NIS2 supplier guides
NIS2 supplier questionnaire
Priority questions to ask an SME supplier before a critical relationship.
NIS2 minimum controls checklist
- Privileged MFA - Mandatory MFA on administrators, email, VPN, cloud consoles and development tools.
- Tested backups - Offline or immutable backups, dated restoration test and assigned owner.
- Incident procedure - Severities, contacts, customer escalation timelines, evidence retention and crisis channel.
- Inventory and patching - Critical asset list, CVE tracking, remediation priority and accepted exceptions.
Policy and email templates
Subject: minimum supplier security controls We maintain MFA on privileged access, tested backups, a critical asset register and an incident procedure including customer notification. Exceptions are documented, dated and tracked until remediation.