Move supplier assurance off spreadsheets. Private pilot opening soon.→ Join the pilot
SHARDSCybersecuritySupply Chain Assurance · NIS2
Partners · Three channels

For auditors, MSPs and MSSPs, consultants and vCISOs.

Three distinct partner channels, each scoped to how the partner already operates. Productized engagements with transparent referral economics — no minimum volume, no exclusivity, no marketing co-op nonsense. Pick the section that matches you.

1.0 / Auditors

For NIS2 auditors.

Your clients have an Article 21(2)(d) gap. We close it in a way that holds up in the audit chair you sit in.

Why your clients need this — and why it makes your engagements easier

  • Decision-trace and signed evidence packs your audits can rely on — hash-anchored at the moment of approval, immune to silent post-hoc edits
  • Article-anchored gap reports map cleanly to NIS2 control requirements your engagement letter already references
  • Sub-processor lists and DPA templates ready to drop into a vendor-management workpaper
  • Reusable evidence library so the same supplier evidence does not have to be re-collected for every audit cycle
Referral economics

Share of engagement fee on closed work, paid on completion. No minimum volume. No exclusivity. Attribution by introduction email or co-discovery call — whichever fits your existing client-handling model. Specific percentages confirmed in writing during the partner conversation.

The pitch you make to your client is short: your supplier-assurance gap is what the auditor will ask about; here is a productized engagement that closes it in three weeks for a fixed fee, with evidence I can use in your next audit cycle.

Talk to the founder about a referral conversation
2.0 / MSPs / MSSPs

For MSPs and MSSPs.

The dual angle — regulated yourself, and supplier-side to regulated buyers. Both surfaces fit.

Two surfaces, one platform

  • You are likely regulated yourself under NIS2 Annex I (digital infrastructure / ICT services) — the platform handles your own buyer-side supplier obligations
  • You are also a supplier to NIS2-regulated buyers — assurance questionnaires arrive with increasing frequency. The supplier-side surface gives you a reusable evidence library so you answer once, share many
  • Co-delivery: you take the productized Assessment engagement to your client base, scoped to your billing model. Shards delivers the practitioner work; you keep the client relationship
  • Cross-references with your existing service catalogue — supplier-assurance is the gap in most MSP / MSSP offerings, this is the productized fill
Explore the partner channel
3.0 / Consultants / vCISOs

For consultants and vCISOs.

The productized supply-chain piece in your broader NIS2 engagement, on clean referral mechanics.

When the Assessment makes sense as part of your engagement

  • When you are running a broader NIS2 programme for a client, the Supplier Exposure Assessment is the productized "what about supply chain?" answer — fixed scope, fixed price, no day-rate sprawl on your side
  • When the gap is bigger than a one-off engagement, the Qualified Manager retainer is the named-accountability handoff your client needs and you cannot keep delivering forever
  • Referral mechanics: share of engagement fee on closed work, no minimum volume, attribution by introduction email or co-discovery call
  • For vCISOs specifically: keep the strategic relationship; we handle the productized evidence-collection and decision-trace work that is uneconomic at vCISO day rates
Talk to us about partner mechanics
4.0 / Talk to us

One discovery call covers any of the three channels.

30 minutes. NDA-first. We will tell you up front whether the partner relationship makes sense for your client base or whether something else fits better.