Trusted by
CRA compliance as it should be
CRA gap analysis
Assess your current system components and processes, how they interact, what they are connected to and how securely, against the CRA requirements, and translate the findings into an actionable plan.
- Product classification and conformity definition
- Security risks and requirements clarification
- Engineering process and records checkup
- Technical file audit, including risk assessment, architecture, and verification
- Code audit covering solution architecture and security measures
- Vulnerability testing
Deliverables:
- CRA gap report - a structured assessment of your product’s current security status against the CRA requirements.
- Scope of work - a list of missing evidence, documents, and security measures we recommend for implementation.
Change engineering
The scope of modifications defined during the analysis phase becomes our backlog of implementation tasks across the entire system.
- Solution architecture and verification documentation update
- Secure coding, refactoring, and supply chain management (SBOM)
- Verification testing and technical file update
- Release and conformity activities
Deliverables:
- CRA-compliant, maintainable product with relevant security measures
- A complete technical file of documents needed for efficient process tracking and certification
CRA-compliant product development from scratch
Complete, end-to-end solution development following the CRA-mandated process, with cybersecurity embedded at every step.
- Product classification and requirements analysis, including security risks
- Solution architecture and SBOM
- CRA-guided coding and implementation
- Quality assurance and security testing
- Self-assessment and technical file documentation provision
- Release and conformity activities
Deliverables:
- CRA-compliant, maintainable product with relevant security measures
- A complete technical file of documents needed for efficient process tracking and certification
CRA post‑market vulnerability handling
Your security issues will be addressed on time as they arise in production, supporting your vulnerability monitoring and long-term product compliance.
- Security issue investigation and fixing
- Security patching with OTA updates
- SBOM vulnerability monitoring
Deliverables:
- A hardened, threat-neutralized system
- Updated technical file
Our areas of expertise
Edge systems engineered to stay secure and resilient despite long lifecycles and constrained compute and memory.
Making sure cloud data, access controls, infrastructure, and networks are secure and safeguarded against intrusions.
Focus on model poisoning and data leaks prevention to ensure data integrity and privacy by design for secure AI workflows.
Back-end workflows protection and securing the application logic with the necessary access management mechanisms.
Our senior leadership
Nazar Kohut
Embedded Project Manager
Nazar is an expert in aligning the software development process with complex regulations and specific business needs. He manages IoT and embedded projects in regulated industries, such as automotive, energy, and healthcare. His key focus is on establishing and maintaining SDLC and/or HDLC to ensure successful project delivery.
Expertise: Automotive regulations • Medical regulations • Consumer electronics regulations • V-Model, Waterfall, CPM, XP, SCRUM
Pavlo Matiieshyn
Head of Embedded Development
With more than 50 successfully implemented embedded projects, Pavlo knows how to engineer IoT systems with built-in security and reliability. Within the LS team, he is the go-to person to ensure that a product is both functional and protected against unauthorized access and firmware manipulation.
Expertise: Secure embedded systems architecture • Mechanical design • Electronics engineering • OTA orchestration • Cloud integration
Yuriy Chen
Head of Cloud Engineering
Yuriy has more than 10 years of experience in cloud architecture and SecOps and leads our cloud engineering team in building the secure-by-design infrastructure required for CRA compliance. He is an expert in designing high-availability architectures for secure OTA updates and real-time threat telemetry.
Expertise: Secure cloud architecture design • IoT Cloud Integration • Compliance automation (incl. SBOM automation)
Why work with us
Built-in cybersecurity
Cybersecurity is not just an optional service — a secure-by-design approach forms the basis of our entire product delivery process. This way, threat modeling and risk assessment take place already during the discovery phase, CI/CD pipelines have built-in SAST and vulnerability scanning, SBOM is available for every build, and hardened infrastructure is a must.
Process maturity
Lemberg Solutions has an established product delivery process incorporating standardization, automation, and security. This way, our clients’ projects naturally meet CRA requirements: exhaustive documentation, secure coding, up-to-date SBOM maintenance, or proactive risk identification.
Documentation routine
Meticulous documenting of the development lifecycle helps support transparency and issue traceability. Our regulations experts are fluent in country and domain-specific legal requirements and can help you formulate the list of required documentation tailored to your business and product.
Supply chain control
The network of hardware suppliers, third-party or open-source components and dependencies we rely on is tested by years of collaboration and clear evaluation criteria. When considering new components on the market, they are thoroughly researched and tested before such components become a part of our clients’ products.
About us
Lemberg Solutions offices
Contact us
Get in touch with our expert to prepare for a compliant release to the EU market.
Slavic assists our customers with successfully implementing their IoT product ideas, maximizing the value of their investments in technology. Slavic has experience guiding multiple IoT projects in automotive, healthcare, consumer electronics, and energy domains.