For audit firms, consultancies and law firms
Win and deliver NIS2 work without building it from scratch.
Around 6,000 entities are in scope, with a 24-month window. Each must audit its supplier chain's cybersecurity, continuously. foraudits is the engine your team uses to deliver it, under your brand.
The opportunity
The demand exists, the capacity to serve it does not.
Regulation 756/2026 placed supply-chain security among the mandatory minimum measures. Every one of these entities will need someone to run it. The question is who has the engine to do it at scale.
6,000 mandates, a clock ticking
The obligation is continuous, not a one-off project. Every in-scope entity comes back every year. Whoever has the engine captures recurring demand, not stray work.
It does not scale with headcount
Assessing a supplier chain by hand takes weeks per client. Multiply that across a full portfolio and you have to hire specialists the market cannot supply.
The large firms take the top end
Without their own tooling, smaller audit firms and law firms are shut out of the larger mandates. Owning an engine reverses that disadvantage.
The engine
end-to-end automation of reports and follow-up
The same audit engine already running in production in the energy sector, now applied to the chain's cybersecurity controls. Every step leaves an audit trail.
What your team operates
One process, four steps
Everything you need to run a chain assessment from start to finish, without leaving the platform.
How you deliver
The white-label engine, operated by your team.
We license the engine white-label. Your team runs the assessments, the relationship and margin stay with you, and foraudits becomes the infrastructure beneath your compliance practice. We do not sell to your clients or run the assessment in your place.
Why license
The relationship stays with you, so does the margin.
We do not sell to your clients. We sell you the infrastructure to serve them better, faster and at a higher margin.
White-label
The platform runs under your brand. The client sees your practice, not ours. Reports go out with your logo.
Margin that stays with you
You bill the project to the client, the engine costs a fraction. The difference is yours, with no revenue share.
More projects, same team
Automated questionnaires, evidence and reports. Your team runs assessments in hours, not weeks, and takes on projects it would otherwise turn away.
Who it is for
Who delivers NIS2 supply-chain compliance.
If you have in-scope clients or the authority to advise them, the engine fits your practice.
Law firms
You have the legal mandate and the trusted relationship. What you lack is the tooling to operationalise the supply-chain security obligation. License the engine and deliver execution, not just the opinion.
Cybersecurity consultancies
You know the controls and the QNRCS. The engine turns that knowledge into delivery at scale, with automated questionnaires, evidence and scoring.
Audit and TIC firms
You already run audits and compliance assessments. Add NIS2 supply chain to the catalogue without building a platform from scratch.
Built on the right frameworks
Mapped to what authorities and buyers already use.
Controls are mapped to recognised frameworks, so the evidence your team collects serves more than one audit. Authority: CNCS. Accredited certification: IPAC.
Per project or per platform subscription.
Two models, depending on whether you run occasional projects or build a recurring practice. Indicative pricing, under validation.
from € 990
per entity- Pay per entity run on the platform
- No volume commitment, no revenue-share
- Reports under your brand
- Ideal to start and validate demand
- Annual white-label platform access
- Usage tier scaled to the volume of entities and suppliers
- Margin and the client relationship stay with you
- Team onboarding and training included
Frequently asked questions
Does foraudits compete with my practice for clients?
No. foraudits sells the engine to your practice, never to your clients. The platform runs white-label, your team operates the assessments, and the relationship and margin stay with you. foraudits does not run assessments in your place or hold a relationship with your clients.
Does foraudits run the assessments for me?
No. foraudits is the infrastructure your team operates, not a service that replaces it. We never run the assessment in your place or contact your clients. When a client needs to submit information or evidence, they do it through the portal that runs under your brand.
Is the engine really white-label?
Yes. The platform runs under your brand and reports go out with your logo. The client sees your practice, not foraudits.
Does foraudits issue compliance certificates?
No, and neither do the reports your team produces. Formal certification is done by bodies accredited by IPAC. foraudits prepares, maps and organises evidence and produces readiness reports. For formal certification we refer to accredited partners.
How long does it take to set up the operation?
We give you a white-label workspace and training, and your team becomes independent at running assessments. The engine already runs in production in the energy sector, so you are not betting on something unbuilt.
Which frameworks are the controls mapped to?
To the QNRCS, created by Regulation 756/2026, cross-referenced with NIST CSF 2.0, ISO/IEC 27001 and ISO/IEC 27036. That way the evidence collected serves more than a single audit.
Is there territory or sector exclusivity?
The model is under validation and we design the terms with you in the partnership conversation. There is no revenue share on the indicated figures.
This content is informational and does not constitute legal advice. Each entity's actual qualification depends on its activity and size. foraudits is not an accredited certification body: it prepares, maps and organises evidence and produces readiness reports. For formal certification it refers to bodies accredited by IPAC. Commercial figures are indicative, under validation. foraudits provides the technology the auditor operates; it does not run assessments or hold a relationship with the auditor's clients.
Let's talk about a partnership.
We show you the engine and design the white-label partnership that fits your practice.