e1veis:<\/span><\/b><span class=\"citation-677\"> n\u00e3o basta fazer <\/span><i data-path-to-node=\"18,1,1,0\" data-index-in-node=\"47\"><span class=\"citation-677\">backups<\/span><\/i><span class=\"citation-677\">. <\/span><\/span><span data-path-to-node=\"18,1,1,3\"><span class=\"citation-676\">Devem estar isolados da rede principal e protegidos para que n\u00e3o possam ser modificados nem encriptados em caso de ataque.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-204\" data-path-to-node=\"18,2,1\"><span data-path-to-node=\"18,2,1,0\"><b data-path-to-node=\"18,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-675\">Plano de recupera\u00e7\u00e3o de desastres:<\/span><\/b><span class=\"citation-675\"> um guia t\u00e9cnico claro para restaurar sistemas e dados a partir das c\u00f3pias de seguran\u00e7a e voltar \u00e0 normalidade o mais rapidamente poss\u00edvel.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-205\" data-path-to-node=\"20\"><span data-path-to-node=\"20,0\"><b data-path-to-node=\"20,0\" data-index-in-node=\"0\"><span class=\"citation-674\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"20\"><span data-path-to-node=\"20,3\"><span class=\"citation-673\">Imagine uma empresa de gest\u00e3o e abastecimento de \u00e1gua, considerada Entidade Essencial. <\/span><\/span><span data-path-to-node=\"20,6\"><span class=\"citation-672\">Um ciberataque deixa fora de servi\u00e7o os seus servidores centrais. <\/span><\/span><\/p>\n<p data-path-to-node=\"20\"><span data-path-to-node=\"20,9\"><span class=\"citation-671\">Gra\u00e7as ao seu plano de continuidade, os oper\u00e1rios sabem como passar para um controlo manual das v\u00e1lvulas e o abastecimento \u00e0 cidade n\u00e3o \u00e9 interrompido. <\/span><\/span><span data-path-to-node=\"20,12\"><span class=\"citation-670\">Ao mesmo tempo, a equipa de TI p\u00f5e em marcha o plano de recupera\u00e7\u00e3o. <\/span><\/span><span data-path-to-node=\"20,15\"><span class=\"citation-669\">Verificam que as c\u00f3pias de seguran\u00e7a, armazenadas fora da rede, n\u00e3o foram afetadas e come\u00e7am a restaurar os sistemas. <\/span><\/span><\/p>\n<p data-path-to-node=\"20\"><span data-path-to-node=\"20,18\"><span class=\"citation-668\">Em menos de 48 horas a empresa volta a operar com normalidade. <\/span><\/span><span data-path-to-node=\"20,21\"><span class=\"citation-667\">N\u00e3o foi necess\u00e1rio pagar aos atacantes e o servi\u00e7o \u00e0 popula\u00e7\u00e3o foi mantido a todo o momento. <\/span><\/span><\/p>\n<p>&nbsp;<\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-206\" data-path-to-node=\"22\"><span data-path-to-node=\"22,1\"><span class=\"citation-666\">4. Seguran\u00e7a na cadeia de abastecimento<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-207\" data-path-to-node=\"23\"><span data-path-to-node=\"23,1\"><span class=\"citation-665\">Esta \u00e9 uma das mudan\u00e7as mais importantes da NIS2. <\/span><\/span><span data-path-to-node=\"23,4\"><span class=\"citation-664\">N\u00e3o serve de muito proteger a sua empresa se os fornecedores com quem trabalha s\u00e3o o ponto fraco. <\/span><\/span><span data-path-to-node=\"23,7\"><span class=\"citation-663\">A regulamenta\u00e7\u00e3o amplia o foco e obriga a ter em conta os riscos que s\u00e3o introduzidos por terceiros, desde o seu fornecedor de <\/span><i data-path-to-node=\"23,7\" data-index-in-node=\"127\"><span class=\"citation-663\">cloud<\/span><\/i><span class=\"citation-663\"> at\u00e9 qualquer empresa externa com acesso aos seus sistemas. <\/span><\/span><span data-path-to-node=\"23,10\"><span class=\"citation-662\">Para cumprir este requisito, precisa de ter controlados estes pontos:<\/span><\/span><\/p>\n<ul data-path-to-node=\"24\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-208\" data-path-to-node=\"24,0,1\"><span data-path-to-node=\"24,0,1,0\"><b data-path-to-node=\"24,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-661\">Invent\u00e1rio de fornecedores cr\u00edticos:<\/span><\/b><span class=\"citation-661\"> identificar que empresas externas t\u00eam acesso aos seus sistemas, redes ou dados sens\u00edveis.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-209\" data-path-to-node=\"24,1,1\"><span data-path-to-node=\"24,1,1,0\"><b data-path-to-node=\"24,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-660\">Avalia\u00e7\u00e3o de riscos de terceiros:<\/span><\/b><span class=\"citation-660\"> pedir aos fornecedores que demonstrem o seu n\u00edvel de ciberseguran\u00e7a antes de contratar ou renovar. <\/span><\/span><span data-path-to-node=\"24,1,1,3\"><span class=\"citation-659\">Pode ser feito atrav\u00e9s de question\u00e1rios, auditorias ou exigindo certifica\u00e7\u00f5es como a ISO 27001.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-210\" data-path-to-node=\"24,2,1\"><span data-path-to-node=\"24,2,1,0\"><b data-path-to-node=\"24,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-658\">Cl\u00e1usulas contratuais de seguran\u00e7a:<\/span><\/b><span class=\"citation-658\"> incluir nos contratos obriga\u00e7\u00f5es claras. <\/span><\/span><span data-path-to-node=\"24,2,1,3\"><span class=\"citation-657\">Por exemplo, que o fornecedor tenha de notificar incidentes num prazo concreto ou que garanta medidas como a encripta\u00e7\u00e3o da informa\u00e7\u00e3o.