The CYRA certification model consists of four steps
CYRA stands for “CYberRAting”. A tool to map digital resilience of companies and to get started with improvements.
Intermediate
Organization
- Acceptable Use of Information and Other Company Assets
- Return of Company Assets
- Label information
- Authentication information
- Responsibilities and Procedures
- Assessment and decision-making on information security events
- Response to information security incidents
- Separation of duties
- Determining applicable law and contractual requirements
- Intellectual property rights
- Protect registrations
- Compliance with security policies/standards
- Executive Responsibilities
- Information security in project management
Staff
- Termination or Change of Employment Responsibilities
Physically
- Storage media
- Utilities
- Equipment maintenance
Technology
- Availability of information processing facilities
- Monitoring activities
- Clock synchronization
- Separation into networks
- Security testing during development and adoption
- Outsourced software development
- Capacity management
Privacy
- Assignment that constitutes an infringement
- Return, transfer or deletion of personal data
- Records of the provision of personal data to third parties