NIS2 supplier guides

SME security checklist for NIS2

Realistic minimum controls for an SME that needs to reassure customers.

NIS2 minimum controls checklist

• Tested backups - Offline or immutable backups, dated restoration test and assigned owner.
• Incident procedure - Severities, contacts, customer escalation timelines, evidence retention and crisis channel.
• Inventory and patching - Critical asset list, CVE tracking, remediation priority and accepted exceptions.
• Supplier control - Listed subcontractors, minimum clauses, data location and security contacts.

Policy and email templates

Hello, As part of our NIS2 review, please confirm within 10 days that MFA is active on administrator accounts, VPN, email and cloud consoles. If any scope remains excluded, please share the target date and compensating control. Regards,

Start the questionnaire