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-211\" data-path-to-node=\"26\"><span data-path-to-node=\"26,0\"><b data-path-to-node=\"26,0\" data-index-in-node=\"0\"><span class=\"citation-656\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"26\"><span data-path-to-node=\"26,3\"><span class=\"citation-655\">Imagine uma grande empresa de gest\u00e3o de res\u00edduos em Portugal, considerada Entidade Importante. <\/span><\/span><span data-path-to-node=\"26,6\"><span class=\"citation-654\">Utiliza um <\/span><i data-path-to-node=\"26,6\" data-index-in-node=\"11\"><span class=\"citation-654\">software<\/span><\/i><span class=\"citation-654\"> externo para otimizar as rotas de recolha dos seus cami\u00f5es. <\/span><\/span><\/p>\n<p data-path-to-node=\"26\"><span data-path-to-node=\"26,9\"><span class=\"citation-653\">Ao adaptar-se \u00e0 NIS2, a equipa de compras juntamente com a dire\u00e7\u00e3o rev\u00ea a sua pol\u00edtica. <\/span><\/span><span data-path-to-node=\"26,12\"><span class=\"citation-652\">Antes de renovar o contrato, exige ao fornecedor que demonstre que realiza testes de seguran\u00e7a de forma peri\u00f3dica na sua plataforma. <\/span><\/span><\/p>\n<p data-path-to-node=\"26\"><span data-path-to-node=\"26,15\"><span class=\"citation-651\">Al\u00e9m disso, acrescentam uma cl\u00e1usula que obriga o fornecedor a notificar qualquer falha de seguran\u00e7a que sofra em menos de 12 horas. <\/span><\/span><span data-path-to-node=\"26,18\"><span class=\"citation-650\">Se n\u00e3o cumprir estes requisitos, a empresa decide n\u00e3o renovar o contrato e procura uma alternativa mais segura no mercado. <\/span><\/span><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-212\" data-path-to-node=\"28\"><span data-path-to-node=\"28,1\"><span class=\"citation-649\">5. Seguran\u00e7a na aquisi\u00e7\u00e3o, desenvolvimento e manuten\u00e7\u00e3o<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-213\" data-path-to-node=\"29\"><span data-path-to-node=\"29,0\">A seguran\u00e7a n\u00e3o pode ser adicionada no final como um penso r\u00e1pido. <\/span><span data-path-to-node=\"29,2\"><span class=\"citation-648\">Tem de estar presente desde o in\u00edcio. <\/span><\/span><span data-path-to-node=\"29,5\"><span class=\"citation-647\">A NIS2 insiste nesta abordagem e exige aplicar controlos de ciberseguran\u00e7a cada vez que compra tecnologia, desenvolve <\/span><i data-path-to-node=\"29,5\" data-index-in-node=\"118\"><span class=\"citation-647\">software<\/span><\/i><span class=\"citation-647\"> ou atualiza os seus sistemas. <\/span><\/span><span data-path-to-node=\"29,8\"><span class=\"citation-646\">Para cumprir este ponto, a organiza\u00e7\u00e3o dever\u00e1 assegurar o seguinte:<\/span><\/span><\/p>\n<ul data-path-to-node=\"30\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-214\" data-path-to-node=\"30,0,1\"><span data-path-to-node=\"30,0,1,0\"><b data-path-to-node=\"30,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-645\">Gest\u00e3o de vulnerabilidades e <\/span><i data-path-to-node=\"30,0,1,0\" data-index-in-node=\"29\"><span class=\"citation-645\">patches<\/span><\/i><span class=\"citation-645\">:<\/span><\/b><span class=\"citation-645\"> contar com um processo claro para aplicar atualiza\u00e7\u00f5es cr\u00edticas o mais rapidamente poss\u00edvel. <\/span><\/span><span data-path-to-node=\"30,0,1,3\"><span class=\"citation-644\">Quer seja automatizado ou planeado, o objetivo \u00e9 evitar que as falhas conhecidas se tornem numa porta de entrada para os atacantes.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-215\" data-path-to-node=\"30,1,1\"><span data-path-to-node=\"30,1,1,0\"><b data-path-to-node=\"30,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-643\">Pol\u00edticas de aquisi\u00e7\u00e3o segura:<\/span><\/b><span class=\"citation-643\"> antes de incorporar qualquer equipamento ou <\/span><i data-path-to-node=\"30,1,1,0\" data-index-in-node=\"75\"><span class=\"citation-643\">software<\/span><\/i><span class=\"citation-643\">, a equipa de TI deve verificar se este cumpre os requisitos m\u00ednimos de seguran\u00e7a. <\/span><\/span><span data-path-to-node=\"30,1,1,3\"><span class=\"citation-642\">Por exemplo, que n\u00e3o inclua palavras-passe por defeito que n\u00e3o se possam alterar ou configura\u00e7\u00f5es inseguras de f\u00e1brica.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-216\" data-path-to-node=\"30,2,1\"><span data-path-to-node=\"30,2,1,0\"><b data-path-to-node=\"30,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-641\">Desenvolvimento seguro:<\/span><\/b><span class=\"citation-641\"> se a empresa desenvolve o seu pr\u00f3prio <\/span><i data-path-to-node=\"30,2,1,0\" data-index-in-node=\"62\"><span class=\"citation-641\">software<\/span><\/i><span class=\"citation-641\">, \u00e9 fundamental que as equipas sigam pr\u00e1ticas de desenvolvimento seguro (como <\/span><i data-path-to-node=\"30,2,1,0\" data-index-in-node=\"148\"><span class=\"citation-641\">Secure by Design<\/span><\/i><span class=\"citation-641\">) desde o in\u00edcio para evitar vulnerabilidades comuns no c\u00f3digo.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-217\" data-path-to-node=\"32\"><span data-path-to-node=\"32,0\"><b data-path-to-node=\"32,0\" data-index-in-node=\"0\"><span class=\"citation-640\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"32\"><span data-path-to-node=\"32,3\"><span class=\"citation-639\">Imagine uma empresa de transporte ferrovi\u00e1rio de passageiros, considerada Entidade Essencial. <\/span><\/span><span data-path-to-node=\"32,6\"><span class=\"citation-638\">Decide instalar novas c\u00e2maras de videovigil\u00e2ncia ligadas \u00e0 rede em v\u00e1rias esta\u00e7\u00f5es. <\/span><\/span><\/p>\n<p data-path-to-node=\"32\"><span data-path-to-node=\"32,9\"><span class=\"citation-637\">Antes de as implementar, a equipa de ciberseguran\u00e7a rev\u00ea os dispositivos e deteta um problema: as c\u00e2maras incluem uma palavra-passe de