1.9 KiB
| title | language | proposition | audience | channels | linkedin-account | content-type | status | notetype | isotags | tags | |||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Do you supply EU customers in vital sectors? | en | advisory |
|
personal |
|
draft | publication |
Do you supply EU customers in vital sectors? They will send you this checklist.
The EU Cybersecurity Act (NIS2) is now being implemented across member states of the European Union. One of its core requirements: supply chain responsibility. Organizations that fall under the law are legally obligated to assess the security posture of their suppliers — and to contractually enforce minimum standards.
That means if you supply to organizations in sectors that have been marked 'essential' or 'important' — like energy, healthcare, manufacturing, food, B2B IT services and cloud computing —, your customers will be asking you to demonstrate that your information security is in order. Not as a choice, but because the law requires them to. (full list of sectors here)
They will check for the minimum measures listed in Art. 21(2):
- risk analysis, incident response procedures, and business continuity plans, covering cyber scenarios;
- management of effectiveness of cybersecurity measures;
- supply chain security and security in network and information systems acquisition;
- training of personnel and HR security;
- access control policies and asset management;
- cryptography, encryption, and the use of multi-factor authentication.
You don't need to be certified. But you do need to be able to answer these questions — on paper, not just in your head. Have your answers ready!
You can find an interactive checklist on our site. If the checklist raises any questions on how to continue, I'm happy to spend an hour with you.