Cybersecurity reporter Jan Meijroos spoke with Peter Noordhoek, Secretary-General of the Foundation for Quality Innovation, the holder of the NIS2 Quality Mark.
Peter, tell us about the NIS2 Quality Mark.
Peter: “Nearly two years ago, in December 2022, the EU published the NIS2 Directive. Based on this text, the NIS2 Quality Mark, a new standard, has been developed and deployed since the end of 2023. We are almost at the end of our first year. This standard, with a focus on the supply chain, helps companies take measures to prepare for NIS2.
If you obtain the NIS2 Quality Mark certification, you can say that, just like with ISO27001, you are making significant strides toward NIS2 compliance through the implementation of the NIS2 Quality Mark. This ensures you are well-prepared for the NIS2.”
Does this mean you’re fully compliant and ready for NIS2?
Peter: “Not quite yet, as each country makes its own interpretation of the directive, creating slight gaps. But this is as close as you can get at the moment.”
How are you promoting the NIS2 Quality Mark?
Peter: “It’s going very well. The NIS2 Quality Mark has already been adopted by 64 Duch business associations and trade organizations, including TLN, BOVAG, Techniek Nederland, NEVI, and Bouwend Nederland. Together, these associations represent over 100,000 companies. In addition, we collaborate with 50 knowledge and market parties such as EY, BDO, Forvis Mazars, KPN, ABN AMRO, Bitsight, Northwave, and others. These prominent names are introducing the NIS2 Quality Mark to their large and small clients.
You, as our largest partner, the Dutch platform Samen Digitaal Veilig, are an initiative by industry organizations to support their members in the field of cybersecurity, which is very important to us. You’re also featured on our website, along with others.
The major players in cybersecurity are involved because they, too, were already working on interpreting NIS2. When comparing the European text with ISO27001, around 50-60 ISO controls seem to align. The same applies to CIS and the NIST framework: many similar measures. Now, if they wish, they can use an additional standard, the NIS2 Quality Mark. This is the standard for preparing for NIS2 in a uniform manner.”
How does one obtain an NIS2 Quality Mark certificate?
Peter: “Auditable quality is built into the NIS2 Quality Mark. The process of developing, compiling, and validating was challenging, but with the help of five teams, more than 20 experts, and the cooperation of well-known audit and consulting organizations, we created the standard, which is now also auditable. The auditing firms that conduct these audits are listed on our website.
The NIS2 Quality Mark focuses on suppliers of NIS2 companies and, therefore, includes three levels. Not every supplier carries the same risk profile for the supply chain. A supplier who is relatively easy to replace has a lower risk profile than a supplier whose absence would immediately halt your production or service.
The world of cybersecurity changes quickly. This new standard, launched on October 31, 2023, was already made available on October 10, 2024, for all countries in Europe. The Netherlands is the 5th largest exporter and the 8th largest importer globally. Our companies can now collaborate with their European customers and suppliers according to this new standard, which aligns more closely with NIS2 than any other standard.
Nice, isn’t it?”
Peter, thank you for this information. This seems like an excellent step for SMEs.