CRA Certification Framework (v0.1)

CRA Certification provides a structured, evidence-based pathway for organisations and practitioners to demonstrate competence and alignment with CRA Architecture, CRABoK, and the CRA Maturity Model.

Framework overview Organisational certification

Status

The Certification Framework is currently under development. Version 0.1 outlines the principles, scope, and alignment model for future CRA-aligned certification schemes.

1. Overview

The CRA Certification Framework defines how organisations and individuals will be assessed against CRA standards. Certification is designed to be evidence-based, transparent, and anchored in real recovery capability – not paperwork.

1.1 Certification types

  • Organisational Certification: assessment of institutional recovery readiness, aligned to CRA Maturity Model levels.
  • Practitioner Certification: role-based recognition of skills and knowledge grounded in CRABoK and CRA Architecture.

1.2 Certification principles

  • Evidence over assertion: certification requires demonstrated capability, not self-attestation.
  • Neutrality: CRA certifications are vendor-agnostic and based on principles, not products.
  • Traceability: all criteria map to CRA Architecture, CRABoK, and the Maturity Model.
  • Transparency: scoring logic and criteria are open and published.

2. Organisational Certification

Organisational certification evaluates whether an institution can demonstrate repeatable, evidence-backed recovery aligned to CRA Architecture. Certification levels are directly tied to the CRA Maturity Model.

2.1 Certification levels

Organisational certification uses the maturity levels as certification levels:

  • Level 1 – Initial
  • Level 2 – Developing
  • Level 3 – Established
  • Level 4 – Exemplar

Certification at Level 3 or 4 indicates industry-leading capability and strong supervisory confidence.

2.2 Evidence requirements

  • Documented CRA-aligned architecture for critical services.
  • Immutable vaulting and sterile-site recovery capabilities.
  • Exercise results demonstrating repeatability.
  • Identity rebuild procedures and minimal viable platform documentation.
  • CRABoK-aligned runbooks, patterns, and artefacts.

Certification outcome

CRA Certification does not certify organisations as “cyber secure”. It certifies that an organisation can recover trust through a structured, evidence-based rebuild after systemic compromise.

3. Practitioner Certification

Practitioner certification will recognise individuals with demonstrated knowledge of CRA Architecture, CRABoK, and recovery practices. This framework is being developed alongside the broader CRA training and competency model.

3.1 Certification tracks

  • Recovery Architect
  • Recovery Operator / Engineer
  • Recovery Assessor / Auditor
  • Recovery Manager (Governance & Oversight)

3.2 Knowledge sources

  • CRA Architecture v1.0
  • CRABoK domains and patterns
  • CRA Maturity Model
  • Evidence-based recovery principles

Assessment approach

Practitioner certification is expected to combine scenario-based assessments, knowledge exams, and demonstration of practical understanding. The focus is on capability, not rote memorisation.

4. Governance and independence

CRA Certification follows the same governance principles as other CRA standards: independence, neutrality, transparency, and version control.

Alignment with CRA governance

  • Certification criteria map directly to CRA Architecture and CRABoK.
  • Certification levels align to CRA Maturity Model levels.
  • Updates follow CRA versioning and consultation processes.
  • CRA remains vendor-neutral and technology-independent.

5. Roadmap

The Certification Framework will evolve over 2025 to provide clear assessment criteria, scoring methods, and programme structure.

Planned activities

  • Define certification criteria and scoring logic
  • Publish sample evidence expectations
  • Create practitioner competency maps
  • Develop training and assessment partners (non-exclusive)
  • Release CRA Certification Framework v1.0