f\u00e1brica conhecida e o <\/span><i data-path-to-node=\"32,9\" data-index-in-node=\"157\"><span class=\"citation-637\">firmware<\/span><\/i><span class=\"citation-637\"> n\u00e3o permite alter\u00e1-la. <\/span><\/span><span data-path-to-node=\"32,12\"><span class=\"citation-636\">Perante este risco inaceit\u00e1vel, rejeitam a compra e exigem um modelo que permita gerir credenciais de forma robusta e receba atualiza\u00e7\u00f5es de seguran\u00e7a do fabricante. <\/span><\/span><\/p>\n<p data-path-to-node=\"32\"><span data-path-to-node=\"32,15\"><span class=\"citation-635\">Ao mesmo tempo, a empresa tem configurado um sistema para que os servidores que gerem a venda de bilhetes <\/span><i data-path-to-node=\"32,15\" data-index-in-node=\"106\"><span class=\"citation-635\">online<\/span><\/i><span class=\"citation-635\"> se atualizem automaticamente de madrugada assim que surgem <\/span><i data-path-to-node=\"32,15\" data-index-in-node=\"172\"><span class=\"citation-635\">patches<\/span><\/i><span class=\"citation-635\"> cr\u00edticos. <\/span><\/span><span data-path-to-node=\"32,18\"><span class=\"citation-634\">Desta forma, reduzem ao m\u00ednimo o tempo em que podem estar expostos.<\/span><\/span><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-218\" data-path-to-node=\"34\"><span data-path-to-node=\"34,1\"><span class=\"citation-633\">6. Pol\u00edticas para avaliar a efic\u00e1cia das medidas de seguran\u00e7a <\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-219\" data-path-to-node=\"35\"><span data-path-to-node=\"35,1\"><span class=\"citation-632\">Instalar uma <\/span><i data-path-to-node=\"35,1\" data-index-in-node=\"13\"><span class=\"citation-632\">firewall<\/span><\/i><span class=\"citation-632\"> ou redigir um manual n\u00e3o \u00e9 suficiente se n\u00e3o verificar de forma regular se tudo funciona como deveria. <\/span><\/span><span data-path-to-node=\"35,3\"> A NIS2 foca-se na melhoria cont\u00ednua. <\/span><span data-path-to-node=\"35,5\"><span class=\"citation-631\">N\u00e3o pode dar a sua seguran\u00e7a por garantida, tem de a p\u00f4r \u00e0 prova e demonstrar com evid\u00eancias que continua a ser eficaz face a novas amea\u00e7as. <\/span><\/span><span data-path-to-node=\"35,8\"><span class=\"citation-630\">Para cumprir este requisito, a sua <\/span><i data-path-to-node=\"35,8\" data-index-in-node=\"35\"><span class=\"citation-630\">checklist<\/span><\/i><span class=\"citation-630\"> dever\u00e1 incluir o seguinte: <\/span><\/span><\/p>\n<ul data-path-to-node=\"36\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-220\" data-path-to-node=\"36,0,1\"><span data-path-to-node=\"36,0,1,0\"><b data-path-to-node=\"36,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-629\">Auditorias de seguran\u00e7a peri\u00f3dicas:<\/span><\/b><span class=\"citation-629\"> revis\u00f5es internas e externas que permitam validar o cumprimento das pol\u00edticas e o n\u00edvel real de prote\u00e7\u00e3o da infraestrutura.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-221\" data-path-to-node=\"36,1,1\"><span data-path-to-node=\"36,1,1,0\"><b data-path-to-node=\"36,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-628\">Testes de intrus\u00e3o e an\u00e1lise de vulnerabilidades:<\/span><\/b><span class=\"citation-628\"> simular ataques controlados (<\/span><i data-path-to-node=\"36,1,1,0\" data-index-in-node=\"79\"><span class=\"citation-628\">pentesting<\/span><\/i><span class=\"citation-628\">) contra os seus pr\u00f3prios sistemas para detetar por onde poderia entrar um atacante real antes que aconte\u00e7a.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-222\" data-path-to-node=\"36,2,1\"><span data-path-to-node=\"36,2,1,0\"><b data-path-to-node=\"36,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-627\">M\u00e9tricas para a dire\u00e7\u00e3o:<\/span><\/b><span class=\"citation-627\"> relat\u00f3rios claros e peri\u00f3dicos que mostrem o estado da seguran\u00e7a, os riscos detetados e os tempos de resposta. <\/span><\/span><span data-path-to-node=\"36,2,1,3\"><span class=\"citation-626\">A administra\u00e7\u00e3o deve ter visibilidade porque \u00e9 a respons\u00e1vel final legal perante a regulamenta\u00e7\u00e3o.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-223\" data-path-to-node=\"38\"><span data-path-to-node=\"38,0\"><b data-path-to-node=\"38,0\" data-index-in-node=\"0\"><span class=\"citation-625\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"38\"><span data-path-to-node=\"38,3\"><span class=\"citation-624\">Imagine uma entidade banc\u00e1ria ou de cr\u00e9dito que opera a n\u00edvel nacional. <\/span><\/span><span data-path-to-node=\"38,6\"><span class=\"citation-623\">Acaba de lan\u00e7ar uma nova <\/span><i data-path-to-node=\"38,6\" data-index-in-node=\"25\"><span class=\"citation-623\">app<\/span><\/i><span class=\"citation-623\"> m\u00f3vel para os seus clientes. <\/span><\/span><\/p>\n<p data-path-to-node=\"38\"><span data-path-to-node=\"38,9\"><span class=\"citation-622\">Para validar a sua seguran\u00e7a, n\u00e3o se limita a confiar nos testes de desenvolvimento interno e contrata uma equipa de <\/span><i data-path-to-node=\"38,9\" data-index-in-node=\"117\"><span class=\"citation-622\">hacking<\/span><\/i><span class=\"citation-622\"> \u00e9tico externa para p\u00f4r a aplica\u00e7\u00e3o \u00e0 prova. <\/span><\/span><span data-path-to-node=\"38,12\"><span class=\"citation-621\">Durante a simula\u00e7\u00e3o, os peritos detetam uma falha l\u00f3gica que permitiria, sob certas condi\u00e7\u00f5es, contornar o in\u00edcio de sess\u00e3o. <\/span><\/span><\/p>\n<p data-path-to-node=\"38\"><span data-path-to-node=\"38,15\"><span