Create a "Doing Risk Assessments per the ENISA framework" Course

[SecurityCaveman]

The CRA has requirements related to performing risk assessment but does not specify what the specific risk assessment requirements are. ENISA already has a risk management framework (https://www.enisa.europa.eu/topics/risk-management) that we believe might be used for the CRA requirement, or provide the underlying foundation for the CRA requirement.

Based on this we believe there is value in creating a course that explains the ENISA Risk Management framework.

[david-a-wheeler]

Sounds great! Per our discussion today, please send me an email, and I'll do some introductions.

[SecurityCaveman]

E-mail from Harald Fischer on 10 Nov 2025:

As discussed in the last CRA Awareness Working Group meeting.
I'd like to push forward the idea of building an Essential Cybersecurity Risk Management for Digital Products | CRA Products training. For this you've offered to establish a contact with the LF education team so that I can start with them as well.
In the meantime, I'll finish my draft of the structure of the course this week and would like to invite you David, CRob and Dave to give it a review.

Thanks for supporting me on this very new topic.

Best Regards
Harald

David Wheeler has connected him with Flavia from LF Education, who provided a template and guidance docs.