Are you struggling to get a clear understanding of the cybersecurity risks associated with your digital products? Do you know which CRA class your products fall under, and how to systematically address vulnerabilities and compliance gaps?

This service helps organizations systematically identify, analyze, and classify risks associated with their products or systems, as well as determine the correct CRA class in accordance with applicable cybersecurity requirements (e.g., the EU Cyber Resilience Act). The work covers both technical and organizational risk factors and provides a basis for decisions regarding the appropriate security level, development processes, and documentation.

Customer Benefits
• Clear and traceable risk analysis that meets regulatory requirements
• Correctly defined CRA class guiding further development and certification
• Reduced risk of vulnerabilities, recalls, and compliance issues
• Stronger security profile and improved market access within the EU

Service Contents
1. Collection of System Information
Review of the product’s functionality, interfaces, communication, and dependencies.

2. Identification of Threats & Risks
Mapping of potential cybersecurity threats, vulnerabilities, and their consequences.

3. Risk Assessment
Evaluation of likelihood, impact, and risk level using established methodologies.

4. Determination of CRA Class
Classification of the product/system according to CRA requirements based on the risk profile, functionality, and criticality.

5. Recommendations & Action Plan
Proposals for security measures, technical requirements, quality processes, and documentation required for the selected class.

6. Report & Traceability
A comprehensive report that can be used for development work, client communication, and compliance purposes.