Assessment Cyber Resilience Act
In the CRA workshop, you’ll receive a concise and practical introduction to the CRA requirements and work with our experts to develop concrete next steps for your company.
The entire process takes place within the framework of an interactive consulting workshop. We conduct this workshop in three distinct phases, each held at a different time and location: Analysis, Distillation, and Process Definition.
1. AnalysisInitial Assessment
This phase is designed to gather key information and clearly assess the current situation. To do this, we work with you to analyze your current product portfolio and identify which of your products and software solutions are subject to CRA requirements. This step is typically conducted on-site.
2. DistillingGap Analysis
In the next step, we conduct an initial gap analysis: We review existing security measures and processes and compare them with the CRA’s requirements as well as relevant standards such as ISO 27001. This helps identify gaps and areas for improvement. The focus here is on selecting and prioritizing the most important product features—illustrated in the image as “Feature Essence.”
Building on this, we develop concrete measures to meet regulatory requirements, identify best practices for secure-by-design and secure-by-default, and create recommendations for vulnerability management, automated testing, and update processes.
This work is carried out partly on-site and partly remotely.
3. Defining ProcessesRoadmap and Prioritization
Finally, the workshop concludes with the definition of processes. In this phase, the identified risks are communicated, and concrete proposals are presented on how the processes and overall architecture could be designed to comply with CRA requirements.
This results in key deliverables, such as a list of future actions and an implementation roadmap that includes prioritization, a timeline, and a cost estimate.
Another focus is on audit preparation: We explain how to document CRA compliance and assist you in demonstrating it during a future audit. It is important to note that the rules for a CRA-compliant audit have not yet been fully established. The workshop provides an opportunity to ask individual questions, discuss specific challenges, and develop tailored solutions for your company. At the end, you will receive a structured overview of the identified measures as well as a roadmap—described in Chapter 3 as an example—for the next steps on the path to CRA compliance.
This step typically takes place on-site.
Accso and NOTOS Xperts: Your Partners for CRA Compliance
Together with our partner NOTOS Xperts, we combine expertise in compliance and software engineering.
Upon request, we also support the implementation of the measures developed in the workshop – from Secure by Design / Secure by Default through security architectures, testing & certification, vulnerability management, and incident response to support with incident handling & reporting as well as reporting requirements.
