Gap assessment and compliance with Law 21.633 (OIV)
We helped an energy sector company identify its compliance gaps regarding Law 21.633 requirements and develop its action plan based on the NIST CSF framework.
Compliance assessment with Law 21.633 in an energy company
A Chilean energy company engaged Cyber-Tower to evaluate its level of compliance with Law 21.633, which regulates Organizations of Vital Importance (OIV). The goal was to establish a clear diagnosis and an action plan to reach the level of maturity required by authorities.
Context and challenge
The company needed to align with new legal requirements on cybersecurity and operational continuity. However, it lacked a structured reference framework to evaluate readiness against Government CSIRT guidelines.
Applied methodology
- Information gathering through interviews and document review.
- Maturity assessment using the NIST Cybersecurity Framework (CSF).
- Gap identification against the controls required by Law 21.633 and its technical guidelines.
- Design of a prioritized action plan with defined milestones and responsibilities.
- Delivery of executive and technical reports with a clear compliance roadmap.
Results achieved
The assessment enabled the organization to understand its real maturity level in Risk Management, Critical Asset Protection, and Incident Response. A structured improvement plan in three phases was created and is currently under execution with quarterly oversight by the Corporate Security Committee.
“Thanks to Cyber-Tower’s guidance, we translated legal requirements into concrete actions, improving visibility and management of our operational risks.”
Next steps
Based on the results, the company began implementing the NIST CSF Framework as the foundation for its corporate cybersecurity management system and strengthened its internal audit capabilities.