TL;DR
๐ The most direct route from signup to a signed MRCC, optimised by NexCyber experts.
โก Express path (Launch plan or above)
Week 1 โ Foundation
- โ Create your account ยท invite your compliance lead
- โ Add your Regulated Product Estate (start with your flagship product)
- โ Run the Scope Review โ see which frameworks apply
Week 2 โ Evidence ingestion
- โ Upload your SBOM (CycloneDX 1.4+ / SPDX 2.3+)
- โ Map existing policies (security, vuln handling, incident response)
- โ Add supplier attestations for tier-1 dependencies
Week 3 โ Close the gap
- โ Address top 3 gap priorities surfaced by RICE
- โ Re-upload refreshed evidence as needed
- โ Reach confidence threshold on at least 1 framework
Week 4 โ Request MRCC
- โ Click Request MRCC on your estate
- โ Regulatory expert review + sign-off
- โ Receive signed PDF + public verify URL
๐ฆ Confidence thresholds (functional view)
| Framework | What you need at minimum |
|---|---|
| ๐ก๏ธ CRA | SBOM + vuln-handling policy + tech-doc skeleton |
| ๐ NIS2 | 10 minimum measures mapped + supplier register |
| ๐ค AI Act | Risk tier classification + technical documentation |
| ๐ก RED Cyber | 3.3.d/e/f sub-requirements evidence |
| ๐ฆ DORA | ICT third-party register + incident classification template |
Specific scoring methodology is part of our private model. Public-facing confidence is summarised in bands (preview / computed / evidence-backed / externally-linked).
๐ก Pro tips
- ๐ฏ Start with one framework, not all five
- ๐ Aim for evidence-backed band before requesting MRCC
- ๐ค Loop in your auditor early โ share Trust Passport URL
โก๏ธ Next
๐ฌ Need help?
- Reach out via our live chat (bottom-right) โ Captain AI replies instantly, human experts within business hours.
- Email support@nexcyber.eu with
[P1]for Command/Strategic priority issues.
โน๏ธ Disclaimer โ RICE provides a readiness analysis, not legal advice. Final compliance may require legal review or notified body certification.
Last reviewed: 2026-06-02 ยท NexCyber Help Center