If you’re involved in making, importing, distributing or selling smart products in the UK, understanding the Product Security and Telecommunications Infrastructure Act 2022 (PSTI) is crucial. Enacted last year, this legislation mandates that UK consumer connectable products adhere to the top three requirements from the globally recognised IoT security standard, ETSI EN 303 645. These requirements include the presence of a unique password, provision of information on reporting vulnerabilities to the manufacturer, and disclosure of the support period at the point of sale. The 12-month grace period on these directives comes to an end on April 29th this year, after which, non-compliance could result in severe consequences, including substantial fines and product recalls.
To guide you through these regulations, IASME offers a comprehensive certification scheme for any connected product, particularly the consumer devices governed in the PSTI Act. This not only serves as a clear affirmation of PSTI compliance but also furnishes manufacturers with a structured framework to enhance the security of their devices. The certification, validated by an independent Assessor, ensures that your product aligns with the stipulated standards.
Initiated with support from the Department of Digital, Culture, Media, and Sport, the IASME IoT Cyber scheme has successfully certified numerous innovative UK manufacturers, showcasing their adherence to all 13 controls outlined in the ETSI standard.
Obtaining IoT cyber security certification from IASME is a strategic move to demonstrate to regulators and customers alike that your product adheres to both legislation and best practices in security. With various options available in the market, ranging from free self-certification processes to comprehensive product penetration testing, IASME stands out by providing a quick and affordable certification process at £500, completed within a few days.
The IoT Cyber scheme offers two levels: Baseline and Assurance. Baseline aligns with the top three requirements of ETSI EN 303 645, making it ideal for confirming compliance with current UK law. The Assurance level surpasses PSTI requirements by certifying against all 13 requirements of EN 303 645, reflecting a proactive commitment to future-proofing security.
Certification grants you a badge to display on your product, serving as a visible indicator of its security and legal compliance. This badge communicates transparency, authenticity, and a dedication to meeting the highest industry standards.
Affordability is a key principle in the design of the IASME IoT Cyber scheme, ensuring accessibility for even the smallest manufacturers. IASME’s Assessors, experts in IoT cyber security, offer consultancy to assist manufacturers in meeting requirements, including the provision of free Policy templates downloadable from the IASME website.
When it comes to addressing the physical security of internet connected products, for example, sensors on doors and windows, alarm systems, locks etc, IASME has been working in partnership with the police security initiative, Secured by Design. Secured by Design is the most well-known of the Police Crime Prevention Initiatives (Police CPI) portfolio. Secured by Design (SBD)operates an accreditation scheme on behalf of the UK Police Service to show that products or services have met recognised security standards. These products or services – which must be capable of deterring or preventing crime – are described as having achieved ‘Police Preferred Specification’.
Secured by Design launched the Secure Connected Device accreditation for companies providing IoT connected products and services and they have picked the IASME IoT Cyber Assurance level 2 scheme as one of the ways for manufacturers to confirm their products have the required level of cyber security.
In a dynamic market, adaptability and staying ahead of regulations are paramount. Certification to a recognised standard adds value to your brand and is a potent means of building trust with your customers. IoT security certification also enables organisations to demonstrate their commitment to best practice security by verifying the security of connected devices in their supply chain.
Jason Blake is the scheme manager for the IoT Certification at the IASME Consortium, joining in January 2023. He has a background in physical security, information security and then landed in IoT; a sector he is very passionate about.
