An Audit Evidence Pack is a structured collection of documents, records, and technical artefacts that demonstrates your product's compliance with a given regulation. For the Cyber-Resilience Act (CRA), this pack constitutes the technical documentation that manufacturers are legally required to maintain and provide to market surveillance authorities upon request (CRA Art. 31).
The EU Cyber-Resilience Act (CRA) is a landmark law that makes cybersecurity a mandatory, legal requirement for all "products with digital elements" sold in the European Union. For the first time, secure-by-design principles are moving from best practice to a legal obligation, enforced through CE marking.
A Gap Analysis is a critical first step in your journey to compliance with the Cyber-Resilience Act (CRA). It helps you identify the differences ("gaps") between your current security practices and the legal requirements of the regulation.
1. Why the CRA matters now
1. Why FDA Cybersecurity Requirements Matter
Getting started with a large compliance framework like the Cyber-Resilience Act (CRA) can be daunting. This checklist is designed to be a practical, actionable guide for development teams and product managers. It breaks down the initial work into concrete tasks that can be planned into your first few agile sprints.
1. Why the IVDR matters for connected devices
1. Why the MDR matters for connected devices
1. Why NIS 2 matters now
1. Why PECR matters for Connected Devices
1. Why PSTI matters now
1. Why the RED cyber rules matter now
A maturity model is a tool that helps an organization measure the effectiveness and completeness of its practices against a defined standard. This Secure-by-Design (SbD) maturity model is designed to help you assess your product security capabilities, identify gaps, and build a roadmap for continuous improvement.
1. Introduction to User Documentation