Blog — Supplier Risk Guides for Nordic and EU Teams

NIS2

NIS2 and supplier risk: what Nordic IT managers actually need to do

A practical breakdown of Article 21 supply chain requirements, what evidence auditors expect, and how to build a repeatable programme without a full GRC suite.

10 min readRead →

GDPR

GDPR Article 28 processor assessments: a practical checklist

What Article 28 actually requires, how to structure your data processor due diligence, and a ready-made assessment template to get you started.

8 min readRead →

ISO 27001

ISO 27001:2022 and supplier relationships: clauses 5.19 to 5.22

The 2022 revision made supplier risk controls significantly more demanding. Here's what changed and how to demonstrate compliance in your next audit.

9 min readRead →

Operations

How to prioritise your supplier risk backlog without burning out

When you have 50 suppliers and limited time, you can't assess them all equally. Here's a practical framework for deciding where to start and how to keep moving.

7 min readRead →

Risk management

Residual risk explained: why closing findings matters more than scores

A risk score tells you where you are. Residual risk tracks whether you're actually getting better. Here's the difference and why it matters for management reporting.

6 min readRead →

Supplier risk guides

NIS2 and supplier risk: what Nordic IT managers actually need to do

GDPR Article 28 processor assessments: a practical checklist

ISO 27001:2022 and supplier relationships: clauses 5.19 to 5.22

How to prioritise your supplier risk backlog without burning out

Residual risk explained: why closing findings matters more than scores

Start your supplier risk programme