Operational Trust · Independent Review

Know where you stand before an incident does

A structured 90-minute review that maps your operational resilience, identifies supplier-readiness gaps, and gives you a clear written report — not a dashboard, not a score card, a document you can act on.

See the Review Free Readiness Check

No software to install. No ongoing subscription. One fixed fee: €2,400.

OT-REVIEW · SAMPLE REPORT EXTRACTConfidential

Supplier dependency mapComplete

Incident response plan2 gaps found

Decision authorityUndocumented

SOP coverage4 / 9 processes

NIS2 supplier obligationsPartial

Tabletop exerciseNot conducted

Reviewer: [Lead Reviewer] · [date of issue] · For illustrative purposes only

Built for

SMEs with 10–250 staffOperations leadsFounders & MDsIT managersFinance & legal teamsNIS2-affected suppliers

The Operational Trust Review

A review that produces a document, not a score

Most resilience assessments end with a traffic-light dashboard. Ours ends with a written report you can share with your board, your insurers, or your enterprise clients. Structured. Referenced. Yours to keep.

See full Review details

Operational Trust Review

€2,400

Fixed fee · VAT exclusive · No retainer

Includes

✓Pre-session structured questionnaire

✓90-minute review session (remote or on-site)

✓Supplier dependency map

✓Written report with prioritised findings

✓Follow-up Q&A call (30 min)

Begin a Review

How it works

Pre-session questionnaire

We send a structured document before the session. You complete it at your own pace — no interviews, no surprise questions. It frames the 90 minutes.

90-minute structured session

Led by a senior reviewer. Covers supplier risk, incident response, decision authority, SOP coverage, and NIS2 obligations. Remote or on-site.

Written report within 5 days

A clear document — findings, prioritised actions, references to relevant frameworks. Structured so you can share it with your board or an enterprise client.

Deliverables

What every Review delivers

Every engagement produces the same core set of outputs. No upsells, no tiered packages.

📄

Pre-session questionnaire

Sent before the session. Structures your thinking and ensures the 90 minutes are focused on decisions, not data gathering.

🗺️

Supplier dependency map

A structured view of your key suppliers, their criticality, and your current resilience posture for each.

📋

Written findings report

Prioritised findings with supporting references. Structured to share with a board, insurer, or enterprise procurement team.

✅

Prioritised action list

Concrete next steps ranked by risk and effort. No vague recommendations — specific actions with clear owners.

📞

Follow-up Q&A call

30-minute call within two weeks of report delivery. Time to work through findings and agree on next steps.

Field Notes

From the practice

All notes →

FN-001 · Jan 2025

The supplier dependency map most SMEs don't have

Most organisations can name their top suppliers. Fewer can answer: what happens if that supplier fails on a Tuesday afternoon, and your IT lead is on leave?

Read note →

FN-002 · Feb 2025

What NIS2 actually requires of your suppliers

NIS2 is not just a regulation for large enterprises. If you supply to an entity in scope, you are likely in scope too. Here is what that means in practice.

Read note →

FN-003 · Mar 2025

Why tabletop exercises fail (and how to run one that doesn't)

A tabletop exercise is not a presentation. It is a structured conversation about what your team would actually do. The difference matters.

Read note →

Free · No account required

Take the free Readiness Check

8 questions. 4 minutes. A readiness score and three suggested next steps — whether or not you book a Review.

Start the check →

Common questions

Who is this for?

SMEs with 10–250 staff, typically in professional services, logistics, healthcare administration, or any sector with NIS2 supplier obligations. Particularly suited to organisations that have been asked to demonstrate resilience by an enterprise client or regulator.

What does the review actually cover?

Supplier dependency and risk, incident response readiness, decision authority and governance, SOP coverage, business continuity basics, and NIS2 supplier obligations where relevant. The pre-session questionnaire structures the scope before the session.

Is this the same as a penetration test or ISO certification?

No. This is an operational resilience review — not a technical security audit and not a certification process. We produce a document, not a certificate. For technical security testing you will need a specialist firm; we can signpost if relevant.

How long does it take?

The pre-session questionnaire takes 30–60 minutes to complete. The session itself is 90 minutes. The written report is delivered within 5 working days. The follow-up call is a further 30 minutes.

What do I get at the end?

A written report with your supplier dependency map, prioritised findings, and a concrete action list. Structured so you can share it with a board, an insurer, or an enterprise procurement team. Plus a follow-up Q&A call.

Can the report be used for NIS2 compliance purposes?

The report documents your current posture and identified gaps against NIS2 supplier obligations. It is evidence of a structured assessment — useful for demonstrating due diligence. It is not a certification and does not guarantee compliance. Regulatory determinations rest with the relevant authorities.

Scope & limitations

Operational Trust provides independent operational resilience reviews and advisory documentation. Our work is structured guidance, not legal advice, certified compliance, or a guarantee of operational continuity. Regulatory determinations rest with the relevant authorities. We do not conduct technical penetration testing, system audits, or certification assessments. Each engagement is scoped individually; coverage is confirmed at pre-session stage.