Vendor Management for the CRA Era
Under the CRA, you’re responsible for the security of every component in your product – including those from your suppliers. And your customers hold you to the same standard.
Upstream and Downstream – You’re in the Middle
CRA compliance flows in both directions. You are both a customer to your suppliers and a supplier to your customers.
Upstream: Supplier Obligations
Article 13(6) requires due diligence: collect SBOMs from suppliers, assess their vulnerability handling, ensure timely updates, verify components don’t introduce vulnerabilities.
Downstream: Customer Transparency
Article 13(15) requires providing users with information for secure product use. For B2B: SBOMs, security advisories, timely updates, and enabling customers to fulfill their own CRA obligations.
The Full Chain Responsibility
Importers (Article 19) must ensure compliance before market placement. Distributors (Article 20) verify CE marking. Any substantial modification triggers manufacturer obligations.
Vendor Portal & Kundenportal Features
Manage both directions from one platform: upstream supplier compliance and downstream customer transparency.
Supplier Onboarding & Assessment
Branded invitations, structured questionnaires aligned with CRA Article 13(6), SBOM upload in CycloneDX/SPDX, and compliance scoring with green/yellow/red status.
Component Tracking Across Products
Every supplier component mapped to every product. Instant impact assessment when supplier vulnerabilities are disclosed. SLA monitoring for remediation.
Customer Kundenportal
Branded portal with product security information, SBOM access, security advisory publishing, update information, and CVD contact details.
Automated Advisory Publishing
Generate security advisories with CVE reference and fix information. Review, approve, and publish. Customers are automatically notified. Track acknowledgment and update adoption.
Competitive Advantage Through Transparency
Differentiate from competitors
In B2B markets, CRA compliance is becoming a purchasing criterion. A Kundenportal demonstrates readiness that competitors can’t match.
Reduce customer questionnaire burden
Self-service portal replaces repetitive procurement questionnaires. Customers find what they need without back-and-forth.
Accelerate sales cycles
Proactively showing compliance readiness removes a common blocker in enterprise procurement. Compliance becomes a sales accelerator, not a brake.
Turn Vendor Management into Competitive Edge
CRA compliance is a supply chain challenge. Kunnus lets you manage suppliers, demonstrate due diligence, and provide transparency to customers – all from one platform.