Dashboard

Cyber Resilience Act Compliance

This document outlines how the Gateway Test Platform complies with the EU Cyber Resilience Act (CRA), which aims to ensure a high level of cybersecurity for digital products in the European Union.

1. Product Security Commitments

The Gateway Test Platform is committed to implementing and maintaining robust security measures throughout the product lifecycle. We:

• Design our software with security by design principles
• Regularly update and patch our systems
• Conduct rigorous security testing before releases
• Maintain clear documentation of security features

2. Risk Management

We maintain a comprehensive risk management program that includes:

• Regular risk assessments of our platform and services
• Identification and mitigation of potential vulnerabilities
• Documented risk acceptance criteria and processes
• Supply chain security assessments

3. Vulnerability Handling

Our vulnerability management process includes:

• A coordinated vulnerability disclosure policy
• Dedicated security contact for reporting vulnerabilities (security@gatewaytest.platform)
• Established timelines for addressing different severity levels of vulnerabilities
• Regular security patches and updates

4. Security Incident Response

We maintain a structured approach to security incidents:

• 24/7 monitoring for security incidents
• Defined response procedures for different incident types
• Customer notification protocols in case of significant incidents
• Post-incident analysis and improvement process

5. Technical Documentation

In compliance with the CRA, we maintain comprehensive technical documentation that includes:

• System architecture and security controls
• Results of security testing and risk assessments
• Known vulnerabilities and their status
• Security update mechanisms and processes

6. Secure Development Lifecycle

Our development practices include:

• Code reviews with security focus
• Static and dynamic application security testing (SAST/DAST)
• Regular security training for development personnel
• Secure coding guidelines and enforcement

7. Security Updates

We provide security updates according to the following principles:

• Critical security updates are deployed within 72 hours
• All security updates are thoroughly tested before deployment
• Users are notified of the availability of security updates
• Update history is maintained and accessible

8. Compliance Reporting

In accordance with CRA requirements, we:

• Maintain records of compliance with essential requirements
• Conduct periodic assessments of our compliance status
• Report serious incidents to relevant authorities when required
• Cooperate with authorities during investigations

9. Customer Responsibilities

To maintain a secure environment, customers should:

• Apply security updates promptly
• Follow security recommendations provided in our documentation
• Report any security incidents or vulnerabilities
• Maintain appropriate access controls for their users

10. Contact Information

For inquiries related to our CRA compliance or security matters, please contact our security team at security@gatewaytest.platform.