For auditors, MSPs and MSSPs, consultants and vCISOs.
Three distinct partner channels, each scoped to how the partner already operates. Productized engagements with transparent referral economics — no minimum volume, no exclusivity, no marketing co-op nonsense. Pick the section that matches you.
For NIS2 auditors.
Your clients have an Article 21(2)(d) gap. We close it in a way that holds up in the audit chair you sit in.
Why your clients need this — and why it makes your engagements easier
- Decision-trace and signed evidence packs your audits can rely on — hash-anchored at the moment of approval, immune to silent post-hoc edits
- Article-anchored gap reports map cleanly to NIS2 control requirements your engagement letter already references
- Sub-processor lists and DPA templates ready to drop into a vendor-management workpaper
- Reusable evidence library so the same supplier evidence does not have to be re-collected for every audit cycle
Share of engagement fee on closed work, paid on completion. No minimum volume. No exclusivity. Attribution by introduction email or co-discovery call — whichever fits your existing client-handling model. Specific percentages confirmed in writing during the partner conversation.
The pitch you make to your client is short: your supplier-assurance gap is what the auditor will ask about; here is a productized engagement that closes it in three weeks for a fixed fee, with evidence I can use in your next audit cycle.
Talk to the founder about a referral conversationFor MSPs and MSSPs.
The dual angle — regulated yourself, and supplier-side to regulated buyers. Both surfaces fit.
Two surfaces, one platform
- You are likely regulated yourself under NIS2 Annex I (digital infrastructure / ICT services) — the platform handles your own buyer-side supplier obligations
- You are also a supplier to NIS2-regulated buyers — assurance questionnaires arrive with increasing frequency. The supplier-side surface gives you a reusable evidence library so you answer once, share many
- Co-delivery: you take the productized Assessment engagement to your client base, scoped to your billing model. Shards delivers the practitioner work; you keep the client relationship
- Cross-references with your existing service catalogue — supplier-assurance is the gap in most MSP / MSSP offerings, this is the productized fill
Your own NIS2 obligations as a regulated entity.
Read the sector pageReusable evidence library — answer customer questionnaires once.
See the supplier storyFor consultants and vCISOs.
The productized supply-chain piece in your broader NIS2 engagement, on clean referral mechanics.
When the Assessment makes sense as part of your engagement
- When you are running a broader NIS2 programme for a client, the Supplier Exposure Assessment is the productized "what about supply chain?" answer — fixed scope, fixed price, no day-rate sprawl on your side
- When the gap is bigger than a one-off engagement, the Qualified Manager retainer is the named-accountability handoff your client needs and you cannot keep delivering forever
- Referral mechanics: share of engagement fee on closed work, no minimum volume, attribution by introduction email or co-discovery call
- For vCISOs specifically: keep the strategic relationship; we handle the productized evidence-collection and decision-trace work that is uneconomic at vCISO day rates
One discovery call covers any of the three channels.
30 minutes. NDA-first. We will tell you up front whether the partner relationship makes sense for your client base or whether something else fits better.