Compliance in Software Development
Software is no longer just a technical matter. The Cyber Resilience Act (CRA), NIS-2, and the GDPR establish clear legal obligations for everyone who develops or operates connected software — with concrete liability consequences for violations. Those covered by the CRA must demonstrably meet the “state of the art”: secure development processes, SBOMs, vulnerability management, and coordinated disclosure are no longer best practices — they are mandatory.
At the same time, attacks are increasingly targeting the software supply chain: it is not your own code but a third-party dependency that becomes the entry point — as Log4Shell, xz, and SolarWinds have clearly shown. Most incidents are not caused by malicious intent, but by a lack of awareness in everyday development.
Add to this the certification pressure: organisations certified to ISO 27001 or BSI IT-Grundschutz — or working towards certification — must demonstrate regular, documented awareness training as a fixed element of their ISMS. Industry-specific regulations such as DORA (financial sector) or MDR (medical devices) raise the bar further depending on your market.
Our training courses address exactly this: hands-on, following the software lifecycle, with real code and real-world scenarios — so that compliance becomes part of the craft, not a burden. Choose the format that suits your team:
Online Compact Course — 2 days, live online
€870 per person (excl. VAT) · 5–15 participants · Dates: August & November 2026
The schedulable starting point: hands-on awareness training without travel costs or long lead times. Includes a certificate of attendance — ideal as a recurring building block for ISO 27001 / BSI IT-Grundschutz. No prior security knowledge required; also available for individual participants.
→ To the Online Compact Course
On-Site Training — 3 days, condensable to 2
Price on request · 10–15 participants · At your premises or at our office in Jena
The tailored option: scope, focus areas, and tech stack are aligned to your team in a preliminary discussion. Includes a multi-day detective exercise, a GDPR use case, and a dedicated AI module.
Contact: training[at]datainmotion.com