Cyber Resilience Act (CRA) – Customer Assurance Statement

Our commitment to product security

Intelligent Decisioning Ltd is committed to delivering software products that are secure by design, resilient in operation, and responsibly maintained throughout their lifecycle.

In line with this commitment, we have aligned our product development and security practices with the EU Cyber Resilience Act (Regulation (EU) 2024/2847), which establishes mandatory cybersecurity requirements for products with digital elements made available on the EU market.

Scope of this statement

This assurance statement applies to the following Intelligent Decisioning products:

  • Mercury Intranet
  • docCentrum
  • docBot
  • MegaNav
  • Digital Asset Manager
  • Knowledge Base

Each of these products is classified as a default product with digital elements under the Cyber Resilience Act and is subject to self‑assessment in accordance with the Regulation.

How we meet Cyber Resilience Act requirements

Secure by design and secure by default

Our products are designed and developed with security as a core requirement. This includes:

  • Minimising attack surface
  • Using secure default configurations
  • Respecting access controls and identity boundaries
  • Protecting data against unauthorised access

Security considerations are embedded into architecture, development, and release decisions.

Secure development and lifecycle management

We operate a defined secure development lifecycle that ensures security is considered throughout:

  • Design and build
  • Testing and release
  • Ongoing maintenance and support

Security updates and fixes are provided in line with each product’s supported lifecycle.

Vulnerability handling and updates

Intelligent Decisioning maintains a structured vulnerability handling process that includes:

  • Receiving and assessing vulnerability reports
  • Prioritising and remediating security issues
  • Delivering updates and mitigations to customers
  • Maintaining appropriate records of actions taken

This process applies across all covered products.

Transparency and software supply chain awareness

We maintain visibility of third‑party components used within our products and manage dependencies responsibly.
Where required, Software Bills of Materials (SBOMs) and supporting technical documentation are maintained and available to competent authorities upon request.

Incident preparedness and regulatory reporting

We maintain incident response procedures aligned with Cyber Resilience Act requirements.
Where a serious security incident or actively exploited vulnerability is identified, we are prepared to meet applicable regulatory reporting obligations within the required timelines.

Conformity and documentation

For each in‑scope product, Intelligent Decisioning has:

  • Completed a CRA self‑assessment
  • Maintained appropriate technical documentation
  • Issued an EU Declaration of Conformity under Regulation (EU) 2024/2847

Supporting evidence is retained and can be made available to relevant authorities, partners, or customers where appropriate.

What this means for our customers

Customers can be confident that:

  • Security is treated as a product quality requirement, not an afterthought
  • Our products are designed to meet current and emerging EU cybersecurity expectations
  • We take responsibility for security throughout the product lifecycle
  • We are prepared for the full application of the Cyber Resilience Act ahead of its enforcement deadlines

Learn more about how we can help you