What is CYRA?
CYRA stands for Cyber Rating: a Dutch cyber-resilience rating and certification method. Since 1 January 2025 it is managed by Het CCV (Centrum voor Criminaliteitspreventie en Veiligheid); it was developed by the Cyber Weerbaarheidscentrum Brainport with TÜV NORD Nederland.
It rates maturity across four levels (Entry, Basic, Intermediate, Advanced) and suits organisations of any size and sector. It is modular: CYRA-IT builds on ISO/IEC 27001 (privacy via ISO/IEC 27701), CYRA-OT on IEC 62443, and CYRA-Zorg on the healthcare standard NEN 7510.
The CYRA modules
CYRA-IT (ISO/IEC 27001)
CYRA-OT (IEC 62443)
CYRA-Zorg (NEN 7510)
Four maturity levels
CYRA with ResiPlan
ResiPlan includes the CYRA measure catalogue and runs a 0–4 maturity GAP analysis with evidence and an exportable report.
Because CYRA-IT is built on ISO/IEC 27001, cross-mapping is powerful: rate ISO 27001 once and the equivalent CYRA controls fill in automatically, so your CYRA assessment is a head start, not extra work.
Frequently asked questions
What does CYRA stand for?
CYRA stands for Cyber Rating — a Dutch cyber-resilience rating and certification method managed by Het CCV since 1 January 2025.
Is CYRA only for SMEs?
No. CYRA suits organisations of any size and sector; SMEs and growing organisations are a key audience, but it is not limited to them.
What standards is CYRA based on?
CYRA is modular: CYRA-IT builds on ISO/IEC 27001 (privacy via ISO/IEC 27701), CYRA-OT on IEC 62443, and CYRA-Zorg on NEN 7510 for healthcare.
Is CYRA the same as the Cyber Resilience Act (CRA)?
No. CYRA is a Dutch rating and certification method; the CRA is a separate EU regulation on the security of products with digital elements.
Can I assess CYRA and ISO 27001 together?
Yes. Since CYRA-IT is ISO 27001-based, rating ISO 27001 controls in ResiPlan auto-fills the equivalent CYRA controls through cross-mapping.