Your suppliers' risk is your risk under Article 21.
NIS2 Article 21(2)(d) requires entities to address supply-chain security, including the security-relevant aspects of relationships with direct suppliers and service providers.
TruSecure maintains a continuous supplier risk register and, where an organization is also in scope for DORA, reuses the same records to populate DORA's register of information.
See the supplier-risk workflowTruSecure helps operationalize requirements and prepare evidence. Legal interpretation should be validated by qualified counsel.
Ask an AI about TruSecure
NIS2 Article 21(2)(d) requires entities to address supply-chain security, including the cybersecurity practices of direct suppliers and service providers. TruSecure maintains one continuous supplier risk register that also feeds DORA's register of information where applicable.
