The Network & Information Security Directive (NIS2) introduces stricter cybersecurity and risk management obligations for organisations across the EU. Ensuring your third parties comply with these requirements is critical to maintaining a secure and resilient supply chain.

Our NIS2 Compliance Assessment Questionnaire provides a structured and best-practice approach to assessing your third parties’ adherence to NIS2 requirements. Aligned with ISO 27001 and the NIS2 Quality Mark level 30, this questionnaire helps organisations streamline their compliance processes, reduce risk, and improve oversight of their external partners.

Key features of the NIS2 third-party assessment template

• Comprehensive coverage – Questions are designed to assess key aspects of NIS2 compliance, ensuring a thorough evaluation of third-party security practices.
• Clear purpose – Each question is mapped to specific NIS2 obligations to provide clarity on its intent and relevance.
• Required evidence – Respondents must provide supporting documentation or proof where necessary to validate compliance claims.
• References – Each question is linked to relevant controls of the ISO 27001 and NIS2 Quality Mark, offering transparency and traceability.
• Weighting of questions – A risk-based approach assigns different weights to questions, prioritising critical compliance areas.
• Comments & attachments – Respondents can add explanations or upload supporting documents for more detailed assessments.

This resource is designed for organisations looking to efficiently assess, benchmark, and improve their third parties' cybersecurity posture while ensuring compliance with NIS2 regulations.