NIS2 Supplier Security Assessment
pendingProgress
Documents
0/5 uploaded
Questions
0/10 answered
Review & Send
Pending
Step 1: Document Requirements (0/5)
ISO 27001:2022 Certificate
Valid ISO 27001:2022 certification from accredited body
Data Processing Agreement (DPA)
Signed DPA with Standard Contractual Clauses (SCCs)
Business Continuity Plan
Documentation of business continuity and disaster recovery procedures
Incident Response Procedure
Documentation of security incident handling procedures
Penetration Test Report
Recent penetration test report (within last 12 months)
Step 2: Questions (0/10)
Do you have an Information Security Management System (ISMS) certified to ISO 27001:2022?
Describe your approach to risk management and how you identify, assess, and mitigate cybersecurity risks (NIS2 Art. 21(2)(a)).
What measures do you have in place for incident handling, including detection, response, and recovery procedures? (NIS2 Art. 21(2)(b))
Describe your business continuity and crisis management procedures, including backup management and disaster recovery (NIS2 Art. 21(2)(c)).
How do you ensure supply chain security, including security aspects of relationships with direct suppliers and service providers? (NIS2 Art. 21(2)(d))
Describe your network and information system security measures, including acquisition, development, and maintenance procedures (NIS2 Art. 21(2)(e)).
What policies and procedures do you have for assessing the effectiveness of cybersecurity risk-management measures? (NIS2 Art. 21(2)(f))
Describe your basic cyber hygiene practices and cybersecurity training programs for employees (NIS2 Art. 21(2)(g)).
What is your approach to cryptography and encryption, including key management practices? (NIS2 Art. 21(2)(h))
Describe your human resources security measures, access control policies, and asset management procedures (NIS2 Art. 21(2)(i)).