Develops proposal for the CRR-Scheme and the Cyber Risk Label accordingly
Escalation instance in case of disputes regarding rating or label qualification
Evaluations after withdrawal of the rating / label
Definition of requirements
Approval of CRR-Scheme and the Cyber Risk Label accordingly
Scheme corrections on demand
The governance of the cyber risk rating schemes lies in the hands of the Cyber Risk Advisory Board, which consists of leading cybersecurity experts from large Operators of essential Services from all sectors according to the NIS directive (banks, energy providers, healthcare providers, digital services, etc.). Additionally, there are representatives of the competent NIS authority in the Cyber Risk Advisory Board. Therefore it is not only guaranteed that the requirements of the Cyber Risk Rating are technically according to state of the art, but they also comply with the security requirements of large enterprises as well as the competent authorities.
The scheme is subject to an ongoing review and improvement, to reflect the ever changing requirements of the cybersecurity domain.