This beginner-friendly guideline is crucial for the understanding of mSMEs and especially for those with, as of yet, limited knowledge on the CRA and/or difficulties in navigating the legal environment of the CRA. To make the CRA legal text more tangible, it provides a simplified overview of the key CRA obligations. The overview does not cover all obligations, nor does it include all exceptions to the legislation. Rather, the guideline focuses on five key categories of obligations to be considered at minimum – (1) the cybersecurity risk assessment; (2) vulnerability handling and security updates; (3) user information, instructions and a Single Point of Contact; (4) reporting obligations: vulnerabilities and incident reporting; (5) conformity assessment. Without going into technical details, the guideline clarifies these legal obligations and is thereby aimed at improving awareness, accessibility and understanding at a basic level. For further reading and practical suggestions, the CRA’s Essential Cybersecurity Requirements: Annex I, Part I guideline and CRA Methodological Compliance Assessment Framework can be consulted.
Loading
Loading...