Manufacturing sits at the intersection of two regulations: NIS2 brings most large manufacturers in scope as important entities, and the EU Cyber Resilience Act applies to anyone placing a product with digital elements on the EU market — which is almost every modern manufacturer. The two together create a stack of obligations spanning corporate IT, factory OT, and the products themselves.
Sandline runs OT-aware vulnerability assessments inside the factory, supplier-side security assessment programmes that satisfy NIS2 supply-chain obligations, and CRA Annex I product security assessments for the manufactured items. The evidence is reusable across all three obligations.
Typical engagements
- Pentest of corporate IT and ERP
- OT-aware vulnerability assessment in the factory
- Pre-market product security assessment (CRA Annex I)
- SBOM generation and vulnerability handling SLA design
- Supply-chain security assessment programme
Sector-specific threats
Ransomware on production lines
A confirmed pattern for EU manufacturers. We focus on segmentation, recovery testing and OT-side detection, not just on perimeter hardening.
Insecure connected products
CRA Annex I makes "insecure by default" a market-access issue. We help you build security into the product release cycle rather than retrofit it.
Compromised supplier credentials
A primary vector for the most damaging incidents. Our supply-chain programme assesses suppliers against the controls you assess yourself against.