Compliance Documentation That Passes Audits
The CRA requires extensive documentation before, during, and after market placement. Annex VII alone lists 13 categories of technical documentation. Kunnus generates, organizes, and exports it all.
Documentation Requirements (Annex VII)
Manufacturers must compile a complete technical file. Documentation must be retained for at least 10 years after market placement.
Product Description & Risk Assessment
General product description, intended purpose, cybersecurity risk assessment including threat analysis, attack vectors, and residual risk evaluation.
SBOM & Component Documentation
Software bill of materials documenting all components, dependencies, and provenance. Vulnerability handling process documentation.
Security Testing & Evidence
Reports from vulnerability testing, penetration testing, static analysis. Evidence of secure development lifecycle. Security update mechanism description.
Conformity Assessment & Declaration
Module A internal control documentation or Module B+C notified body evidence. EU Declaration of Conformity (Annex V). CE marking application records.
How Kunnus Automates Documentation
Every piece of compliance evidence in one place, linked to products, always current, always export-ready.
Central Evidence Repository
Security control assessments, risk records, vulnerability histories, SBOM records, supplier assessments, and testing reports – all linked to the relevant product.
One-Click Documentation Packages
Complete Technical File (Annex VII), EU Declaration of Conformity (Annex V), Self-Assessment Report (Module A), Third-Party Submission Package (Module B), and Market Surveillance Response.
Currency Tracking & Staleness Alerts
Last-updated indicators, staleness alerts when reviews are overdue, change triggers when products are modified, and version-specific snapshots for historical access.
Digital Audit Trail
Who created, modified, or approved each document. When changes were made. Approval workflows with digital signatures. Export history.
Why Documentation Is Where Compliance Projects Stall
Evidence is scattered across tools
Testing in Jira, risk assessments in SharePoint, SBOMs in build artifacts, supplier data in email. Assembling a technical file from 5+ tools takes weeks.
Living documentation vs. snapshots
CRA documentation must reflect the current product state. Risk assessments change, SBOMs update, vulnerabilities grow. Documentation must be maintained continuously.
Multi-product, multi-version complexity
20 products × 3 versions = 60 separate technical files. Manually managing completeness at that scale is operationally impossible.
Never Scramble for Audit Documentation Again
Kunnus keeps your compliance documentation organized, current, and export-ready – for notified bodies, market surveillance, or internal audits.