IoT Security Assessment
Each year the number of items connected to the internet increases dramatically, these “smart” devices not only include computers and phones but also include devices such as children’s toys, door bells, light switches, fridges, building environment controls. These devices are often called the Internet of Things or “IoT”. Currently, there is very little regulation or control of the way things connect to the internet which can leave business and families vulnerable to attack, data loss and privacy invasion.
A recent report from the Internet Society which surveyed global consumers identified many concerns but also ‘the trust opportunity’. The opportunity exists for manufacturers to differentiate themselves by offering proof of trustworthy behavior and demonstrating steps have been taken to design security into their processes and products.
Working with experts from the IoT Security Foundation, IASME has defined a set of 30 checks which can be verified by a national network of certifying bodies. Once the applicant satisfies those checks, a certificate is issued and the company can use the Basic tick mark on marketing materials.
The IoT certification scheme is aligned against the ETSI technical standard for IoT security, EN 303 645, and with the proposed UK IoT security legislation and guidance. It is also mapped to the IoTSF Security Compliance Framework.
The IoT certification comes in three levels, these being: Basic, Silver and finally Gold. The cost of the certification is £500 + VAT.
- The Basic level is aligned with proposed UK legislation and covers the top three requirements of the ETSI standard.
- The Silver level is aligned with the ETSI mandatory requirements and Data Protection provisions.
- The Gold level is aligned with the ETSI mandatory requirements as well as all the additional ETSI recommended requirements and Data Protection provisions.
The IoT certification process is a simple set of questions, which allow the manufacturer to self-assess using the IASME online portal. The questions ask the manufacture about the security controls which are in place on their IoT device and any associated services, such as mobile app or APIs.
A board member or equivalent senior member of staff must sign a declaration to confirm that all the answers are accurate.
Once certificated, you will receive a certificate and a badge which can be used to highlight your compliance.
Get in touch with us today and see how we can help you certify your IoT product to the new scheme.