THINK SAFE. THINK ICS.

Cyber Resilience Act (CRA)

Clarity in 30 minutes!

Book a free consultation with our CRA experts Stefan Karg and Ann-Kathrin Wentz now.

Together we will clarify:

Whether and how your product is affected by the CRA
Which steps make sense now
How you can quickly arrive at a clear roadmap

How you can achieve results quickly with us

In the free CRA consultation, we provide orientation and direction in 30 minutes:
Which obligations apply in principle, how your product can be classified and which next steps you should plan specifically.

1. orientation

Together, we will check whether the CRA is relevant for your products and what requirements arise from it. You gain clarity as to which requirements are important for you and where you should start now to avoid wasting time.

2. next steps

We show you how to assess your current security and development level and which measures you should prioritize. The result is a realistically planned start - optionally with a subsequent gap analysis.

3. implementation & verification

After the consultation, we can provide you with further support if you wish: from risk analysis and vulnerability management to CE conformity. Optionally, SECIRA can help you to structure processes efficiently and implement them in a comprehensible manner.

Result

After 30 minutes you will know whether the CRA affects your product and which measures make sense for you.

Your duty. Our solution. Your head start with the Cyber Resilience Act (CRA).

The Cyber Resilience Act (CRA) is a duty - but also an opportunity. We help companies not only to meet the legal requirements, but also to create a real competitive advantage. From impact analysis and risk and vulnerability assessment to CE conformity assessment, we provide you with practical support during implementation.

With ICS and SECIRA, compliance becomes a strategic advantage.

people_ics_stefan_k_contact

Stefan Karg

Head of Competence Center Security
Team Lead Rail Security

people_ics_ann-kathrin_wentz_contact

Ann Kathrin Wentz

Sales Security
Team Lead Sales

Others advise, we solve

We translate regulatory requirements into practical solutions - step by step.

  • Other

  • ICS

Other

Advice

ICS

Advice
Approach
Explaining the CRA and its duties
Work with you to develop a clear roadmap from the first step to implementation
Result
Report or checklist
Clear understanding of the impact and next steps. With subsequent analysis if required.
Focus
Theory & compliance text
Practice & feasibility in the product and process
Methodology
Standard templates
Structured procedure according to recognized standards. Optionally with digital support from SECIRA.
Competence
General IT or compliance consulting
Interdisciplinary team from security, software and safety. Collaboration in standardization committees.
Tools
Excel, Word, manual verifications
Optional: SECIRAdigital platform for risk, vulnerabilities and tracking
Accompaniment


Advice through to handover


After the initial consultation: Support from analysis to operation
Understanding the industry


Cross-sectional


Deeply rooted in KRITIS, rail, industry and networked products
Goal
Submit report
Anchoring security sustainably and living compliance

The free initial consultation provides orientation and planning. Detailed analysis and implementation are then carried out as required.

We can provide you with classic consulting support or - if desired - digital support with SECIRA.
The platform helps to structure risk analyses, vulnerability management and documentation efficiently and implement them in a way that is permanently traceable.

LEARN MORE ABOUT SECIRA

Why ICS?

ICS has stood for security in critical infrastructures since 1966.

With our expertise in software development, functional safety and cybersecurity, we support companies in efficiently implementing regulatory requirements - from risk analysis to CE conformity.

csm_IT_Security_made_in_Germany_TeleTrusT_Seal
ics_1966_think_safe_think-ics

Expert knowledge

Customized solutions

Highest quality

FAQ

Frequently asked questions about the CRA initial consultation

Are we affected by the Cyber Resilience Act?

We will clarify this together. Based on your product, target markets and existing certifications, we assess whether you fall under the CRA and whether IEC 62443 or NIS2 arealso relevant for you.

What exactly happens during the consultation?

You will receive a professional assessment of how you are affected and the next steps - compact and easy to understand.

What is the difference to implementation or gap analysis?

The initial consultation provides orientation. We do not yet carry out an analysis, but clarify where you stand and what you need. If you subsequently wanta gap analysis or risk analysis, we will plan this together on the basis of the consultation.

What distinguishes the CRA from other regulations such as IEC 62443 or NIS2?

The CRA applies to products with digital elements - i.e. manufacturers, importers and distributors. IEC 62443 addresses the technical security of industrial systems, while NIS2 addresses the organizational security of operators. In this discussion, we show you which combination applies to your company and how you can avoid overlaps.

How does the appointment process work?

Simply book using the form. We will get back to you with suggested dates or a direct calendar link. The consultation takes place online - or by telephone or on site if you prefer.

Who carries out the consultation?

Our experts Stefan Karg (Security & Risk) and Ann-Kathrin Wentz (Sales Security) will accompany you personally. Both advise companies in the KRITIS environment and are deeply involved in regulatory developments.

What does the initial consultation cost?

The consultation is free of charge and non-binding. The aim is to give you guidance and not to sell you something.

What happens after the interview?

On request, you will receive a brief summary with recommendations for action and can decide whether you would like a more in-depth analysis or implementation. No automatic follow-up obligation - you remain in control.

What documents should I prepare?

If available: Product description, target markets, safety certificates or certifications. If you do not yet have anything available, a general overview of your product portfolio will suffice.We will pick you up where you are.

How quickly can implementation start afterwards?

Depending on the initial situation, often within a few weeks. You can start the gap analysis or risk analysis with SECIRA immediately after the initial consultation.

Where can I find further information on the CRA?

Our CRA info page provides you with a comprehensive overview of requirements, deadlines and implementation steps.

Can I change my plan later?

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

CRA or IEC 62443 - which applies to which product and when?

Does the CRA, IEC 62443 or both apply to your product? Find out quickly and easily with our questionnaire and specific examples.

 

TO THE ARTICLE

Normative requirements for risk management - IEC 62443 and ISO 27005

What are the differences between the various norms and standards and what do companies need to do to comply with them?

 

TO THE ARTICLE

The importance of a user-friendly security platform | SECIRA

Learn why usability is becoming a security issue - and how SECIRA combines risk, compliance & IT/OT security on one platform.

 

TO THE ARTICLE

Recent Posts