class=\"citation-620\">O problema \u00e9 corrigido de imediato antes que a <\/span><i data-path-to-node=\"38,15\" data-index-in-node=\"47\"><span class=\"citation-620\">app<\/span><\/i><span class=\"citation-620\"> seja publicada e afete qualquer utilizador. <\/span><\/span><span data-path-to-node=\"38,18\"><span class=\"citation-619\">O respons\u00e1vel de seguran\u00e7a apresenta estes resultados \u00e0 dire\u00e7\u00e3o, o que n\u00e3o s\u00f3 melhora a prote\u00e7\u00e3o real dos clientes, como tamb\u00e9m serve para justificar o investimento em ciberseguran\u00e7a preventiva com dados concretos. <\/span><\/span><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-224\" data-path-to-node=\"40\"><span data-path-to-node=\"40,1\"><span class=\"citation-618\">7. Pr\u00e1ticas b\u00e1sicas de higiene cibern\u00e9tica e forma\u00e7\u00e3o cont\u00ednua<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-225\" data-path-to-node=\"41\"><span data-path-to-node=\"41,1\"><span class=\"citation-617\">O ponto fraco de muitas empresas n\u00e3o est\u00e1 na tecnologia, mas sim nas pessoas. <\/span><\/span><span data-path-to-node=\"41,4\"><span class=\"citation-616\">A NIS2 foca-se na forma\u00e7\u00e3o e exige que tanto os funcion\u00e1rios como os diretores saibam identificar amea\u00e7as e atuar de forma segura no seu dia a dia. <\/span><\/span><span data-path-to-node=\"41,7\"><span class=\"citation-615\">Para cumprir este ponto, a organiza\u00e7\u00e3o dever\u00e1 assegurar o seguinte:<\/span><\/span><\/p>\n<ul data-path-to-node=\"42\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-226\" data-path-to-node=\"42,0,1\"><span data-path-to-node=\"42,0,1,0\"><b data-path-to-node=\"42,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-614\">Forma\u00e7\u00e3o cont\u00ednua em ciberseguran\u00e7a:<\/span><\/b><span class=\"citation-614\"> programas adaptados a cada perfil para aprender a detetar riscos como o <\/span><i data-path-to-node=\"42,0,1,0\" data-index-in-node=\"109\"><span class=\"citation-614\">phishing<\/span><\/i><span class=\"citation-614\"> ou a engenharia social.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-227\" data-path-to-node=\"42,1,1\"><span data-path-to-node=\"42,1,1,0\"><b data-path-to-node=\"42,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-613\">Simula\u00e7\u00f5es de <\/span><i data-path-to-node=\"42,1,1,0\" data-index-in-node=\"14\"><span class=\"citation-613\">phishing<\/span><\/i><span class=\"citation-613\">:<\/span><\/b><span class=\"citation-613\"> envio de e-mails controlados para medir o comportamento dos funcion\u00e1rios e refor\u00e7ar a consciencializa\u00e7\u00e3o de forma pr\u00e1tica.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-228\" data-path-to-node=\"42,2,1\"><span data-path-to-node=\"42,2,1,0\"><b data-path-to-node=\"42,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-612\">Boas pr\u00e1ticas di\u00e1rias:<\/span><\/b><span class=\"citation-612\"> normas claras sobre a utiliza\u00e7\u00e3o de palavras-passe seguras, bloqueio de dispositivos, utiliza\u00e7\u00e3o de redes p\u00fablicas e manuseamento de informa\u00e7\u00e3o sens\u00edvel.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-229\" data-path-to-node=\"44\"><span data-path-to-node=\"44,0\"><b data-path-to-node=\"44,0\" data-index-in-node=\"0\"><span class=\"citation-611\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"44\"><span data-path-to-node=\"44,2\"> Imagine uma grande empresa do setor energ\u00e9tico em Portugal. <\/span><span data-path-to-node=\"44,4\"><span class=\"citation-610\">Um funcion\u00e1rio recebe um e-mail urgente que parece vir do diretor-geral, a solicitar uma transfer\u00eancia e o <\/span><i data-path-to-node=\"44,4\" data-index-in-node=\"107\"><span class=\"citation-610\">download<\/span><\/i><span class=\"citation-610\"> de um ficheiro em anexo. <\/span><\/span><\/p>\n<p data-path-to-node=\"44\"><span data-path-to-node=\"44,7\"><span class=\"citation-609\">Gra\u00e7as \u00e0 forma\u00e7\u00e3o recente, deteta uma pequena anomalia no dom\u00ednio do e-mail. <\/span><\/span><span data-path-to-node=\"44,10\"><span class=\"citation-608\">Em vez de interagir com a mensagem, reporta-a imediatamente \u00e0 equipa de TI. <\/span><\/span><\/p>\n<p data-path-to-node=\"44\"><span data-path-to-node=\"44,13\"><span class=\"citation-607\">Esse simples gesto evita a entrada de <\/span><i data-path-to-node=\"44,13\" data-index-in-node=\"38\"><span class=\"citation-607\">malware<\/span><\/i><span class=\"citation-607\"> na rede corporativa e bloqueia um poss\u00edvel ataque antes que tenha um impacto real.<\/span><\/span><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-230\" data-path-to-node=\"46\"><span data-path-to-node=\"46,1\"><span class=\"citation-606\">8. Procedimentos sobre a utiliza\u00e7\u00e3o de criptografia e encripta\u00e7\u00e3o de dados<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-231\" data-path-to-node=\"47\"><span data-path-to-node=\"47,1\"><span class=\"citation-605\">Se um atacante conseguir aceder \u00e0 sua informa\u00e7\u00e3o, a encripta\u00e7\u00e3o \u00e9 o que marca a diferen\u00e7a entre um incidente controlado e um problema grave. <\/span><\/span><span data-path-to-node=\"47,4\"><span class=\"citation-604\">A NIS2 exige proteger os dados sens\u00edveis a todo o momento, tanto quando est\u00e3o armazenados como quando s\u00e3o transmitidos. <\/span><\/span><span data-path-to-node=\"47,7\"><span class=\"citation-603\">Para cumprir este ponto, a organiza\u00e7\u00e3o dever\u00e1 assegurar o seguinte:<\/span><\/span><\/p>\n<ul data-path-to-node=\"48\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-232\" data-path-to-node=\"48,0,1\"><span data-path-to-node=\"48,0,1,0\"><b data-path-to-node=\"48,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-602\">Encripta\u00e7\u00e3o de dados armazenados:<\/span><\/b><span class=\"citation-602\"> port\u00e1teis, bases de dados e dispositivos m\u00f3veis devem estar protegidos atrav\u00e9s de encripta\u00e7\u00e3o (dados em repouso). <\/span><\/span><span data-path-to-node=\"48,0,1,3\"><span class=\"citation-601\">Assim, se um equipamento se perder ou for roubado, a informa\u00e7\u00e3o continua a ser inacess\u00edvel.