Practical Implementation of Module H for Full Quality Assurance and EUCC Synergy (R12c)
The Cyber Resilience Act introduces new obligations for manufacturers of products with digital elements, emphasizing secure design and vulnerability management throughout the product lifecycle. This talk provides a deep dive into Module H – Full Quality Assurance. Though this talk, the speakers’ll address how adopting the Module H model not only ensures CRA compliance but also facilitate EUCC evaluated product to comply with essential requirements, by significantly reducing overall compliance costs. Drawing from the Blue Guide developed by Eurosmart, the talk outlines how manufacturers and notified bodies can operationalize Module H by integrating cybersecurity controls into established quality systems such as ISO 9001. Participants will learn how to structure a Quality Management Handbook (QMH) and a Cybersecurity Management Handbook (CMH), select representative products for audits, and manage ongoing surveillance and updates. The talk will offer concrete guidance for aligning quality, risk, and vulnerability handling systems, ensuring compliance without duplicating audits. Real-world examples from pilot assessments will illustrate best practices for harmonizing CRA requirements with existing certification schemes.