https://sovereignshift.eu/tags/risk-management/ Recent content in Risk Management on Sovereign Shift Hugo en Wed, 01 Apr 2026 00:00:00 +0000 https://sovereignshift.eu/blog/nis2-ict-third-party-risk-register/ Wed, 01 Apr 2026 00:00:00 +0000 https://sovereignshift.eu/blog/nis2-ict-third-party-risk-register/ <p>NIS2 (Directive 2022/2555) requires organisations in essential and important sectors to implement cybersecurity risk management measures that specifically address &ldquo;supply chain security, including security-related aspects concerning the relationships between each entity and its direct suppliers or service providers&rdquo; (Article 21(2)(d)).</p> <p>This means you need a documented understanding of your ICT third-party dependencies, the risks they introduce, and the measures you have in place to manage those risks. Most organisations call this an ICT third-party risk register.</p>