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-233\" data-path-to-node=\"48,1,1\"><span data-path-to-node=\"48,1,1,0\"><b data-path-to-node=\"48,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-600\">Encripta\u00e7\u00e3o de dados em tr\u00e2nsito:<\/span><\/b><span class=\"citation-600\"> utiliza\u00e7\u00e3o de protocolos seguros nas comunica\u00e7\u00f5es e liga\u00e7\u00f5es protegidas (como VPNs) para acessos remotos. <\/span><\/span><span data-path-to-node=\"48,1,1,3\"><span class=\"citation-599\">Isto evita que a informa\u00e7\u00e3o possa ser intercetada enquanto viaja pela rede.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-234\" data-path-to-node=\"48,2,1\"><span data-path-to-node=\"48,2,1,0\"><b data-path-to-node=\"48,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-598\">Gest\u00e3o segura de chaves:<\/span><\/b><span class=\"citation-598\"> definir como s\u00e3o criadas, armazenadas e renovadas as chaves que protegem os dados. <\/span><\/span><span data-path-to-node=\"48,2,1,3\"><span class=\"citation-597\">Sem uma boa gest\u00e3o, a encripta\u00e7\u00e3o perde grande parte do seu valor.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-235\" data-path-to-node=\"50\"><span data-path-to-node=\"50,0\"><b data-path-to-node=\"50,0\" data-index-in-node=\"0\"><span class=\"citation-596\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"50\"><span data-path-to-node=\"50,3\"><span class=\"citation-595\">Imagine um laborat\u00f3rio farmac\u00eautico portugu\u00eas que precisa de enviar a f\u00f3rmula de um novo medicamento da sua sede central para uma f\u00e1brica de produ\u00e7\u00e3o. <\/span><\/span><\/p>\n<p data-path-to-node=\"50\"><span data-path-to-node=\"50,6\"><span class=\"citation-594\">Para o fazer de forma segura, utilizam um canal encriptado que protege a informa\u00e7\u00e3o durante a transfer\u00eancia. <\/span><\/span><span data-path-to-node=\"50,9\"><span class=\"citation-593\">Al\u00e9m disso, os sistemas onde essa f\u00f3rmula est\u00e1 armazenada tamb\u00e9m est\u00e3o encriptados de forma robusta. <\/span><\/span><\/p>\n<p data-path-to-node=\"50\"><span data-path-to-node=\"50,12\"><span class=\"citation-592\">Semanas depois, ocorre o roubo de um disco r\u00edgido na f\u00e1brica. <\/span><\/span><span data-path-to-node=\"50,15\"><span class=\"citation-591\">No entanto, os dados n\u00e3o podem ser lidos porque est\u00e3o protegidos e as chaves s\u00e3o geridas corretamente. <\/span><\/span><span data-path-to-node=\"50,18\"><span class=\"citation-590\">O incidente fica limitado \u00e0 perda do <\/span><i data-path-to-node=\"50,18\" data-index-in-node=\"37\"><span class=\"citation-590\">hardware<\/span><\/i><span class=\"citation-590\"> e evita-se um problema muito maior relacionado com a fuga de informa\u00e7\u00e3o cr\u00edtica.<\/span><\/span><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-236\" data-path-to-node=\"52\"><span data-path-to-node=\"52,1\"><span class=\"citation-589\">9. Seguran\u00e7a de RH, controlo de acessos e gest\u00e3o de ativos <\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-237\" data-path-to-node=\"53\"><span data-path-to-node=\"53,1\"><span class=\"citation-588\">Muitas falhas de seguran\u00e7a n\u00e3o v\u00eam de <\/span><i data-path-to-node=\"53,1\" data-index-in-node=\"38\"><span class=\"citation-588\">hackers<\/span><\/i><span class=\"citation-588\"> sofisticados, mas de erros internos: um ex-funcion\u00e1rio com acesso ativo ou um trabalhador com permiss\u00f5es desnecess\u00e1rias pode causar danos enormes. <\/span><\/span><span data-path-to-node=\"53,4\"><span class=\"citation-587\">A NIS2 exige controlar quem entra nos seus sistemas, o que pode fazer enquanto l\u00e1 est\u00e1 dentro e como se revogam os seus acessos quando sai. <\/span><\/span><span data-path-to-node=\"53,7\"><span class=\"citation-586\">Para cumprir este ponto, a sua <\/span><i data-path-to-node=\"53,7\" data-index-in-node=\"31\"><span class=\"citation-586\">checklist<\/span><\/i><span class=\"citation-586\"> dever\u00e1 incluir:<\/span><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul data-path-to-node=\"54\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-238\" data-path-to-node=\"54,0,1\"><span data-path-to-node=\"54,0,1,0\"><b data-path-to-node=\"54,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-585\">Pol\u00edticas rigorosas de admiss\u00f5es e sa\u00eddas:<\/span><\/b><span class=\"citation-585\"> automatizar os processos de <\/span><i data-path-to-node=\"54,0,1,0\" data-index-in-node=\"71\"><span class=\"citation-585\">onboarding<\/span><\/i><span class=\"citation-585\"> e <\/span><i data-path-to-node=\"54,0,1,0\" data-index-in-node=\"84\"><span class=\"citation-585\">offboarding<\/span><\/i><span class=\"citation-585\"> para que, no momento em que um funcion\u00e1rio deixa a empresa, sejam imediatamente revogadas todas as suas credenciais, acessos e contas.