Strategy of a Security Technology Provider to Comply to European Cyber Regulations (R13a)
In the current context of multiple regulations aiming at increasing the security of digital devices (RED, EU CRA) and infrastructures (NIS2, DORA), the question of preparation of technology providers is open. Of course, technology providers are already subject to several requirements, concerning their processes (e.g., MSSR, ISO 2700x) and products (e.g., compliance to PP, IEC 62443, etc.). In this talk, the speakers give the example of the transformative changes that allow a technology provider to connect the two worlds, i.e., be individually compliant and act as a liable link in an EU-regulated supply chain. the speakers will detail how the speakers leverage EU CC for ensuring products security-by-design and their assurance continuity, and the speakers back the speakers’ analyses by an EBIOS risk assessment, conducted at company and at product levels.
In addition, the speakers will highlight practical takeaways for technology providers, including:
– a high-level compliance checklist addressing cyber risk management and vulnerabilities identification and management,
– a set of minimum “must-do” action items such as embedding development and infrastructural security practices directly linked to supply chain security, and
– a discussion on EUCC and CRA synergy from both product and process perspectives.
This talk emphasizes not only security assurance but also operational readiness and resilience across the European digital ecosystem.