Move supplier assurance off spreadsheets. Private pilot opening soon.→ Join the pilot
SHARDSCybersecurityDriving Security Forward
For suppliers

When your customer needs your security evidence.

If your customer is using Shards Supply Chain Assurance, you'll receive request packs from them via this platform. This page explains what to expect, how to navigate it, and how to make next year's assessment easier than this year's.

Get in touchSee the buyer side →
Why this is happening

Your customer is preparing for NIS2 — and you're in their supply chain.

Most likely your customer is preparing for NIS2 compliance, or another framework like DORA, ISO 27001 supplier provisions, or their own internal risk programme. They need documented evidence of how their suppliers — including you — manage cybersecurity.

Article 21(2)(d) of NIS2 specifically requires regulated entities to assess the cybersecurity posture of their suppliers and document the evidence behind those decisions. This isn't bureaucracy for its own sake — it's a real shift in how supply chain assurance works in the EU, and it's affecting every supplier of every regulated business.

What you'll see

A clear list of what's being asked — and when it's due.

  • Evidence items your customer has requested (e.g. ISO 27001 certificate, sub-processor list, privileged-access policy)
  • Clear deadlines for each item
  • Upload directly, or link a URL where the evidence already lives
  • A note field for context the reviewer should know
  • Save as draft — your progress is kept if you get interrupted

You see only what's been requested of you. You don't see other suppliers' submissions.

PreviewSupplier view of a request pack showing evidence items and deadlines
PreviewBuyer reviewing supplier submitted evidence — the review your customer sees
What your customer sees

Your submission. Their review. Both sides in sync.

Your customer's reviewers see only your submission — not anything you've sent to other customers. They work through the evidence you've uploaded, mark items approved or send them back for clarification, and you see every update in your dashboard.

No more chasing email threads. No more wondering if your documents arrived. The review is tracked, both sides can see the status, and you get notified when something needs attention.

The value to you

It gets easier every time.

Answer once, reuse across customers.

When you upload evidence to one customer's pack, the platform remembers. Next time another customer asks for the same artefact, you can reuse it with one action. No more re-keying the same answers across five different vendor questionnaires.

Predictable review loop.

You see when your customer reviewed each item, what they approved, and what they sent back for clarification. No more "did they get my email?" loops.

Build a posture portfolio.

Over time, your evidence library becomes a reusable asset — useful for new customer assessments, audit prep, and your own internal review.

Getting started

Your customer invites you. You click through.

You'll receive an email invitation from your customer. Click through, set up your account, and you'll see their request pack ready for you. We don't onboard suppliers proactively — your customer initiates the relationship.

If you're expecting requests but haven't received an invitation, ask your customer's compliance contact to invite you, or reach out to us directly.

hello@shardscybersecurity.io
Are you also a buyer?

Many of our customers started as suppliers.

If you also run your own supplier assurance programme — managing the risk in your own supply chain — the same Shards platform serves the buyer side too. The companies that answer assessments today are often the ones sending them tomorrow.

Learn more about Supply Chain Assurance →