An Audit Evidence Pack is a structured collection of documents, records, and technical artefacts that demonstrates your product's compliance with a given regulation. For the Cyber-Resilience Act (CRA), this pack constitutes the technical documentation that manufacturers are legally required to maintain and provide to market surveillance authorities upon request (CRA Art. 31).
A Gap Analysis is a critical first step in your journey to compliance with the Cyber-Resilience Act (CRA). It helps you identify the differences ("gaps") between your current security practices and the legal requirements of the regulation.
This section provides ready-to-use templates for common cybersecurity policies required by regulations like the Cyber-Resilience Act (CRA). These are starting points designed to be adapted to your organization's specific needs.