Implementation theme

Product security action plan development

In order to comply with overseas laws and regulations, we will investigate the current security maturity level and identify issues.
Supported the formulation of a mid-term security roadmap for response.

Customer information

✔ Major domestic manufacturers
✔ Number of employees: Approximately 10,000
✔ Sales: Approximately 500 billion yen

The company is promoting overseas expansion in order to achieve its management goals for 2030, but is not in compliance with overseas laws and regulations, such as the upcoming European Cyber Resilience Act (CRA), and may be in violation of penal provisions.
Therefore, we will summarize the current state of security response and develop security measures to realize the ideal state.
It became necessary to implement measures and establish systems.

Main Efforts

(1) Organize the current situation
Designed original interview items by adding the knowledge of Macnica to industry standard guidelines and standards such as CPSF (Cyber Physical Security Framework) and IEC62443-4-1. For each business unit in different industries, we collected information on the current status of initiatives through a questionnaire survey and conducted an interview survey to identify and deepen the issues.

②Identifying issues
Based on the survey results, the current status of response was scored from the perspectives of People (organization), Process (regulations), and Technology. A relative evaluation was made in comparison with the figures of other advanced companies in the industry, and a compliance evaluation was also made by breaking down and specifying each provision of the CRA, to identify company-wide issues and individual issues for each business division that need to be addressed in the future.

③ Roadmap formulation
Based on the maturity of the entire company and Macnica 's accumulated experience in supporting manufacturing customers, the resources and time required to resolve each issue were calculated. Taking into account the impact of each issue being left unresolved, the priority of the initiatives was determined and a three-year roadmap of activities was created.

Main Results

✔ By breaking down and specifying each of the highly abstract provisions of the CRA, we were able to visualize the compliance status of each product/system that each business division picked as a sample.

✔Company-wide issues cited included a lack of a promotion organization, inadequate internal process regulations that led to initiatives being personalized, and a lack of execution knowledge for risk analysis, etc.

✔ Consider several patterns for how roles should be divided between business divisions and company-wide promotion organizations in the future. Depending on the pattern, clarify the main actors for each roadmap activity, hold discussions with each business division member, and decide on the activity policy.

Please feel free to contact us first

Related Links

A guide to complying with EU cyber resilience legislation

2024.10.16

What challenges does the manufacturing industry face in meeting CRA requirements?

2024.07.18