• New product cybersecurity regulations require more testing and documentation
  • ONEKEY’s Compliance Wizard™ automates and assists with self-certification and self-declaration
  • Already available for many standards including EU CRA, IEC 62443, ETSI EN 303 645, UNECE R 155, etc.

Duesseldorf, January 18th, 2024 – New laws and regulations are creating uncertainty in corporate IT departments – and also in management: The EU Commission’s forthcoming Cyber Resilience Act (CRA) includes liability for board members and executives in companies. The German technology company ONEKEY has been researching cybersecurity vulnerabilities in smart products such as IoT and OT devices, as well as in virtually all systems connected to the Internet, for years – and operates a Product Cybersecurity and Compliance Platform (PCCP) that can be used as a SaaS solution and performs automated testing and risk analysis of device software. With the new integrated Compliance Wizard™, ONEKEY goes one step further and automates essential steps and efforts:

“Businesses, and even IT professionals, are uncertain about how to implement new requirements such as the CRA. We are filling this vacuum with the Compliance Wizard™ – a combination of automated cybersecurity check and virtual assistant that guides companies through a simplified assessment of organisational compliance. This enables a dialogue-driven as-is assessment with subsequent analysis and documentation, which can also be used for the upcoming obligation to provide evidence in cyber security matters,” says Jan Wendenburg, CEO of ONEKEY. With this unique and patent-pending solution, the company further extends its leadership in automated solutions for product cybersecurity.

Analyse instead of hide

Uncertainty about current and future IT laws is high – many companies do not proactively communicate IT security incidents, according to a study commissioned by the TÜV association: 82 percent of German companies that had suffered an IT security incident in the past twelve months kept it secret. “There is only one way to change this attitude: transparency within the companies themselves. To effectively defend against an attack, there must be transparency – including transparency about what measures are being taken and in what order. With the Compliance Wizard™, we offer a simple structure that, based on our extensive experience, brings more transparency to the cybersecurity of a company’s products,” continues ONEKEY CEO Wendenburg. The Compliance Wizard™ first breaks down the requirements of the respective laws and standards, which can then be supplemented by the respective company with further content on the current situation. Even at this early stage, the Compliance Wizard analyses vulnerabilities and provides information on violations of standards, which can often be easily remedied.

Preliminary stage to certification

The automated Compliance Wizard™ report also acts as a self-declaration of compliance, documenting the current status of cybersecurity and possible compliance measures. New software versions can be automatically analysed in minutes, allowing documentation and declarations to be updated immediately. The report is often the first step towards certification, presenting all relevant information in a structured manner. By easily exporting the analysis, structured data, and supporting documentation, external certification bodies can complete any subsequent certification more efficiently and quickly. “Our goal for companies and cybersecurity managers is to significantly simplify the implementation of stricter product cybersecurity regulations. With the new Compliance Wizard™, many standards such as the EU Cyber Resilience Act, IEC 62443, ETSI EN 303 645, UNECE R 155 and others can now be technically tested and organisationally analysed and recorded,” says Jan Wendenburg, who invites all interested manufacturers to take part in a free trial.