NIS2 Supply Chain: proof that your cybersecurity is on point
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum by sit amet, consectetur adipiscing elit, sed do eusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Dis aute irure door in reprehenderit in voluptate velit se cillum dolore eu fugiat nulla pariatur.
Block quote
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript
Heading 1
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
Lorem ipsum by sit amet, consectetur adipiscing elit, sed do eusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Dis aute irure door in reprehenderit in voluptate velit se cillum dolore eu fugiat nulla pariatur.
Block quote
Ordered list
- Item 1
- Item 2
- Item 3
Unordered list
- Item A
- Item B
- Item C
Bold text
Emphasis
Superscript
Subscript
What is the NIS2 Supply Chain Certificate?
It NIS2 Supply Chain Certificate is a label that shows that your organization meets the cybersecurity requirements of the NIS2 directive. This label helps you demonstrate to customers and partners that you meet the required security standards. The system has three levels: SC10 (basic level), SC20 (substantial level) and SC30 (high level), so that organizations can take measures that are appropriate to their risks and business activities. The higher the level, the more requirements there are for your organization. As you can see in the table below, a ISO 27001-certificate more than sufficient to meet all levels of the NIS2 Supply Chain certificate (QM = SC).
Why is the NIS2 Supply Chain Certificate important?
NICHE 2 places the responsibility for chain security on NIS2 organizations. They must ensure that their suppliers also take the appropriate cybersecurity measures. For suppliers, this means that they must be able to prove that their security is in order. The NIS2 Supply Chain certificate provides this assurance and verifies compliance with NIS2. The greater the impact of your services on customers, the more requirements you have to meet.
The three levels of the NIS2 Supply Chain Certificate
✅ SC10 — Basic Measures
This level focuses on fundamental security measures such as:
- Cyber security policy with clear responsibilities.
- Multi-factor authentication and strict access rights
- Incident Management and Monitoring.
- Regular updates and malware protection.
- Employee awareness and training.
Does your organization provide services to a NIS2 company, but are you not required to register yourself? Dan is SC10 usually sufficient to show that you have the basics of cybersecurity in order. This applies to most SMEs. Download here all requirements within the SC10.
✅ SC20 — Comprehensive Security
In addition to the SC10 requirements, additional measures apply such as:
- Classification of information and stricter data security.
- Security requirements in contracts with suppliers
- Stricter monitoring and control of user accounts.
- Encryption and secure communication channels
- Regular internal audits of security measures.
Does your organization offer ICT or OT services on? Then it may be that your customer SC20 or even SC30 demands. This depends on the risk and impact of your service on the availability, integrity and confidentiality (BIV) of their systems. Download here all requirements within the SC20.
✅ SC30 — Advanced Cybersecurity
The highest level with additional control measures such as:
- OT system management and security.
- Strict requirements for cloud services and suppliers.
- Secure software development and application testing.
- Digital forensic evidence procedures.
- Independent external security audits.
Does your organization fall directly under the NIS2 legislation and are you subject to registration? Dan is SC30 minimally required. In addition, additional certification, such as ISO 27001, NEN 7510 or IEC 62443, highly recommended. Download here all requirements within the SC30.
How long does a certification audit take?
The table below shows how long a NIS2 Supply Chain certificate certification audit takes (QM = SC). Do you already have an ISO 27001 or NEN 7510 certification? Then you will be exempted from specific requirements that are already covered therein.
The certificate is valid for 3 years and is issued by the Quality Innovation Foundation, which also publishes the certificate in a central register.
How can we help?
Do you want to know where your organization stands and what steps are necessary to comply with the NIS2 or it NIS2 Supply Chain Certificate to achieve? We help you with:
- One GAP analysis — An analysis with concrete recommendations to meet the requirements.
- Implementation guidance — Help in implementing the necessary measures and obtaining the label.
Do you want immediate insight into your cybersecurity status and be prepared for the NIS2 requirements? Feel free to contact us and find out how we can help you. 🚀
