Following a successful pilot scheme funded by the Department of Digital, Culture, Media and Sport, IASME are delighted to launch the Internet of Things (IoT) Security Assured scheme.
We live in a world where an increasing number of items in our lives are connected to the internet. These devices can hold sensitive information about the people who use them and the environment in which they are used. The IoT Security Assured scheme is a vital tool for manufacturers to show alignment with upcoming UK legislation and European standards and also to reassure customers that the device they have purchased has the most important security controls in place.
“IASME has developed the IoT Security Assured certification scheme to provide an accessible, achievable and high-quality way for manufacturers to demonstrate the security of their internet-connected devices and to show they are compliant with best-practice security. When the IoT Security Assured scheme badge is displayed on a device it will reassure the end user that their device has the most important security features included.” Dr Emma Philpott MBE, CEO IASME.
"Having already awarded over 3000 IASME Cyber Essentials certificates to businesses, CNS are very aware of the tangible benefits that can be realised by undertaking cyber security certifications. The new IoT Security Assured certification provides a vital tool for manufacturing companies to demonstrate security, quality and compliance in an increasingly connected world." Sarah Edwards, MD, Capital Network Solutions Limited.
The IoT Security Assured scheme is aligned with the European technical standard for IoT security, ETSI EN 303 645, and with the proposed UK IoT security legislation and guidance. It is also mapped to the IoTSF Security Compliance Framework.
Within the IoT Security Assured scheme, there are three levels of security that a device can be certified to: Basic (aligned with proposed UK legislation), Silver (aligned with ETSI mandatory requirements and data protection provisions) or Gold (aligned with ETSI recommended requirements and data protection provisions).
The assessment consists of a set of simple questions about the security controls in place on the connected device and any associated services. A company board member must sign a declaration to confirm that the answers are all true. Once completed, a trained assessor will review the answers and give feedback on any aspect that is not compliant. If the assessment shows that the device meets the security requirements, the organisation will be provided with a certificate and badge for the relevant level to be placed on product packaging to reassure purchasers that their device has that level of security.
The scheme has been designed specifically to be accessible to smaller organisations, micro-businesses and start-ups, as well as larger, more established manufacturers. It will also enable organisations to verify the security of connected devices in their supply chain.
IASME would like to encourage manufacturers to come and talk to them about getting certified. The first 25 applicants will be offered a discounted price.
For more information about the scheme and advice about what to look for when buying an internet-enabled device or how to set up a device securely, please contact us.