We’re thrilled to shine the spotlight on Jade Pritchard, who has been an integral part of IASME for the past five years and is now stepping into an exciting new chapter as our Internet of Things (IoT) Certification Manager.
Congratulations on your new role, Jade! Can you share a bit about your journey at IASME over the past five years and what led you to take on this exciting new position as IoT Certification Manager?
I joined IASME in 2020, during the Covid pandemic, leading multiple teams within the Customer Services department. I went on to manage the internal Technical Support Team which made me realise that I wanted to train up on the technical side of cyber security.
IASME has provided me with invaluable opportunities for growth, including training in a range of IT infrastructure and cyber security areas.
In my new role as IoT Certification Manager, I combine my customer service experience with growing technical knowledge to oversee the smooth operation and development of the IASME IoT Cyber Scheme. This involves collaborating with IoT experts from across the IASME network and also working closely with sector stakeholders, such as the Police Secure by Design Scheme, the Internet of Things Security Foundation (IoTSF) and the Department of Science, Innovation and Technology (DSIT). Things are moving fast in this sector at the moment and I am incredibly proud of the IASME certification scheme.
Tell us more about the scheme.
The IASME IoT Cyber Certification Scheme provides independent assessment and certification of internet connected device to show that these devices meet the required level of cyber security.
There are two grades of certification, IASME IoT Cyber Baseline, which offers a structured path to meet the UK’s Product Security and Telecommunication Infrastructure (PSTI) Act requirements and IASME IoT Cyber Assurance, which ensures PSTI requirements are met, as well as the full 13 requirements of the leading global technical standard in IoT cyber security, ETSI EN 303 645 standard.
Certification cost is fixed at £476 for a micro organisations (0-9 employees) wanting to certify a connected device and £525 for organisations with more than 9 employees that want to certify a device.
The IoT Cyber Scheme certification is available at two levels of assurance, Level One consists of a verified assessment, reviewed by an independent expert and Level Two includes an audit via third-party compliance testing for greater assurance. The cost of the Level Two audit is £2100 for any size organisation.
How does IoT Cyber certification align with the recent UK legislation for consumer connected devices?
All of our IoT certifications fully align with the UK’s Product Security and Telecommunication Infrastructure (PSTI) Act. The certificate can be used as evidence that the device complies with this legislation.
Do you think the legislation goes far enough?
The UK took a world-leading step by introducing a minimum security standard for consumer IoT devices being sold. The legislation recognises that it is unreasonable to expect consumers to have in-depth knowledge of IoT cyber security when purchasing devices. Instead, it shifts the responsibility to manufacturers, resellers, and distributors, ensuring they meet baseline security requirements to protect the public.
While it’s an excellent first step, I believe it’s crucial to view these requirements as a minimum standard. Consumers deserve robust security, and as digital literacy continues to grow, manufacturers that prioritise security in their designs will be rewarded with increased trust and loyalty from their customers.
There is also the issue that manufacturers that have not met this standard have not yet been penalised at all. So we can see that many organisations feel they can get away with continuing to avoid these most basic of controls when making connected devices.
What are the implications of an IoT device security breach?
A cyber security breach involving a connected device can have far-reaching consequences for both individuals and organisations, with the potential outcomes varying widely due to the sheer number and diversity of IoT devices integrated into our daily lives. In the worst-case scenarios, breaches can cause significant disruption and inflict lasting damage.
In our homes, where IoT devices are increasingly used for security, a breach can feel incredibly invasive—imagine a hacker gaining access to a smart security camera, allowing them to spy on you or even monitor when a house is empty, completely undermining the sense of safety and privacy we expect in our personal spaces. On a larger scale, insecure IoT devices also pose a global threat through the creation of botnets. With an estimated 20 billion IoT devices in use worldwide, insecure devices are increasingly vulnerable to hacking and exploitation. In many cases, users remain unaware of a breach, as the device continues to operate as usual. However, these compromised devices can be covertly hijacked by hackers and combined into large networks, capable of launching large-scale cyber attacks on other targets.
The risks extend beyond personal devices to critical industries. For example, in 2015, BBC News reported that 1.4 million Jeep vehicles were recalled after researchers demonstrated that the internet-connected entertainment system could be hacked remotely, allowing attackers access to the control systems.
These examples highlight the urgent need for robust IoT security measures to protect both individuals and organisations from the potentially devastating consequences of a breach. As IoT adoption continues to grow, ensuring device security must remain a top priority.
How does the consumer know which products and services to look for?
IASME has an online certificate listing of IoT devices certified to IASME IoT Cyber. Consumers can check whether a device has achieved certification with us. The manufacturer can also demonstrate certification with a badge on the packaging or device itself.
What lies ahead for IoT security in 2026 and beyond?
IoT security will inevitably become a critical focus and a widely discussed topic. While the current PSTI legislation applies only to consumer IoT devices, the Department for Science, Innovation and Technology (DSIT) launched a Call for Evidence in May 2025 to explore the possibility of regulating enterprise IoT device security as well. The Call for Evidence closed in August 2025, and the results, along with any subsequent plans, are expected to be announced soon. Extended legislation in this area has the potential to significantly transform the landscape of IoT security in the UK. However, without clear consequences for non-compliance, we anticipate little meaningful action will be taken.
The EU’s upcoming Cyber Resilience Act (CRA) is another clear example of how governments and regulatory bodies are beginning to address these challenges.
What advice or message do you have for consumers?
You deserve security. You deserve to know that any device you’ve paid for and are bringing into your life, home or business will have at least the minimum expected cyber security controls. A quick and simple way to check whether your device is secure, is by searching for it on the IASME certificate listing. This search will let you know whether the connected device has achieved IASME IoT Cyber certification.
Additionally, follow the advice below on how to set up your IoT device securely:
- Change the default password.
Change the default password to a long, strong password that is unique to this device.
- Enable Two Factor Authentication.
You should also check to see if you can set up two-factor authentication (2FA) on your device. This is a process where you are required to give a code (often sent as a text message to your mobile phone or by using an authenticator app) in addition to a password. This ensures that other people cannot access your device from the internet with just your password.
- Install software updates or turn on automatic update
It is important to keep your device updated which enables the manufacturer to address any faults that have been discovered in the software. All software updates should be installed as soon as possible, and to make that easier, it is recommended that you switch on automatic updates if available.
- Turn off features that you do not need.
To limit the options that hackers have to find ways to attack your device, turn off or disable any features that you do not need and use on your device.
- Check your data privacy settings.
Consider carefully how much of your personal information you share with the device. If there are privacy options and functions, use them to limit how your data is stored or shared.
- Switch off remote access
It is generally recommended that you disable remote access unless absolutely necessary as this can be exploited by hackers to gain entry into your device and potentially your entire home network.
If product developers or manufacturers have any questions about IoT certification, how can they find out more about the scheme?
You can email me directly at [email protected]. We also have a LinkedIn page where you can speak with the team more informally, and receive guidance, advice and updates.
In 2026, I’ll be attending the following events, and will be available to talk to anyone about the scheme and certification.
SBD’s Atlas National Training Event 24-25 February 2026
National Cyber Security Show 28-30 April 2026
International Cyber Expo 29-30 September 2026