Get prepared for Cyber Resilience Act (CRA) compliance with technical training from Direct Insight
Direct Insight will deliver a one-day, in-person classroom-based training course, titled ‘EU Cyber Resilience Act – Technical Training for Embedded & IoT: Planning for Compliance’, designed to equip embedded systems engineers, developers and project managers with the skills and knowledge to confidently prepare and plan for CRA compliance.
In less than 3 years’ time, all products shipped to the EEA (European Economic Area) will have to be CRA-compliant, as a legal pre-condition of bearing the CE mark. The EU Cyber Resilience Act came into force in December 2024, extending the CE marking scheme by mandating that, from December 2027, all products with digital elements that can be connected to a device or network must adhere to a strict set of rules in their design, documentation and support before claiming conformance.
This one-day, intensive training course, developed by subject matter experts and delivered in-person by an experienced training team, will equip engineers and project managers to confidently prepare for CRA compliance in electronics and embedded systems design and development, based on a sound understanding of the requirements.
Practical and actionable information is provided based on various embedded development scenarios, covering both MCU- and MPU-based projects, and a range of typical software frameworks. At each stage, additional resources are identified that will allow further self-training and skills development, so that delegates can continue their journey to subject expert status.
“The CRA will have a significant impact on embedded developers – particularly those not familiar with CVEs (Common Vulnerabilities and Exposures) or SBOMs (software bill of materials), and unprepared to implement requirements like encryption, secure boot and OTA (over-the-air) updating,” says David Pashley, Direct Insight co-founder & Managing Director. “All products shipped into the EU must comply by December 2027, so the time to start planning is now!”
Topics covered include:
• Scope and requirements of CRA
• Role of standards
• Risk assessment
• Secure software development lifecycle
• Authentication and secure boot
• Producing products “free from exploitable vulnerabilities”
• Maintaining and updating secure products
• Secure supply chain
• Conformity process and documentation
No prior knowledge is required, although the content will be most beneficial to experienced embedded developers. Delegates can expect an intensive day of training, as a lot of ground is covered. The course is primarily lecture-based, with opportunities for interaction and questions. A small proportion of the content may be delivered by remote speakers. Each delegate will receive a binder with course content, which they can annotate, as well as a CPD certificate upon completion.
