CRA maturity assessment & gap analysis

The maturity assessment and GAP analysis show how well your existing development and support processes already meet the requirements of the Cyber Resilience Act (CRA) and relevant standards such as IEC 62443-4-1, EN 18031, etc. They identify specific gaps and prioritise concrete measures to make processes compliant with standards.
 
The results are presented in our Maturity Level Report – with clear references to the respective requirements of the relevant security standard. These reports enable rapid, standard-compliant implementation of the requirements and also serve as proof of compliance. This gives you a practical roadmap that reduces development costs, improves certification opportunities and sustainably strengthens security expertise within your company.
 

With our offering, we accompany you in two consecutive steps:

________

Step 1

Kick-off workshop

In a two-day workshop at your premises, our cybersecurity experts lay the foundation for the CRA process gap analysis. We explain the requirements of the relevant standards (e.g. ISA/IEC 62443-4-1, EN 18031) and then work with you to analyse the current status of your development and support processes using our assessment questionnaire. This involves a comprehensive review and documentation of your organisation, processes and existing products.

________

Step 2

Analysis phase & presentation of results

Based on the workshop results, we carry out a detailed process GAP analysis within four weeks. We evaluate the fulfilment of each CRA and the normative requirements relevant to you in your processes (e.g. IEC 62443-4-1, EN 18031, etc.), evaluate the maturity level of the processes and provide clear, prioritised recommendations for action. The results are compiled in a structured GAP analysis report and presented in a final presentation – including recommendations for the next steps.

 

Good to know: Why it's worth the effort...

• The maturity assessment tells you which requirements are relevant for compliance with the standard that applies to you, where your company currently stands and what steps still need to be taken. You receive a prioritised to-do list that enables you to plan your project in a structured manner in order to introduce standard-compliant processes.
•  The result can also provide documented proof of standard compliance. This proof of your cybersecurity expertise serves as a basis for certification by auditors and assessors.