NIS2 Supply Chain

Do your customers ask you how about your cybersecurity and digital resilience? As a supplier to NIS2 companies, you can demonstrate this in an accessible way with the NIS2 Supply Chain certificate (before: NIS2 Quality Mark). Find out how you can obtain the certification.
Discover more
Header imageArrow
Pragmatic quality mark

Pragmatic and accessible

NIS2 Supply Chain was set up as a practical and accessible standard specifically for suppliers of NIS2 organizations. Are your clients subject to NIS2? Then you can expect questions to demonstrate your cybersecurity and digital resilience. With the NIS2 Supply Chain Certificate this is possible in an accessible way
The process

Certification in five steps

1. Pre-registration

Certification starts with a pre-registration at NIS2 Supply Chain. Your organization receives a registration number (required for the audit) and a license to use the NIS2 Supply Chain Logo, to show you are actively working to comply with the standards.

2. Implementing control measures

Based on your risk profile, you implement control measures to increase your cyber resilience. These are based on the chosen version of the NIS2 Supply Chain certificate: Basic (SC10), Substantial (SC20) or High (SC30)

3. Internal pre-audit

With an internal pre-audit you prepare yourself for the external audit. If the control measures are correctly implemented you are ready for the external audit. In this phase, attending the (free) pre-audit webinar of NIS2 Supply Chain is required.

4. External audit

With your registration number (and after attending one of the pre-audit webinars), you can hire an approved auditor for the external audit. Digital Security Instituut is an approved audit partner of NIS2 Supply Chain. Requesting and planning the external audit, is organized through a central organization: Auditplanner.

5. Certificaction

If the external audit is successfully completed, the NIS2 Supply Chain certificate is awarded. The certificate is valid for three years.
External audit

The audit process

What is the process for an external audit?
The auditor will first review the organization's policies, processes and security measures to get an initial picture of compliance with the NIS2 Supply Chain standards.
Depending on the type of organization and scope of the audit, the assessment will be performed. This can be done on-site, remotely or in a combination.
Auditors will focus on the areas with most cyber risks, assessing the technical measures, procedures (e.g. awareness training), and compliance (such as incident reporting).
A report with findings is shared, including improvement points and recommendations. If the audit is successfully completed, the NIS2 Supply Chain certificate will be awarded.

Offer through Auditplanner

Digital Security Institute is an approved audit partner of NIS2 Supply Chain. External audits can be requested via the central Auditplanner.
You can specify your preferred auditor in the request. We would be pleased to perform the external audit for you.

Please make sure you have completed the pre-registration and pre-audit webinar before requesting the external audit.   

If you have additional questions about the proces, please feel free to contact us.
info@digitalsecurityinstituut.nl
HSD Campus
Wilhelmina van Pruisenweg 104
‍2595 AN  Den Haag

Offer and invoicing process

Planning the external audit for your NIS2 Quality Mark certificate follows the below steps (via Auditplanner):

  1. Fill in the request form
  2. Auditplanner calculates the required audit time (based on the characteristics of your organization and the NIS2 Supply Chain requirements)
  3. Auditplanner issues the offer (for your preferred auditor)
  4. After your agreement, you receive a confirmation to sign
  5. Auditplanner will send the invoice
  6. When you have paid the invoice, the audit will be planned
  7. You can plan the exact date / time with your preferred auditor.