Incident response

NIS2 Incident Response Plan for ICT suppliers

An incident response plan clarifies who does what, when to escalate, what information to record and how to communicate during a cyber event.

Why clients ask for evidence

Larger or regulated clients increasingly request structured cybersecurity evidence from digital suppliers, especially for services that affect continuity, data, infrastructure or operational resilience.

What to prepare

Prepare scope, service inventory, security policies, cyber risk assessment, incident response plan, vendor register, business continuity material and an evidence checklist.

What to avoid

Avoid vague claims, unadapted templates, missing owners, missing dates and statements that cannot be supported with documents or operational evidence.

How the ReadyKit helps

The guided wizard creates a reviewable document pack that can be adapted by internal teams, consultants, MSPs or auditors before it is shared with clients.

Note: this material supports documentation readiness. It is not certification, legal advice or an official audit.