First to achieve BSI IoT Kitemark
What is IoT?
IoT stands for ‘Internet of Things’ which characterises the demand for more and more products to be ‘connected’. It’s the network of those ‘smart’ connected devices, people and systems and how they interconnect that forms IoT. In effort to increase efficiency and innovation, there are many connected devices out there. Either connected to each other in some way e.g. Bluetooth connected devices or to the wider internet. These smart devices include everything from mobile phones to watches, from kitchen appliances to door locks, from smart security to heating systems. The opportunities for devices and to change the way we live are endless.
The way in which these devices are connected does however, pose complexity and some implications about the data those devices use - how is that data is stored, how is it transferred and how’s is it encrypted. Security protocols need to be in place to prevent anyone without permission accessing the secure data. This could be camera footage, health information or contact details, correct procedures should be put in place, checked to ensure the security of the devices we use.
Who are the BSI?
BSI (British Standard Institution) is the business standards company that helps organisations all over the world with testing and training, to ensure products and services that consumers purchase meet certain criteria of excellence.
The BSI Kitemark is a symbol of trust, signifying that each product allowed to display the mark on the packaging, has gone through a serious of tests and achieved the highest standards. For over a century, the symbol has made it easier for consumers to recognise the mark of excellence and as such, make an informed choice.
What is the BSI Kitemark for IoT Devices?
To maintain the awarded Kitemark, products must also undergo ongoing rigorous and independent assessments to make sure the device functions and communicates as it should, and that it has the appropriate security protocols set in place.
This includes functional and interoperability testing, further penetration testing and audits to review any necessary remedial action. If security levels and product quality are not maintained the BSI Kitemark will be revoked until any flaws are rectified.
BSI Kitemark scheme requirements?
- Achieve and maintain conformity to ISO 9001 (Quality management system)
- Have passed the:
- relevant product performance and safety tests
- interoperability tests between devices and the internet
- initial penetration tests which scans for vulnerabilities and security flaws
- Regular monitoring and assessment comprising
- functional/interoperability tests
- penetration tests
- Kitemark audit to review the penetration results in context of the product, and review what actions have been taken
Why is there a need for an IoT Kitemark?
The BSI choose to develop a kitemark specifically centred around IoT products due to the growing demand for connected products and spread of these now available for consumers. There is a wide choice of such products in the market, from cheaper devices with limited functionality, to more complex expensive products that connect and share information between each other and the wider network.
The rise of such devices means the rules and regulations around data transfer, security and functionality need to be more stringent. The idea of this Kitemark is to mark those products that have passed the set of rigorous tests to make it easier for consumers to recognise and make an informed choice. Devices with the IoT kitemark can then be visibly seen as trustworthy, safe and secure.
According to BSI*, it is estimated that every household in the UK owns at least 10 internet connected devices, with this number expected to increase to 15 by 2020. By the same time, it is estimated that over a quarter of identified attacks will involve IoT devices, as recent high-profile breaches have demonstrated.
BSI Kitemark for IoT Device Products
ERA is one of the industry partners to work closely with BSI to develop the IoT Kitemark and as such the ERA Protect range have been subject to the rigorous tests as described and the product below have been awarded the BSI Kitemark for IOT Devices.
Please note no certification can ever guarantee 100% security, however, the BSI Kitemark for IoT ensures an internet connected device has the appropriate security controls in place for the information it is handling.