Skip to content

NIS2 Quality Mark

For companies in the supply chain, it is important to demonstrate to your customers that your cybersecurity is in order. You need to provide proof of this. You can do so through NIS2 QM certification—a practical standard for SMEs. This shows your larger clients, who fall directly under NIS2, that you are a secure supplier.

 

The NIS2 Quality Mark has been specifically developed for SMEs and is recommended by leading cybersecurity firms and industry associations.

How does certification work?

Get your NIS2 Quality Mark now!

There are many benefits to getting started. It increases your own security, reduces your risk of incidents, and shows your larger clients that you are actively working on cybersecurity.

Pre-register now
scroll

Secure work environment

Acting consciously reduces risks.

The importance of the NIS2 Quality Mark

Companies that obtain the NIS2 Quality Mark demonstrate that they meet the stricter requirements of the NIS2 directive. Proven cybersecurity through this certification also makes it easier to obtain cyber insurance. Banks also take this into account when granting loans to SMEs. Furthermore, cybersecurity has now become a standard part of the risk assessment when selling your business.

 

The NIS2 Quality Mark is your “license to operate”.

The NIS2 Quality Mark: achievable and scalable

The NIS2 Quality Mark is a practical and scalable standard. With a modular system comprising three levels (QM10, QM20, and QM30), companies can implement the appropriate level of security measures tailored to their risk.

NIS2-QM10 BASIC

For SMEs with a limited risk that supply directly to NIS2-obligated entities.

NIS2-QM10 (Full version)
NIS2-QM10 (Short version)

NIS2-QM20 SUBSTANTIAL

For companies with increased risks due to their role or access to sensitive data, and that supply directly to NIS2-obligated entities.

NIS2-QM20 (Full version)
NIS2-QM20 (Short version)

NIS2-QM30 HIGH

For critical companies in the supply chain that pose a significant risk of disruption in the event of cyber incidents and that supply directly to NIS2-obligated entities.

NIS2-QM30 (Full version)
NIS2-QM30 (Short version)

Our experts are ready to assist you

Whether you are just starting your NIS2 journey or have already made significant progress, our experts are happy to assist you. With knowledge of both the legislation and practical experience, they will work with you to find the right approach for your organisation. This way, you enter the certification process well-prepared and with confidence.

Contact us

Which companies are suppliers under NIS2?

It is the essential and important NIS2 entities themselves who determine which direct suppliers pose a risk. With the NIS2 Quality Mark, they can easily comply with this obligation. If you want to learn more about NIS2 or find out whether you will be affected by it, attend a webinar at Samen Digitaal Veilig.
Below is an overview of examples of suppliers who may fall under NIS2:

Companies in ICT and networking
  • IT service providers
  • Managed Service Providers (MSPs)
  • Cloud providers
  • Data centres
  • Network companies
  • Cybersecurity companies
  • Software developers
  • SaaS providers
  • Hosting providers
  • Telecom companies
  • IT audit firms
  • Etcetera.
Companies that manufacture products containing operational technology (OT)
  • Industry, manufacturing & infrastructure
  • Machine builders
  • Industrial automation companies (OT/ICS)
  • Suppliers of production lines
  • Suppliers of industrial components
  • Parts suppliers
  • 3D printing companies
  • Energy and water managers
  • Smart technologies (IoT)
  • Factory automation specialists
  • Technical maintenance companies
  • Etcetera.
Companies that provide on-site services to large companies
  • Suppliers of food processing machinery
  • Packaging industry
  • Refrigerated transport and warehouse management companies that pose a risk in the supply chain.
  • Additionally, railway logistics, container terminals, and supply chain management companies can also pose a risk.
  • Etcetera.
Companies connected to NIS2 entities via EDI:
  • Raw material suppliers
  • Semi-finished product suppliers
  • Chemical suppliers
  • Transport companies
  • Logistics service providers
  • Shipping companies
  • Aviation suppliers
  • Etcetera.
Other companies

All companies that create digital, physical, or operational dependencies within the supply chain of an essential or important NIS2-obligated entity must demonstrably operate securely in case of a risk.

What certificates are required?

If your company supplies large organisations that, in turn, supply NIS2 entities, or if you supply directly to NIS2 entities, then NIS2-QM10 is the certification standard you can use to demonstrate compliance with the required security standards. This is the standard norm for most companies active in the supply chain.

Obtain the NIS2 Quality Mark

Our partners are available to provide you with support

Overview of our partners

Questions? We have the answers!

Frequently Asked Questions

NIS2 is all about managing risks

When a supplier is insufficiently secured, this can pose a risk to the NIS2 companies they serve directly or indirectly. This may lead to vulnerabilities in IT, digital communication, physical infrastructure, electronic data interchange (EDI), supply and ordering systems, and even in products containing operational technology (OT) software. OT software controls machines, whether or not they are connected to the internet. Since NIS2 adopts an ‘all hazards’ approach, various types of risks are considered, not just those related to IT.

The key rule of thumb is: the greater the impact of your products or services on your customer, the higher the risk you pose, and consequently, the higher the standard you must meet. For most SMEs in the supply chain, the NIS2-QM10 certificate is sufficient. So, do you supply companies that themselves supply NIS2 entities, or do you supply directly to an NIS2 organisation? And are you not an IT or OT company? Then NIS2-QM10 is the minimum certification standard to demonstrate that your company has implemented adequate security measures.

If you believe your company may pose a higher risk—for example, because you have access to highly sensitive data, your product is an essential component for your customer, or your product is difficult to replace—discuss a possible higher certification standard with your customer. If you are unsure whether you need a higher-level certificate, please contact the support desk for advice.