A purpose-built, role-driven platform for the EU Cyber Resilience Act. Three isolated panels — Manufacturer, Supplier, Auditor — tracking all 14 CRA requirements with structured evidence, real-time risk posture, and a non-repudiable audit trail.
Each role has a dedicated, isolated panel. No cross-role data access at any level. Strict separation of duties matching the CRA's own governance intent.
The Super Admin. Owns the entire compliance programme — managing suppliers, auditors, requirements, controls, and approval workflows. Real-time visibility over the full supply chain.
Manages their Bill of Materials, submits compliance evidence per requirement, reports risk levels, and views their own posture in real time.
Read-only access to the complete compliance programme — without the ability to influence outcomes. Designed for CRA Article 32 conformity assessment and notified body reviews.
Every requirement tracked per device and per connection. Evidence stored in organised req_1 to req_14 folders. Risk scored Negligible → Critical per requirement.
Built on Secure SDLC principles. Input validation, parameterised queries, CSRF protection, file upload controls — all first-class features, not retrofits.
Three completely isolated panels. No cross-role data or function access possible at any level.
Multi-factor authentication enforceable for all roles, especially Manufacturer and Auditor access.
Extension whitelisting, MIME validation, 10 MB limits, path traversal prevention. Per-user isolated storage outside web root.
Session validation, timeout enforcement, CSRF protection. No session reuse across roles.
Suppliers submit. Manufacturers approve. Auditors observe. No single role controls the full compliance chain.
Full timestamped, attributed, non-repudiable submission and approval history available at all times.
Contact us for a demonstration or to discuss deployment options for your organisation.