From 2027, the Cyber Resilience Act (CRA) will require manufacturers of digital products to address cybersecurity requirements systematically. The deadline is approaching, but you lack the in-house expertise? The biggest risk is not non-compliance, but a false sense of security created by superficial measures. Our CRA Readiness Assessment enables your team to take action within 12 weeks: based on a specific product, with a clear gap analysis, reusable templates and a prioritised action plan.
Your goals
-
Understand CRA requirements and classify them for your own products
-
Identify threats, risks, gaps and need for action at an early stage
-
Build technical documentation in a structured, reusable way
-
Clarify responsibilities, processes and governance
-
Enable internal teams to assess further products independently
How do we support you
CRA classification
We explain the CRA regulation, the relevant requirements and product categories in a clear and practical way.
Scope definition
Together, we clarify which products, components, data points and risks are covered by the assessment.
Product analysis
Our experts guide you through the analysis of the selected products using a proven process.
Documentation template
You receive a structured template that can be reused as a basis for further products.
Action plan
Together, we prioritise the key steps and show what should be implemented by when.
Team enablement
Your specialist departments learn the process and can assess further products independently.Results
-
CRA analysis of a specific product
-
Prioritised action plan with clear next steps
-
Reusable documentation template for further products
-
Clarity on responsibilities, risks and implementation needs
-
Enabled team capable of conducting further analyses independently
Why Ergon
-
Security, software and IoT expertise from a single source
-
Many years of experience with IoT and cybersecurity
-
Practical methodology: enablement rather than consulting only
-
Technical understanding of development, operation and maintenance of digital products and services
-
Optional support for specific IoT requirements, such as certificate management, firmware updates, data flows, interface management and the secure development lifecycle
Who is the assessment aimed at?
The CRA Readiness Assessment is designed for manufacturers and providers of building technology, industrial products, IoT devices, connected components and product-related software. It is particularly relevant for product owners, CISO teams, compliance officers, engineering leads and CE representatives. Ideally, the assessment is carried out with an interdisciplinary core team from the business unit, product management, security, development and compliance.
Format
The assessment takes about 12 weeks and is carried out together with an Ergon security consultant and the relevant specialists from your company. The effort required from your specialists departments is around one to two days per week. The offering is designed to help you help yourselves. It can be conducted on site at your premises or remotely, if preferred.
Process
- Kick-off with scope, target picture and selection of a specific product
- Training on the CRA regulation, requirements and product categories
- Execution in several workshops with specialist representatives
- Review of results and handover to the specialist departments
- Optional: support during the subsequent implementation
We look forward to hearing from you
We are pleased that you are interested in our services. Do you have any questions or a specific project idea? Tell us about it – with no commitment on your part. Our experts will contact you as soon as possible.