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-239\" data-path-to-node=\"54,1,1\"><span data-path-to-node=\"54,1,1,0\"><b data-path-to-node=\"54,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-584\">Princ\u00edpio de privil\u00e9gio m\u00ednimo:<\/span><\/b><span class=\"citation-584\"> cada funcion\u00e1rio s\u00f3 deve ter acesso \u00e0 informa\u00e7\u00e3o e aos sistemas estritamente necess\u00e1rios para o seu trabalho di\u00e1rio. <\/span><\/span><span data-path-to-node=\"54,1,1,3\"><span class=\"citation-583\">Isto limita drasticamente o risco de erros ou abusos internos.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-240\" data-path-to-node=\"54,2,1\"><span data-path-to-node=\"54,2,1,0\"><b data-path-to-node=\"54,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-582\">Gest\u00e3o de ativos corporativos:<\/span><\/b><span class=\"citation-582\"> utilizar <\/span><i data-path-to-node=\"54,2,1,0\" data-index-in-node=\"40\"><span class=\"citation-582\">software<\/span><\/i><span class=\"citation-582\"> (como um MDM) que permita controlar, bloquear ou apagar remotamente port\u00e1teis e telem\u00f3veis corporativos em caso de perda ou roubo.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-241\" data-path-to-node=\"56\"><span data-path-to-node=\"56,0\"><b data-path-to-node=\"56,0\" data-index-in-node=\"0\"><span class=\"citation-581\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"56\"><span data-path-to-node=\"56,3\"><span class=\"citation-580\">Imagine um dos grandes portos de mercadorias de Portugal (como o de Sines ou Leix\u00f5es). <\/span><\/span><span data-path-to-node=\"56,6\"><span class=\"citation-579\">Um operador de gruas automatizadas \u00e9 despedido por m\u00e1 conduta. <\/span><\/span><\/p>\n<p data-path-to-node=\"56\"><span data-path-to-node=\"56,9\"><span class=\"citation-578\">Gra\u00e7as ao processo de <\/span><i data-path-to-node=\"56,9\" data-index-in-node=\"22\"><span class=\"citation-578\">offboarding<\/span><\/i><span class=\"citation-578\"> autom\u00e1tico, os Recursos Humanos notificam a TI e as suas credenciais s\u00e3o revogadas de imediato. <\/span><\/span><span data-path-to-node=\"56,12\"><span class=\"citation-577\">Al\u00e9m disso, o princ\u00edpio do privil\u00e9gio m\u00ednimo assegura que, enquanto esteve ativo, o funcion\u00e1rio n\u00e3o tinha acesso aos sistemas de fatura\u00e7\u00e3o nem \u00e0s bases de dados das alf\u00e2ndegas. <\/span><\/span><\/p>\n<p data-path-to-node=\"56\"><span data-path-to-node=\"56,15\"><span class=\"citation-576\">Se a empresa n\u00e3o tivesse aplicado estas medidas, o trabalhador poderia ter-se ligado a partir de casa num ato de vingan\u00e7a e sabotado os sistemas, paralisando centenas de contentores e sujeitando a empresa a graves san\u00e7\u00f5es por incumprimento da NIS2.<\/span><\/span><\/p>\n<h2 id=\"p-rc_e01b0be9a2f2f87e-242\" data-path-to-node=\"58\"><span data-path-to-node=\"58,1\"><span class=\"citation-575\">10. Utiliza\u00e7\u00e3o de autentica\u00e7\u00e3o multifator (MFA) e comunica\u00e7\u00f5es seguras<\/span><\/span><\/h2>\n<p id=\"p-rc_e01b0be9a2f2f87e-243\" data-path-to-node=\"59\"><span data-path-to-node=\"59,1\"><span class=\"citation-574\">As palavras-passe por si s\u00f3 j\u00e1 n\u00e3o bastam para proteger sistemas cr\u00edticos. <\/span><\/span><span data-path-to-node=\"59,4\"><span class=\"citation-573\">A NIS2 exige camadas adicionais de seguran\u00e7a para verificar a identidade dos utilizadores e canais de comunica\u00e7\u00e3o que n\u00e3o possam ser intercetados, sobretudo durante a gest\u00e3o de incidentes. <\/span><\/span><span data-path-to-node=\"59,7\"><span class=\"citation-572\">Para completar este ponto da <\/span><i data-path-to-node=\"59,7\" data-index-in-node=\"29\"><span class=\"citation-572\">checklist<\/span><\/i><span class=\"citation-572\">, a organiza\u00e7\u00e3o dever\u00e1 implementar:<\/span><\/span><\/p>\n<ul data-path-to-node=\"60\">\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-244\" data-path-to-node=\"60,0,1\"><span data-path-to-node=\"60,0,1,0\"><b data-path-to-node=\"60,0,1,0\" data-index-in-node=\"0\"><span class=\"citation-571\">Autentica\u00e7\u00e3o multifator (MFA):<\/span><\/b><span class=\"citation-571\"> verifica\u00e7\u00e3o em dois passos obrigat\u00f3ria (atrav\u00e9s de aplica\u00e7\u00f5es do tipo <\/span><i data-path-to-node=\"60,0,1,0\" data-index-in-node=\"101\"><span class=\"citation-571\">Authenticator<\/span><\/i><span class=\"citation-571\">, <\/span><i data-path-to-node=\"60,0,1,0\" data-index-in-node=\"116\"><span class=\"citation-571\">tokens<\/span><\/i><span class=\"citation-571\"> f\u00edsicos ou biometria) em todos os acessos \u00e0 rede, priorizando liga\u00e7\u00f5es VPN, teletrabalho e contas de administrador.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-245\" data-path-to-node=\"60,1,1\"><span data-path-to-node=\"60,1,1,0\"><b data-path-to-node=\"60,1,1,0\" data-index-in-node=\"0\"><span class=\"citation-570\">Comunica\u00e7\u00f5es internas encriptadas:<\/span><\/b> <i data-path-to-node=\"60,1,1,0\" data-index-in-node=\"35\"><span class=\"citation-570\">chats<\/span><\/i><span class=\"citation-570\">, chamadas e videoconfer\u00eancias corporativas protegidos com encripta\u00e7\u00e3o de ponta a ponta para manter a confidencialidade da informa\u00e7\u00e3o.<\/span><\/span><\/p>\n<\/li>\n<li>\n<p id=\"p-rc_e01b0be9a2f2f87e-246\" data-path-to-node=\"60,2,1\"><span data-path-to-node=\"60,2,1,0\"><b data-path-to-node=\"60,2,1,0\" data-index-in-node=\"0\"><span class=\"citation-569\">Canais de comunica\u00e7\u00e3o alternativos de emerg\u00eancia:<\/span><\/b><span class=\"citation-569\"> dispor de um sistema seguro paralelo para coordenar a resposta a um ciberataque que interrompa os servi\u00e7os habituais da empresa.