Your buyer’s security questionnaire (DDQ) completed in 72 hours — €2,400
What makes this safe to star
Pay-on-Acceptance (20/80)
Clarity Guarantee (10 days)
On-Time Credit (€200)
Switch-Safe Portability
EU-only storage & 90-day deletion
Act 124/2025 (NIS2) — Documentation Aligned*
There is no official “Act 124/2025 certification.” We map each deliverable to the law’s obligations and NIS2 guidance (see Mapping Sheet below).
Quick social proof — as of 12 Sep 2025
Last 30 days
- DDQs delivered: 4
- On-time (72h SLA): 100%
- Avg. clarification rounds: ≤1
Recent outcomes (anonymized):
- Utility (≈1k staff): buyer accepted in 72h; 3 mitigations documented (MFA rollout scheduled; restore test booked).
- FinTech (EU sales): RFP security annex passed; 1 clarity round.
- SaaS vendor: buyer portal submission accepted; supplier list >25 handled via over-cap ladder.
Alignment & proof:
- Act 124/2025 Mapping Sheet (1-page) — each deliverable → obligation (e.g., incident 24h/72h/1-month).
- Request redacted sample — DDQ row, Evidence Index line, Incident Card (sanitized).
There is no official government certification for Act 124/2025. We provide alignment and evidence mapping used in procurement.
What you get — clear & complete
€2,400 fixed — includes one DDQ ≤80 units.
- Buyer security questionnaire (DDQ) completed (≤ 80 answerable units) — file or portal export
- Readiness Summary (1 page)
- Evidence Index (xlsx) — every claim → policy / procedure / record
- Incident Workflow Card — 24h / 72h / 1-month steps + portal link + owners
- Customer Assurance Letter
- 30-min handover (+ Loom walkthrough)
Optional add-ons: Country Annex • Legal wording review note • Extra DDQ • Extra language
Risk-free guarantees — Why it’s safe to start with us
48h Checkpoint + Walk-Away
— €250 starter (credited). See draft Summary, Evidence skeleton & 5–10 DDQ answers. Not a fit? Stop—keep drafts; no further fee.
Pay-on-Acceptance (20/80)
— 20% now; 80% on delivery / after one clarity round.
Clarity Guarantee (10 business days)
— one free round of buyer-requested formatting/clarifications (no new questions/evidence).
On-Time Credit
— if we miss 72h without the clock being paused → €200 credit.
Switch-Safe Portability
— all source files + mapping index (which file answers which DDQ items) + 60-min handover to any provider (post-acceptance)
Data Handling
— EU-resident storage, least-privilege access, NDA on request, 90-day deletion.
How it works — minimal client time
- Scope Freeze — send DDQ file or portal PDF; we snapshot and issue a Count Sheet.
- Intake (30–45 min) — short form + quick call (only essentials).
- Build — we complete your DDQ and map every claim to records (screens, logs, tickets, clauses).
- QA & Handover — 30-point QA; 30-min review + Loom; one clarity round included.
- Acceptance — buyer accepts / we finish clarity; balance due per Pay-on-Acceptance.
Client time: typically 60–90 minutes total.
Act 124/2025 (NIS2) — Mapping Sheet
We align each deliverable to Act 124/2025 obligations (e.g., incident timing 24h/72h/1-month, governance, supplier risk). Download the 1-page Mapping Sheet (PDF) (add your link)
Reminder: Authorities provide forms (e.g., registrations / incident reports). They don't "approve" documentation packs. We provide aligned wording + evidence mapping used in procurement.
“What counts as a question?” — ≤80 units explained
- We count answerable units (the smallest prompt needing its own answer or one evidence file).
- 1 unit = one atomic answer or one evidence file request
- Lists: up to 25 items = 1 unit (each +25 items = +5 units)
- Multi-part asks: "Provide Incident, Access, Backup policies" = 3 units
- Evidence bundles: "policy + plan + attendance logs" = 3 units
- Over-cap ladder: 81–120 = +€300, 121–160 = +€600, >160 = quote/split
- Separate buyer DDQs or languages count as separate DDQs
See what it looks like
- DDQ answer row — truth-first wording + mapped evidence
What we need from you — only essentials
- Buyer DDQ (file or portal PDF) — upload now or later
- 1–2 page service overview + rough data flow
- Admin roster + MFA status (Multi-Factor Authentication = two-step login)
- Vuln/Patch routine (tool & cadence), last scan date (if any)
- Backups/BC-DR schedule + last restore test (or planned date)
- Vendors (≤25) + any security clauses/attestations
- Incidents (12–24 months) or "none"
- Single approver + incident roles
Compare approaches
FAQ
What is a DDQ?
Your buyer's security questionnaire used during vendor due-diligence.
Do we need government approval?
No. Authorities provide registration/incident forms, not document approvals. Acceptance here means your buyer accepts the DDQ, or we complete one clarity round.
What if our DDQ is bigger than 80 questions?
We snapshot your DDQ and issue a Count Sheet. 81–120 = +€300, 121–160 = +€600, >160 = quote/split. You see the count before we start—no surprises.
We don't have MFA or restore tests yet—can we proceed?
Yes. We'll write truth-first with a Mitigation statement (owner + date) and attach proof-of-progress (ticket, calendar invite). Buyers typically accept this.
Can we start without uploading the DDQ?
Yes—book now, upload later. The 72h clock starts after the DDQ snapshot and Count Sheet are accepted.
Ready to start?
Start 72-Hour Sprint — €2400
We’ll snapshot your buyer’s security questionnaire (DDQ), freeze scope with a Count Sheet, and deliver within 3 business days.
Delivery guarantee (SLA): 72h starts after Count Sheet acceptance & required inputs are in. If we miss without pausing → €200 credit.
Try 48-Hour Checkpoint — €250 (credited)
See a draft Summary, Evidence Index skeleton & 5–10 DDQ answers. Decide with confidence.
Copyright 2025 © South East 1 OÜ