IT Consultancy
Project Management
Data Protection
Network Design
WAN & VPN
Wi-Fi & Guest Portals
Cloud (AWS/Azure)
Server Infrastructure
Active Directory
Storage
Backup & DR
5-Step Cyber Health Check
NCSC Cyber Advisor
Virtual CISO
Virtual DPO
Accreditation
Secure Architecture
Vulnerability Scans
Secure Destruction
Incident Response
Windows Applications
Mobile Apps
Web Applications
Internet of Things
Artificial Intelligence
Data Compliance
Database Design
Support Home
News & Blogs
FAQs
Contact Us
CompanyInternet of Things
Introduction
An increasing number of items in our lives are connected to the internet. This includes the usual things like computers and phones but now also includes a very wide variety of other items such as children’s toys, door bells, light switches, fridges, building environment controls. These 'connected devices' are often referred to as the Internet of Things or 'IoT' and they can be found at homes and in workplaces everywhere.
Connected devices can hold a lot of sensitive information about the people who use them and the environment in which they are used, so it is important that manufacturers of such devices design them to be secure.
IASME have developed the IoT Cyber scheme that provides an opportunity for manufacturers to improve the security of their internet-connected devices and certify to show they are compliant with best-practice security. The scheme has been designed specifically to be accessible to smaller organisations, micro-businesses and startups alongside more established manufacturers.
IASME have developed the IoT Cyber scheme that provides an opportunity for manufacturers to improve the security of their internet-connected devices and certify to show they are compliant with best-practice security. The scheme has been designed specifically to be accessible to smaller organisations, micro-businesses and startups alongside more established manufacturers.
Reassurance that IoT device have the most important security controls in place.Aligns with upcoming UK legislation and European standards.Demonstrates commitment to best-practice security for internet connected devices.Alignment With Industry Standards
The IoT Security Assured scheme is aligned with the ETSI technical standard for IoT security, EN 303 645, and with the proposed UK IoT security legislation and guidance. It is also mapped to the IoTSF Security Compliance Framework. A device can be certified to Basic (aligned with proposed UK legislation), Silver (aligned with ETSI mandatory requirements) or Gold (aligned with ETSI recommended requirements) levels.Certification Process
The Baseline scheme is compliant with the top three requirements of the ETSI EN 303 645 standard and the new Product Security and Telecommunications Infrastructure Act 2022, the minimum standard as required by UK Law.The Assurance scheme covers all 13 requirements of the ETSI EN 303 645 and the IoTSF’s Security Compliance Framework.
The level 2 audited level of the Assurance scheme has been identified by Secured by Design (a Police Crime Prevention Initiative) as one of the ways for manufacturers to confirm their products have the highest level of cyber security.
The certification process requires manufacturers to answer a set of simple questions, using IASME’s online portal, about the security controls in place on a connected device and any associated services. A board member or equivalent must sign a declaration to confirm that all the answers are accurate. The answers to this assessment are then reviewed by one of IASME’s IoT trained assessors.
If the manufacturer is successful, a certificate and a badge is provided to be placed product marketing and packaging to demonstrate the security of the device to purchasers.
IASME Internet of Things Packages
Jovasi Technology is an authorised certification body, offering certification for the IASME Cyber Baseline and Cyber Assurance.IoT Cyber Baseline Level 1
IoT self-assessment.- Maps to ETSI EN 303 645.
- Pre-certification guides & documents.
- Independent review.
- E-mail & telephone support.
- Technical support.
From £475 +VAT
QuoteIoT Cyber Baseline Level 2
- IoT self-assessment.
- Maps to ETSI EN 303 645.
- Hands-on device audit.
- Documentation review.
- E-mail & telephone support.
- Technical support.
From £2,000 +VAT
IoT Cyber Assurance Level 1
- IoT self-assessment.
- Maps to ETSI EN 303 645.
- Pre-certification guides & documents.
- Independent review.
- E-mail & telephone support.
- Technical support.
From £475 +VAT
IoT Cyber Assurance Level 2
- IoT self-assessment.
- Maps to ETSI EN 303 645.
- Hands-on device audit.
- Documentation review.
- E-mail & telephone support.
- Technical support.
From £2,000 +VAT
The Internet of Things certification is valid for 12 months, and must be renewed annually. Organisations who do not renew annually will be removed from the list of certified organisations on IASME's website. Jovasi Technology will remind you prior to the renewal date, so that you have adequate time to re-certify.
If you require additional technical support, then please specify these during the purchase process.
If you require additional technical support, then please specify these during the purchase process.
Frequently Asked Questions
- Why do i want this certification for my product?
Certification shows your customers that their device is in line with UK law to protect their data, but it also shows you take any potential cyber security risks seriously and are doing everything you can to protect customer data. - How long does certification last?Certification must be renewed annually.
- On your website for IoT, I see Baseline or Assurance. What’s the difference?The Baseline scheme is compliant with the top three requirements of the ETSI EN 303 645 standard and the new Product Security and Telecommunications Infrastructure Act 2022, the minimum standard as required by UK Law. The Assurance scheme covers all 13 requirements of the ETSI EN 303 645 and the IoTSF’s Security Compliance Framework.
The level 2 audited level of the Assurance scheme has been identified by Secured by Design (a Police Crime Prevention Initiative) as one of the ways for manufacturers to confirm their products have the highest level of cyber security. - What’s the difference between IoT Cyber Assurance Level 1 and Level 2?The level 1 scheme is a verified assessment. The applicant answers a set of questions, using IASME’s online portal, about the security controls in place on a connected device and any associated services. A board member or equivalent must sign a declaration to confirm that all the answers are accurate. The answers to this assessment are then reviewed by one of IASME’s IoT trained Assessors.
Level 2 is a hands-on audit of the device that includes an interview and a full review of the supporting documentation. - Can i just apply straight for Level 2 of the scheme?No, holding a level 1 certification is a prerequisite for applying for level 2.
- Our company makes multiple IoT devices, do i have to certify each device?Yes, each device will be assessed on its own merits and need its own certification. However, discounts could be available, depending on the number of devices needing to be certified.
- Do you provide additional technical help?Yes, we can provide technical support to help you get things in place prior to the self-assessment. Please see our bolt-ons section for more details.
Call
Contact Us