<\/span><\/span><\/p>\n<\/li>\n<\/ul>\n<h3 id=\"p-rc_e01b0be9a2f2f87e-247\" data-path-to-node=\"62\"><span data-path-to-node=\"62,0\"><b data-path-to-node=\"62,0\" data-index-in-node=\"0\"><span class=\"citation-568\">Exemplo pr\u00e1tico<\/span><\/b> <\/span><\/h3>\n<p data-path-to-node=\"62\"><span data-path-to-node=\"62,3\"><span class=\"citation-567\">Imagine um fornecedor de servi\u00e7os na <\/span><i data-path-to-node=\"62,3\" data-index-in-node=\"37\"><span class=\"citation-567\">cloud<\/span><\/i><span class=\"citation-567\"> que opera no mercado luso. <\/span><\/span><span data-path-to-node=\"62,6\"><span class=\"citation-566\">Um atacante consegue roubar a palavra-passe de administrador de um engenheiro atrav\u00e9s de um ataque direcionado de <\/span><i data-path-to-node=\"62,6\" data-index-in-node=\"114\"><span class=\"citation-566\">phishing<\/span><\/i><span class=\"citation-566\">. <\/span><\/span><\/p>\n<p data-path-to-node=\"62\"><span data-path-to-node=\"62,9\"><span class=\"citation-565\">Quando tenta aceder aos servidores a partir de outro pa\u00eds, o sistema exige o c\u00f3digo MFA, que apenas o engenheiro pode aprovar a partir do seu telem\u00f3vel corporativo, bloqueando o acesso de forma definitiva. <\/span><\/span><\/p>\n<p data-path-to-node=\"62\"><span data-path-to-node=\"62,12\"><span class=\"citation-564\">O engenheiro alerta de imediato o comit\u00e9 de crise e a equipa t\u00e9cnica coordena-se atrav\u00e9s de um canal encriptado alternativo (fora da rede principal), evitando que o atacante (que poderia estar a vigiar os e-mails normais) interfira na estrat\u00e9gia de defesa.<\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A diretiva NIS2 j\u00e1 n\u00e3o \u00e9 algo que est\u00e1 para chegar. J\u00e1 est\u00e1 aqui. Milhares de empresas e fornecedores em Portugal t\u00eam de se adaptar a requisitos de ciberseguran\u00e7a muito mais exigentes para proteger os seus sistemas e evitar poss\u00edveis san\u00e7\u00f5es. O problema \u00e9 que enfrentar o texto legal nem sempre \u00e9 simples. Para muitos<a href=\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\" class=\"read-more\"> [&#8230;]<\/a><\/p>\n","protected":false},"author":352,"featured_media":187611,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1055],"tags":[],"class_list":["post-187610","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-nis2"],"acf":{"topics":"factorial-it"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Checklist da diretiva NIS2 | Factorial<\/title>\n<meta name=\"description\" content=\"Checklist NIS2: 10 passos pr\u00e1ticos para auditar a sua empresa, proteger os seus sistemas e cumprir a legisla\u00e7\u00e3o sem san\u00e7\u00f5es.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\" \/>\n<meta property=\"og:locale\" content=\"pt_PT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checklist da diretiva NIS2: a sua empresa est\u00e1 preparada?\" \/>\n<meta property=\"og:description\" content=\"Checklist NIS2: 10 passos pr\u00e1ticos para auditar a sua empresa, proteger os seus sistemas e cumprir a legisla\u00e7\u00e3o sem san\u00e7\u00f5es.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\" \/>\n<meta property=\"og:site_name\" content=\"Factorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-24T17:11:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-24T17:32:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/04\/24185720\/checklist-diretiva-nis2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1800\" \/>\n\t<meta property=\"og:image:height\" content=\"976\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Enrique Quiroga\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:site\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Enrique Quiroga\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"14 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\"},\"author\":{\"name\":\"Enrique Quiroga\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014\"},\"headline\":\"Checklist da diretiva NIS2: a sua empresa est\u00e1 preparada?\",\"datePublished\":\"2026-04-24T17:11:05+00:00\",\"dateModified\":\"2026-04-24T17:32:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\"},\"wordCount\":3495,\"publisher\":{\"@id\":\"https:\/\/factorialhr.pt\/blog\/#organization\"},\"articleSection\":[\"NIS2\"],\"inLanguage\":\"pt-PT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\",\"url\":\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\",\"name\":\"Checklist da diretiva NIS2 | Factorial\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.pt\/blog\/#website\"},\"datePublished\":\"2026-04-24T17:11:05+00:00\",\"dateModified\":\"2026-04-24T17:32:23+00:00\",\"description\":\"Checklist NIS2: 10 passos pr\u00e1ticos para auditar a sua empresa, proteger os seus sistemas e cumprir a legisla\u00e7\u00e3o sem san\u00e7\u00f5es.