Duesseldorf, January 18th, 2024 – New laws and regulations are creating uncertainty in corporate IT departments – and also in management: The EU Commission’s forthcoming Cyber Resilience Act (CRA) includes liability for board members and executives in companies. The German technology company ONEKEY has been researching cybersecurity vulnerabilities in smart products such as IoT and OT devices, as well as in virtually all systems connected to the Internet, for years – and operates a Product Cybersecurity and Compliance Platform (PCCP) that can be used as a SaaS solution and performs automated testing and risk analysis of device software. With the new integrated Compliance Wizard™, ONEKEY goes one step further and automates essential steps and efforts:
“Businesses, and even IT professionals, are uncertain about how to implement new requirements such as the CRA. We are filling this vacuum with the Compliance Wizard™ – a combination of automated cybersecurity check and virtual assistant that guides companies through a simplified assessment of organisational compliance. This enables a dialogue-driven as-is assessment with subsequent analysis and documentation, which can also be used for the upcoming obligation to provide evidence in cyber security matters,” says Jan Wendenburg, CEO of ONEKEY. With this unique and patent-pending solution, the company further extends its leadership in automated solutions for product cybersecurity.
Analyse instead of hide
Uncertainty about current and future IT laws is high – many companies do not proactively communicate IT security incidents, according to a study commissioned by the TÜV association: 82 percent of German companies that had suffered an IT security incident in the past twelve months kept it secret. “There is only one way to change this attitude: transparency within the companies themselves. To effectively defend against an attack, there must be transparency – including transparency about what measures are being taken and in what order. With the Compliance Wizard™, we offer a simple structure that, based on our extensive experience, brings more transparency to the cybersecurity of a company’s products,” continues ONEKEY CEO Wendenburg. The Compliance Wizard™ first breaks down the requirements of the respective laws and standards, which can then be supplemented by the respective company with further content on the current situation. Even at this early stage, the Compliance Wizard analyses vulnerabilities and provides information on violations of standards, which can often be easily remedied.
Preliminary stage to certification
The automated Compliance Wizard™ report also acts as a self-declaration of compliance, documenting the current status of cybersecurity and possible compliance measures. New software versions can be automatically analysed in minutes, allowing documentation and declarations to be updated immediately. The report is often the first step towards certification, presenting all relevant information in a structured manner. By easily exporting the analysis, structured data, and supporting documentation, external certification bodies can complete any subsequent certification more efficiently and quickly. “Our goal for companies and cybersecurity managers is to significantly simplify the implementation of stricter product cybersecurity regulations. With the new Compliance Wizard™, many standards such as the EU Cyber Resilience Act, IEC 62443, ETSI EN 303 645, UNECE R 155 and others can now be technically tested and organisationally analysed and recorded,” says Jan Wendenburg, who invites all interested manufacturers to take part in a free trial.
ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.
Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.
The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.
The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.
Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.
euromarcom public relations GmbH
+49 611 973 150