Skip to main content
ResiPlan
🇳🇱 Netherlands (CCV)

CYRA (Cyber Rating) — the Dutch cyber-resilience rating

A Dutch certification method managed by Het CCV that rates your cyber resilience by maturity — modular across IT, OT and healthcare, and a pragmatic companion to ISO 27001 and NIS2.

What is CYRA?

CYRA stands for Cyber Rating: a Dutch cyber-resilience rating and certification method. Since 1 January 2025 it is managed by Het CCV (Centrum voor Criminaliteitspreventie en Veiligheid); it was developed by the Cyber Weerbaarheidscentrum Brainport with TÜV NORD Nederland.

It rates maturity across four levels (Entry, Basic, Intermediate, Advanced) and suits organisations of any size and sector. It is modular: CYRA-IT builds on ISO/IEC 27001 (privacy via ISO/IEC 27701), CYRA-OT on IEC 62443, and CYRA-Zorg on the healthcare standard NEN 7510.

The CYRA modules

CYRA-IT (ISO/IEC 27001)

Information-security maturity, with privacy covered via ISO/IEC 27701.

CYRA-OT (IEC 62443)

Operational-technology and industrial control-system security.

CYRA-Zorg (NEN 7510)

Healthcare information security, the Dutch sector standard.

Four maturity levels

Entry, Basic, Intermediate and Advanced — self-assessment plus certification via accredited bodies.

CYRA with ResiPlan

ResiPlan includes the CYRA measure catalogue and runs a 0–4 maturity GAP analysis with evidence and an exportable report.

Because CYRA-IT is built on ISO/IEC 27001, cross-mapping is powerful: rate ISO 27001 once and the equivalent CYRA controls fill in automatically, so your CYRA assessment is a head start, not extra work.

Frequently asked questions

What does CYRA stand for?

CYRA stands for Cyber Rating — a Dutch cyber-resilience rating and certification method managed by Het CCV since 1 January 2025.

Is CYRA only for SMEs?

No. CYRA suits organisations of any size and sector; SMEs and growing organisations are a key audience, but it is not limited to them.

What standards is CYRA based on?

CYRA is modular: CYRA-IT builds on ISO/IEC 27001 (privacy via ISO/IEC 27701), CYRA-OT on IEC 62443, and CYRA-Zorg on NEN 7510 for healthcare.

Is CYRA the same as the Cyber Resilience Act (CRA)?

No. CYRA is a Dutch rating and certification method; the CRA is a separate EU regulation on the security of products with digital elements.

Can I assess CYRA and ISO 27001 together?

Yes. Since CYRA-IT is ISO 27001-based, rating ISO 27001 controls in ResiPlan auto-fills the equivalent CYRA controls through cross-mapping.

Other frameworks

ResiPlan covers 10 frameworks with cross-mapping: assess once, prove everywhere.

Assess your CYRA compliance

Run a maturity gap analysis, attach your evidence and generate a report — with cross-mapping to the other frameworks.

CYRA (Cyber Rating) — Dutch cyber-resilience certification | ResiPlan