For firms and consultancies, white-label licensing
The engine under your compliance practice.
Law firms and cybersecurity consultancies have the regulated clients and the authority. What is missing is tooling to deliver at scale. License foraudits' engine white-label, run chain assessments in hours and keep the relationship and the margin. The infrastructure is ours, the client is yours.
The context
Too much demand, too little tooling.
Decree-Law 125/2025, of 4 December, approved the Cybersecurity Legal Regime and transposed NIS2, in force since 3 April 2026. Regulation 756/2026 set out the minimum measures, and supply-chain security is one of them: every essential or important entity must assess each direct supplier's vulnerabilities and the maturity of its chain, on a continuous basis. That is around 6,000 entities in scope, each with dozens to hundreds of suppliers, and a 24-month window. The demand for people who can deliver this already exists. What does not exist is the capacity to serve it by hand.
You have the clients, not the tool
You are already the legal or cybersecurity advisor to these companies. What you lack is the engine that turns a supplier chain into an auditable process, instead of one more project run in spreadsheets.
Building from scratch does not pay off
Developing questionnaires, QNRCS mapping, an audit-trailed evidence repository and continuous scoring is months of engineering and permanent maintenance. That is not your business, it is ours.
Turning projects away costs you your position
Without capacity to deliver at scale, you either refuse work or subcontract and lose margin and control of the relationship. Neither defends your position against the big four.
The platform, under your brand
A white-label, multi-client workspace, ready to operate.
The same audit engine already running in production in the energy sector, now applied to the chain's cybersecurity controls, with your brand in front and our infrastructure underneath.
What your team operates
From supplier register to report, without friction.
Your team runs the process. The platform does the repeatable work: enrich, ask, collect, score and report.
What you get
The relationship stays with you. So does the margin.
We sell the infrastructure, not your clients. What you build on top is yours.
White-label end to end
The platform, the questionnaires and the reports go out under your brand. The client sees your practice, not ours. We stay invisible, underneath.
Healthy margin, no revenue share
You bill the project to the client at your price; the tool costs a fraction. We take no percentage of your billing. The difference is entirely yours.
Assessments in hours, not weeks
Automated questionnaires, evidence collection and reports. Your team runs chain assessments in hours and takes on more projects with the same people.
How we work
No channel conflict.
We are the infrastructure under your practice, not a competitor in disguise. The projects we cannot deliver, we refer to you.
Two models. Neither takes a percentage of your billing.
Pick the one that fits your practice. Indicative pricing, under validation.
€ 1,000 to € 3,000 per entity
You pay for each entity run on the platform, between € 1,000 and € 3,000 depending on the size and complexity of the chain. Ideal to start, with no annual commitment, and to test the model with your first clients.€ 15,000 to € 40,000 plus usage
An annual platform subscription between € 15,000 and € 40,000, plus a usage tier by volume. It makes sense once NIS2 compliance becomes a recurring line of business in your practice.No revenue share
In either model, we take no percentage of what you bill the client. The price you charge is yours to set and the margin is yours to keep.What it is built on
Mapped to the frameworks authorities and buyers use.
Controls are mapped to the frameworks the CNCS, auditors and regulated clients already recognise, so evidence serves more than one audit.
Frequently asked questions
Will foraudits talk to my clients?
No, unless you ask us to. The model is white-label and has no channel conflict: the relationship, the billing and the brand in front of the client are yours. foraudits is the infrastructure underneath and stays invisible to your client.
Do you take a percentage of my billing?
No. There is no revenue share in either model. You pay per project, between € 1,000 and € 3,000 per entity, or an annual platform subscription between € 15,000 and € 40,000 plus usage. The price you charge the client is yours to set.
How long until my team is independent?
We give access to a white-label workspace and training. As a rule, the team is independent within days, setting up clients, importing supplier chains and running assessments without involving us project by project.
Does the platform issue compliance certificates?
No. Formal certification is done by bodies accredited by IPAC. foraudits prepares, maps and organises evidence and produces readiness reports. For formal certification, we refer, or you can refer, to accredited partners.
What if you receive a project you cannot serve?
We refer it to the right partners in the network. We sell the infrastructure, not compliance services to your clients, so we do not compete with you for the work.
Do the frameworks cover more than QNRCS?
Yes. Controls are mapped to QNRCS and also to NIST CSF 2.0, ISO/IEC 27001, ISO/IEC 27036 and Regulation 756/2026, so the evidence collected serves several frameworks and more than one audit.
The figures shown are indicative and under validation. foraudits is not an accredited certification body: it prepares, maps and organises evidence and produces readiness reports; formal certification is done by bodies accredited by IPAC. This content is informational and does not constitute legal advice.
Let's talk about a partnership.
We show you the white-label platform and design the model with you, per project or annual platform, that fits your practice.