Since June 2025, the joint project between G DATA CyberDefense AG and TÜV TRUST IT has been making steady progress in implementing the Cyber Resilience Act (CRA) and introducing a quality management system in accordance with ISO 9001:2015.
Strategic Direction & Communication
The project team, led by Marcel Merzig and Hendrik Dettmer, has further refined the strategic approach. A communication strategy has been prepared for marketing approval, including a draft text that clearly and effectively conveys the goals and regulatory requirements of the CRA to the target audience.
Structured Implementation Through Regular Jour-Fixe Meetings
Since early August, weekly organized jour-fixe meetings have been held under the leadership of Christian Kühl. These meetings serve to track tasks, prioritize topics, and assign roles. All outcomes are transparently documented in the internal wiki (Confluence).
Documentation & Standards Work
The ISO 9001 documentation has been continuously developed:
- Process descriptions are currently being revised as part of ISO 9001, along with additional chapters of the Quality Management Handbook (QMH).
- In parallel, the project team is actively monitoring European standardization efforts related to CRA implementation, including analysis of relevant documents and participation in various workshops.
Conclusion: The project impressively demonstrates how regulatory requirements and quality management can be implemented in a practical and future-oriented way. With a clear structure, dedicated teams, and transparent communication, G DATA is setting new standards in the cybersecurity industry.