← All training courses

Compliance in Software Development

Software is no longer just a technical matter. The Cyber Resilience Act (CRA), NIS-2, and the GDPR establish clear legal obligations for everyone who develops or operates connected software — with concrete liability consequences for violations. Those covered by the CRA must demonstrably meet the “state of the art”: secure development processes, SBOMs, vulnerability management, and coordinated disclosure are no longer best practices — they are mandatory.

At the same time, attacks are increasingly targeting the software supply chain: it is not your own code but a third-party dependency that becomes the entry point — as Log4Shell, xz, and SolarWinds have clearly shown. Most incidents are not caused by malicious intent, but by a lack of awareness in everyday development.

Add to this the certification pressure: organisations certified to ISO 27001 or BSI IT-Grundschutz — or working towards certification — must demonstrate regular, documented awareness training as a fixed element of their ISMS. Industry-specific regulations such as DORA (financial sector) or MDR (medical devices) raise the bar further depending on your market.

Our training courses address exactly this: hands-on, following the software lifecycle, with real code and real-world scenarios — so that compliance becomes part of the craft, not a burden. Choose the format that suits your team:


Online Compact Course — 2 days, live online

€870 per person (excl. VAT) · 5–15 participants · Dates: August & November 2026

The schedulable starting point: hands-on awareness training without travel costs or long lead times. Includes a certificate of attendance — ideal as a recurring building block for ISO 27001 / BSI IT-Grundschutz. No prior security knowledge required; also available for individual participants.

→ To the Online Compact Course


On-Site Training — 3 days, condensable to 2

Price on request · 10–15 participants · At your premises or at our office in Jena

The tailored option: scope, focus areas, and tech stack are aligned to your team in a preliminary discussion. Includes a multi-day detective exercise, a GDPR use case, and a dedicated AI module.

→ To the On-Site Training


Contact: training[at]datainmotion.com