Situation

The Cyber Resilience Act (CRA) will fundamentally change the security requirements for manufacturers and suppliers of digital products in the EU. Our CRA Readiness Assessment helps you identify at an early stage whether and to what extent your company is affected and what measures are necessary to comply with the legal requirements.

The CRA applies to almost all products with digital elements that are offered on the European market. It distinguishes between different risk classes, which determine the type of conformity procedure required—only a few product categories are exempt.

In addition, it is crucial to understand your role in the market: the CRA primarily holds manufacturers accountable, but also places demands on distributors and importers. Only those who clearly define their role can take the appropriate actions:

BITSEA CRA GUARDIAN  

OUR HOLISTIC APPROACH TO COMPLIANCE

Scope

Determination of the scope, affected products, and roles.

Icon_Geltungsbereich

Governance

Establish structured governance with clear responsibilities, guidelines, and controls.

Icon_Governance

Risk Management

Comprehensive risk management throughout the entire lifecycle—from initial assessment to active vulnerability management.

Icon_Risikomanagement

Reporting Obligations & Compliance

Ensure transparent incident and vulnerability reporting with complete documentation and evidence.

Icon_Compliance

Supply Chain

(Supply Chain Security)

Make supply chains more transparent with SBOM/VEX, manage third-party risks, and ensure compliance across all suppliers.

Icon_Chain

CRA

Quickcheck

Are your products affected?

Icon_Quicktest

Scope

Determination of the scope, affected products, and roles.

Icon_Geltungsbereich

Governance

Establish structured governance with clear responsibilities, guidelines, and controls.

Icon_Governance

Risk Management

Comprehensive risk management throughout the entire lifecycle—from initial assessment to active vulnerability management.

Icon_Risikomanagement

Reporting obligations & compliance

Ensure transparent incident and vulnerability reporting with complete documentation and evidence.

Icon_Compliance

Supply chain

(Supply Chain Security)

Make supply chains more transparent with SBOM/VEX, manage third-party risks, and ensure compliance across all suppliers.

Icon_Chain

CRA

Quickcheck

Are your products affected?

Icon_Quicktest

IHR WEG ZUR CRA-COMPLIANCE

IN 5 EINFACHEN PHASEN

YOUR PATH TO CRA COMPLIANCE

IN 5 SIMPLE STEPS

Image

Phases

Image

1

Assess the Applicability and Classify the Product

Impact assessment, role clarification, risk classification, and gap analysis.

2

Implement Technical and Procedural Foundations

Risk analysis, security-by-design, policies and KPIs, strategy and governance, testing and release processes, and defined responsibilities.

3

Process Establishment

Defining processes, meeting reporting obligations (ENISA), managing timelines and notifications, supplier governance, adapting SLAs, and SBOM management.

4

Demonstrate of Compliance

Documentation, assessments, guidance materials, training, and role-based competency development.

5

Finalise Compliance

Declaration of conformity, CE marking, market surveillance readiness, and continuous improvement.

Image
Image

1

Assess the Applicability and Classify the Product

Impact assessment, role clarification, risk classification, and gap analysis.

2

Implement Technical and Procedural Foundations

Risk analysis, security-by-design, policies and KPIs, strategy and governance, testing and release processes, and defined responsibilities.

3

Process Establishment

Defining processes, meeting reporting obligations (ENISA), managing timelines and notifications, supplier governance, adapting SLAs, and SBOM management.

4

Demonstrate of Compliance

Documentation, assessments, guidance materials, training, and role-based competency development.

5

Finalise Compliance

Declaration of conformity, CE marking, market surveillance readiness, and continuous improvement.

Benefit

Our expertise is based on extensive experience gained from the European Union-funded OCCTET project (a project supporting companies in meeting CRA requirements), our involvement in Bitkom's open source working group, and many years of experience in creating detailed, complete SBOMs along the entire supply chain.

Image

CRA Processes

We support you in establishing all processes, policies, and documentation required for CRA compliance, from development through ongoing operations.

Regierungsgebäude

Governance

This includes governance structures, reporting pathways, security and update processes, and the complete technical documentation required under Annex VII.

Auge

Risk Analysis

Our detailed SBOM assessments and security tests enable comprehensive vulnerability management across the entire supply chain, ensuring maximum transparency and traceability.

Gerichtshammer

Legal Advice

Upon request, we supplement our technical advice with a legal assessment by our experienced partners.

Image

CRA Processes

We support you in establishing all processes, policies, and documentation required for CRA compliance, from development through ongoing operations.

Regierungsgebäude

Governance

This includes governance structures, reporting pathways, security and update processes, and the complete technical documentation required under Annex VII.

Auge

Risk Aanalysis

Our detailed SBOM assessments and security tests enable comprehensive vulnerability management across the entire supply chain, ensuring maximum transparency and traceability.

Gerichtshammer

Legal Advice

Upon request, we supplement our technical advice with a legal assessment by our experienced partners.

Muschel

Get advice now with no obligation.

Call us for a free initial consultation or contact us using the form.

Image