ICT supplier guide

NIS2 documents for ICT suppliers: what to prepare before clients ask

When a client affected by NIS2 asks for cyber evidence, an ICT supplier needs clear, consistent and reviewable documentation. This guide explains what to prepare before the questionnaire arrives.

Why clients ask for evidence

Larger or regulated clients increasingly request structured cybersecurity evidence from digital suppliers, especially for services that affect continuity, data, infrastructure or operational resilience.

What to prepare

Prepare scope, service inventory, security policies, cyber risk assessment, incident response plan, vendor register, business continuity material and an evidence checklist.

What to avoid

Avoid vague claims, unadapted templates, missing owners, missing dates and statements that cannot be supported with documents or operational evidence.

How the ReadyKit helps

The guided wizard creates a reviewable document pack that can be adapted by internal teams, consultants, MSPs or auditors before it is shared with clients.

Note: this material supports documentation readiness. It is not certification, legal advice or an official audit.