All Features
Vendor Assessment

Supply chain security with structured vendor assessment

Vendor management, pre-built CRA frameworks, and self-service vendor portal (coming soon)

Articles 13(5) and 13(12) of the Cyber Resilience Act require manufacturers to ensure the security of their supply chain. Kunnus makes vendor assessment efficient: manage vendor data centrally, use pre-built CRA assessment frameworks, and prepare for the self-service vendor portal coming in Q2 2026.

Pre-builtFrameworks
1-ClickImport
Supply ChainSecurity
Portal (Q2)Vendor
app.kunnus.tech/compliance/assessments
Vendor Security Assessments
CRA Vendor Security Assessment Framework
+ New Assessment
TechDrive GmbHApproved
Low Risk
Score 92%
Criteria 14
AutoControl AGApproved
Low Risk
Score 88%
Criteria 14
ConnectPro ElectronicsApproved
Medium
Score 71%
Criteria 14
SignalTech GmbHIn Progress
Medium
Score 54%
Criteria 14
GridLink SystemsApproved
Low Risk
Score 95%
Criteria 14
PowerNode GmbHIn Progress
High
Score 31%
Criteria 14

Key Benefits

Vendor Records

Full CRUD for vendor data. One-click import of common well-known vendors. All vendor information centrally in one place.

Vendor Assessments

Type-Vendor assessments in the compliance module. Pre-built CRA Vendor Security Assessment framework for structured evaluations.

Vendor Portal (Q2 2026)

Self-service portal for vendors: answer assessments, upload evidence, and report vulnerabilities. Coming in Q2 2026 -- the foundations are being laid now.

Pre-Built CRA Frameworks

The CRA Vendor Security Assessment framework is pre-built and ready to use. Configurable criteria for organization-specific requirements.

Capabilities

Central Vendor Management

CRA Art. 13(5)

Full CRUD for vendor data with one-click import of common vendors. All information centrally managed and searchable.

CRA Vendor Security Assessment

Art. 13(12)

Pre-built assessment framework specifically for CRA-compliant vendor evaluation. Ready to use with configurable criteria.

Compliance Module Integration

Annex I Part II

Vendor assessments are fully integrated into the compliance module. Risk levels, evidence upload, and review workflow included.

Self-Service Vendor Portal (In Development)

Vendors answer assessments, upload evidence, and report vulnerabilities through a self-service portal. Planned for Q2 2026.

Supply Chain Risk Overview

Overview of all vendors, their risk levels, and open assessment items. Prioritization based on criticality of supplied components.

Use Cases

01

Initial Vendor Onboarding

A manufacturer imports their 50 most important vendors via one-click import and immediately starts structured evaluation using the CRA Vendor Security Assessment framework.

02

Vendor Risk Management

Before integrating a new third-party component, the vendor is assessed. Supply chain risks are identified early and documented.

03

Audit Evidence for Supply Chain Security

Auditors receive structured evidence of all vendor evaluations -- including evidence, risk levels, and review history.

Related Features

Compliance Assessment

Vendor assessments are part of the compliance module with full lifecycle management.

Learn more

SBOM Management

Vendor SBOMs are centrally managed and vulnerabilities automatically correlated.

Learn more

Product Management

Vendor components are linked to products in the component library.

Learn more

Secure your supply chain systematically

See how Kunnus connects vendor assessment and supply chain security. We'll walk you through the workflow in a personalized demo.

View Walkthrough