Achilles Programs · Critical Infrastructure Suppliers
Achilles Certification Consulting
Structured preparation for Achilles qualification programs for suppliers to critical infrastructure operators and industrial companies. Gap analysis, implementation support, and audit preparation — from first assessment to verified certification.
What is Achilles Certification?
Achilles is a supply chain risk management and supplier qualification system used by critical infrastructure operators, energy companies, and major industrial enterprises worldwide to verify the cybersecurity and operational integrity of their suppliers. An Achilles qualification signals that a supplier has documented, validated security practices across key domains — making them eligible to participate in procurement processes that require demonstrated security maturity.
For suppliers to the energy sector, utilities, oil and gas operators, and industrial OEMs, Achilles requirements increasingly appear in procurement contracts and supplier qualification processes. Not having Achilles can mean disqualification from tenders, delayed contract renewals, or elevated scrutiny in vendor risk assessments.
Blackfort Technology supports suppliers in achieving Achilles qualification through a structured process: we assess your current security maturity against Achilles requirements, identify gaps, develop remediation measures, and prepare documentation for successful verification.
Preparation Areas
Achilles certification covers multiple security domains. For each area, we assess your current maturity, identify gaps, and support implementation:
01
Information Security Management
Policies, roles, and responsibilities for information security. Security awareness program, incident management process, and documented security objectives. Existing ISO 27001 certification can be credited for many requirements.
02
Supply Chain Security
Security requirements for your own suppliers and subcontractors. Vendor assessment process, contractual security obligations, and monitoring of third-party risks throughout the supply chain.
03
Business Continuity
Business continuity and disaster recovery planning. Documentation of critical processes, recovery time objectives, and regular testing of continuity procedures.
04
Physical & Environmental Security
Physical access controls, environmental protections for systems, and secure disposal of hardware and data carriers. Visitor management and clean desk policies.
05
Access Control & Identity Management
Role-based access control, multi-factor authentication for privileged access, regular access reviews, and offboarding processes for departing employees and contractors.
06
Vulnerability & Patch Management
Documented process for identifying, assessing, and remediating vulnerabilities. Regular scanning, defined patching timelines by severity, and exception management for systems that cannot be patched.
Achilles and ISO 27001: Synergies and Differences
Companies with existing ISO 27001 certification are well-positioned for Achilles: the ISMS framework directly addresses many Achilles requirements around information security management, risk assessment, and incident handling. ISO 27001 certification can be credited for significant portions of the Achilles assessment, reducing both preparation time and effort.
The key differences: Achilles has a stronger focus on supply chain security — specifically your management of your own suppliers and subcontractors — and on operational continuity for the contexts relevant to critical infrastructure buyers. These areas typically require targeted documentation work even for ISO 27001-certified companies.
Blackfort assesses the delta between your current certifications and Achilles requirements so you invest effort where it actually matters — not in areas already covered by existing evidence.
Our Consulting Approach
Gap Assessment
We evaluate your current security posture against Achilles requirements, identify gaps, and assess which existing certifications and documentation can be credited.
Prioritized Action Plan
We deliver a prioritized list of measures sorted by impact and effort — so you close the most significant gaps first and don't waste time on low-priority items.
Implementation Support
We support implementation of required policies, processes, and controls — from drafting documentation to reviewing technical measures.
Assessment Preparation
We prepare you for the Achilles verification process: review of documentation, dry-run against assessment criteria, and support during the actual audit.
Achieve Achilles Qualification — Structured and Efficient
Blackfort Technology supports suppliers in achieving Achilles qualification while leveraging existing security investments — ISO 27001 certifications, existing policies, and documented processes all count toward your Achilles assessment.
Request Consulting NowFrequently Asked Questions on Achilles Certification
What is Achilles certification?
Achilles is a supply chain risk management and qualification program used by operators of critical infrastructure, energy companies, and industrial enterprises to evaluate their suppliers' cybersecurity capabilities. Achilles certification signals to buyers that a supplier has verified, documented security practices — covering areas such as information security management, supply chain security, and business continuity.
Which companies require Achilles certification from their suppliers?
Achilles programs are used across the energy sector (oil & gas, power generation, utilities), industrial manufacturing, and critical infrastructure operators globally. If you supply to major energy operators, transmission system operators, or industrial OEMs, Achilles requirements may appear in procurement contracts or supplier qualification processes.
What is the difference between Achilles Practitioner and Achilles Publisher?
Achilles Practitioner is for suppliers who want to demonstrate their own cybersecurity posture to buyers — it requires a validated self-assessment against the Achilles framework. Achilles Publisher is for companies that use the Achilles platform to qualify their own supply chain. Blackfort supports primarily suppliers seeking Practitioner status as part of their customer requirements.
How long does Achilles certification preparation take?
Preparation typically takes 8 to 16 weeks depending on the current maturity of your security program and documentation. Companies with existing ISO 27001 certification or documented security processes are significantly closer to Achilles requirements and can complete preparation faster.
How does Achilles relate to ISO 27001 and NIS2?
Achilles certification and ISO 27001 are complementary, not redundant. ISO 27001 provides the organizational security management framework; Achilles validates specific supply chain security capabilities in a format recognized by critical infrastructure operators. An ISO 27001 certification is strong evidence for many Achilles criteria. NIS2 requirements for supply chain security (Art. 21) align closely with Achilles expectations for suppliers in covered sectors.
Key Data
Related Services
Achilles Gap Assessment
We assess your current security maturity against Achilles requirements and identify the fastest path to qualification.
Request NowKontakt aufnehmen
Bereit für den nächsten Schritt?
Sprechen Sie mit uns über Ihre Sicherheitsanforderungen – konkret, ohne Verpflichtung und auf Augenhöhe.