\",\"inLanguage\":\"pt-PT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/#website\",\"url\":\"https:\/\/factorialhr.pt\/blog\/\",\"name\":\"Factorial\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/factorialhr.pt\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/factorialhr.pt\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"pt-PT\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/#organization\",\"name\":\"All-in-one business management software - Factorial\",\"url\":\"https:\/\/factorialhr.pt\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-PT\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/factorialhr.pt\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"contentUrl\":\"https:\/\/factorialhr.pt\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"width\":946,\"height\":880,\"caption\":\"All-in-one business management software - Factorial\"},\"image\":{\"@id\":\"https:\/\/factorialhr.pt\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\",\"https:\/\/twitter.com\/factorialapp\",\"https:\/\/www.linkedin.com\/company\/factorialhr\",\"https:\/\/www.youtube.com\/@factorialmedia\",\"https:\/\/www.instagram.com\/factorial\/#\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014\",\"name\":\"Enrique Quiroga\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-PT\",\"@id\":\"https:\/\/factorialhr.pt\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g\",\"caption\":\"Enrique Quiroga\"},\"url\":\"https:\/\/factorialhr.pt\/blog\/author\/enrique-quiroga\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Checklist da diretiva NIS2 | Factorial","description":"Checklist NIS2: 10 passos pr\u00e1ticos para auditar a sua empresa, proteger os seus sistemas e cumprir a legisla\u00e7\u00e3o sem san\u00e7\u00f5es.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/","og_locale":"pt_PT","og_type":"article","og_title":"Checklist da diretiva NIS2: a sua empresa est\u00e1 preparada?","og_description":"Checklist NIS2: 10 passos pr\u00e1ticos para auditar a sua empresa, proteger os seus sistemas e cumprir a legisla\u00e7\u00e3o sem san\u00e7\u00f5es.","og_url":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/","og_site_name":"Factorial","article_publisher":"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","article_published_time":"2026-04-24T17:11:05+00:00","article_modified_time":"2026-04-24T17:32:23+00:00","og_image":[{"width":1800,"height":976,"url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2026\/04\/24185720\/checklist-diretiva-nis2.png","type":"image\/png"}],"author":"Enrique Quiroga","twitter_card":"summary_large_image","twitter_creator":"@factorialapp","twitter_site":"@factorialapp","twitter_misc":{"Written by":"Enrique Quiroga","Est. reading time":"14 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/#article","isPartOf":{"@id":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/"},"author":{"name":"Enrique Quiroga","@id":"https:\/\/factorialhr.pt\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014"},"headline":"Checklist da diretiva NIS2: a sua empresa est\u00e1 preparada?","datePublished":"2026-04-24T17:11:05+00:00","dateModified":"2026-04-24T17:32:23+00:00","mainEntityOfPage":{"@id":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/"},"wordCount":3495,"publisher":{"@id":"https:\/\/factorialhr.pt\/blog\/#organization"},"articleSection":["NIS2"],"inLanguage":"pt-PT"},{"@type":"WebPage","@id":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/","url":"https:\/\/factorialhr.pt\/blog\/checklist-nis2\/","name":"Checklist da diretiva NIS2 | Factorial","isPartOf":{"@id":"https:\/\/factorialhr.pt\/blog\/#website"},"datePublished":"2026-04-24T17:11:05+00:00","dateModified":"2026-04-24T17:32:23+00:00","description":"Checklist NIS2: 10 passos pr\u00e1ticos para auditar a sua empresa, proteger os seus sistemas e cumprir a legisla\u00e7\u00e3o sem san\u00e7\u00f5es.","inLanguage":"pt-PT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/factorialhr.pt\/blog\/checklist-nis2\/"]}]},{"@type":"WebSite","@id":"https:\/\/factorialhr.pt\/blog\/#website","url":"https:\/\/factorialhr.pt\/blog\/","name":"Factorial","description":"","publisher":{"@id":"https:\/\/factorialhr.pt\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/factorialhr.pt\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"pt-PT"},{"@type":"Organization","@id":"https:\/\/factorialhr.pt\/blog\/#organization","name":"All-in-one business management software - Factorial","url":"https:\/\/factorialhr.pt\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pt-PT","@id":"https:\/\/factorialhr.pt\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/factorialhr.pt\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","contentUrl":"https:\/\/factorialhr.pt\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","width":946,"height":880,"caption":"All-in-one business management software - Factorial"},"image":{"@id":"https:\/\/factorialhr.pt\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","https:\/\/twitter.com\/factorialapp","https:\/\/www.linkedin.com\/company\/factorialhr","https:\/\/www.youtube.com\/@factorialmedia","https:\/\/www.instagram.com\/factorial\/#"]},{"@type":"Person","@id":"https:\/\/factorialhr.pt\/blog\/#\/schema\/person\/576a40f0f266777ab73068c097d59014","name":"Enrique Quiroga","image":{"@type":"ImageObject","inLanguage":"pt-PT","@id":"https:\/\/factorialhr.pt\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fcc26a14dc327372e37434cfc64f3917?s=96&d=identicon&r=g","caption":"Enrique Quiroga"},"url":"https:\/\/factorialhr.pt\/blog\/author\/enrique-quiroga\/"}]}},"_links":{"self":[{"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/posts\/187610"}],"collection":[{"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/users\/352"}],"replies":[{"embeddable":true,"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/comments?post=187610"}],"version-history":[{"count":3,"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/posts\/187610\/revisions"}],"predecessor-version":[{"id":187635,"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/posts\/187610\/revisions\/187635"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/media\/187611"}],"wp:attachment":[{"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/media?parent=187610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/categories?post=187610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/factorialhr.pt\/blog\/wp-json\/wp\/v2\/tags?post=187610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}