flattened posts folder

marketing/publications/posts/Do you supply EU customers.md

@@ -0,0 +1,41 @@
+---
+title: "Do you supply EU customers in vital sectors?"
+language: en
+
+proposition: advisory
+
+audience:
+  - msp
+
+channels:
+  - linkedin
+linkedin-account: personal
+
+content-type:
+  - post
+
+status: draft
+
+notetype: publication
+isotags: []
+tags: []
+---
+
+**Do you supply EU customers in vital sectors? They will send you this checklist.**
+
+The EU Cybersecurity Act (NIS2) is now being implemented across member states of the European Union. One of its core requirements: supply chain responsibility. Organizations that fall under the law are legally obligated to assess the security posture of their suppliers — and to contractually enforce minimum standards.
+
+That means if you supply to organizations in sectors that have been marked 'essential' or 'important' — like energy, healthcare, manufacturing, food, B2B IT services and cloud computing —, your customers will be asking you to demonstrate that your information security is in order. Not as a choice, but because the law requires them to. (full list of sectors [here](../../../../Corpus/Standards/NIS%202%20Cbw/NIS%202%20Scope.md))
+
+They will check for the minimum measures listed in Art. 21(2):
+
+- risk analysis, incident response procedures, and business continuity plans, covering cyber scenarios;
+- management of effectiveness of cybersecurity measures;
+- supply chain security and security in network and information systems acquisition;
+- training of personnel and HR security;
+- access control policies and asset management;
+- cryptography, encryption, and the use of multi-factor authentication.
+
+You don't need to be certified. But you do need to be able to answer these questions — on paper, not just in your head. Have your answers ready!
+
+You can find an interactive checklist [on our site](https://iso27diy.com/assets/nis2-checklist.html). If the checklist raises any questions on how to continue, I'm happy to spend an hour with you.