NXM Labs' IoT Device CRA Pre-compliance Audit is a third-party audit service designed to help IoT device manufacturers assess their compliance posture against the European Union's Cyber Resilience Act (CRA) and international standards such as ISO 27001. The audit is structured in five stages: 1. Consultation Meeting (30 min): An initial session to gather basic information about the IoT device, coordinate scheduling, and address preliminary questions for the gap assessment. 2. Compliance Questionnaire: The device manufacturer answers a set of questions about their IoT platform to establish a baseline understanding of their current security posture. 3. Analysis (4 hrs): NXM evaluates the device's development maturity, its impact on customer environments under the CRA, and the effect of typical management processes at customer sites, referencing CRA and ISO 27001 standards. 4. Audit Report (5 hrs): Deliverables include a vulnerability report summarizing current platform vulnerabilities and compliance gaps, along with remediation steps covering software, platform, policy, and personnel areas. 5. Presentation (30 min): Results are presented at a closing meeting. Upon completion, clients receive a formal letter reviewing their IoT device and its potential customer impact, and a Cybersafe Level 1 rating (Fail, Conditional, or Compliant) published on the NXM Labs website as third-party evidence of compliance. This service is positioned as a pre-certification audit rather than a full certification, intended to identify the minimum steps needed to compete in the EU market under the CRA.