NIS2 in practice
Clear guidance for security and procurement teams — what NIS2 requires and how to implement it in practice.
NIS2 and the supply chain requirement — what it means in practice
NIS2 requires significant and important entities to assess their supply chain cyber risks. Supplier tiering, 4th-party risk, Art. 23 notification, and what auditors look for.
12 min read
NIS2 Art. 21(2) — supplier security checklist
Checklist for procurement and security teams: what to ask, what evidence to collect, and how to respond when a supplier falls short. Includes suggested evidence documents.
9 min read
Supplier cyber risk assessment: what automated NIS2 monitoring checks
All check categories explained: ransomware, dark web leaks, TLS/DNSSEC, cookie security, CVE/EPSS, sanctions, MX blacklists and SAQ. Finding lifecycle and NIS2 article mapping.
10 min read
Who is in scope for NIS2? Essential vs important entities, sectors and size thresholds
Determine whether NIS2 applies to you: the two tiers, the Annex I/II sectors, the size thresholds, size-independent exceptions, and how the supply chain pulls you in even if you're not designated.
8 min read
NIS2 supplier questionnaire (SAQ): what to ask, how to score it, and a free template
What to ask suppliers under Art. 21(2)(d), how to score answers and respond to gaps, why self-attestation needs verification, and a free copy-paste questionnaire template.
9 min read
NIS2 vs DORA: how they differ, where they overlap, and which one applies to you
How the two EU regimes differ and overlap, why DORA is lex specialis for financial entities, which applies to you, and what both mean for third-party and supply-chain risk.
8 min read
Want automated NIS2 supplier monitoring?
norppa.io checks your suppliers daily and produces a monthly NIS2 compliance report. From €249/mo.