Certify Your IoT Product
Reassure your customers that their device has the most important cyber security controls in place
Align your connected devices with UK & EU legislation and with internationally recognised standards in IoT security
Demonstrate your commitment to best practice cyber security for internet connected devices
IASME is working in partnership with the Police Crime Prevention Initiative, Secured By Design. Secured by Design (SBD) operates an accreditation scheme on behalf of the UK Police Service to show that products or services have met recognised security standards.
Secured by Design recently launched the Secure Connected Device accreditation for manufacturers of innovative connected security products such as alarm systems and video products. The IASME IoT Cyber Assurance Level Two scheme is one of the approved ways that manufacturers can confirm their products have the highest level of cyber security.
What is IASME IoT Cyber?
Until recently, cyber security has been notably lacking in many consumer connected devices, putting users at risk from online threats. But now, thanks to new UK legislation and rising customer awareness, all consumer connectable products sold in the UK, no matter where they are made, must comply with basic IoT security.
IASME IoT Cyber certifies internet connected devices against the most important cyber security controls. A certification badge which can be displayed on the product packaging allows purchasers to verify the security of the device.
Best Practice Cyber Security
The IASME IoT Cyber scheme provides manufacturers with a framework to improve the cyber security of internet-connected devices in their supply chain.
Legal and Regulatory Compliance
The scheme aligns with UK legislation, (Product Security and Telecommunications Infrastructure Act 2022) and the requirements of the leading global standard in IoT security, ETSI EN 303 645.
Increased Customer Trust
Compliant products receive a certification badge which can be displayed on product packaging and marketing to allow purchasers to verify the security of the device.
Enhanced Data Protection and Privacy
The IASME IoT Cyber Scheme has been designed to be affordable and achievable by even the smallest of manufacturers which enables small, innovative companies to be part of the market.
Follow our step-by-step guide below to find out which level is best suited to your device.
Step 1. What certification grade do I need?
Baseline or Assurance?
The annually renewable scheme allows manufacturers to certify connected devices at two different grades of certification.
IoT Cyber Baseline
This certification provides manufacturers with a framework to improve the cyber security of internet-connected devices in their supply chain and to show compliance with best-practice cyber security and UK law. The certification is designed to be accessible to smaller organisations, micro-businesses, start-ups as well as larger, more established manufacturers.
Benefits include:
- Aligns with The Product Security and Telecommunications Infrastructure Act 2022
- Covers the top three requirements of the leading global standard in IoT security, ETSI EN 303 645.
- Guards against the exploitation of common vulnerabilities (weak passwords, legacy software and insecure communications).
IoT Cyber Assurance
IoT Cyber Assurance is aligned with UK legislation and all of the 13 provisions in the ETSI EN 303 645 standard, extending beyond just the top three required for UK law.
IoT Cyber Assurance Level Two certification is one of the approved ways that makes up an essential part of the framework for Secure by Design's Secure Connected Device accreditation.
Benefits include:
- Aligned with UK law and covers all 13 of the provisions in the ETSI standard.
- Complies to the IoTSF Security Compliance Framework.
- Certification at this higher level demonstrates the device has more protection for personal data and guards against sustained attacks.
Step 2. Which certification level do I need?
Baseline Verified Assessment or Audit?
The annually renewable scheme allows manufacturers to certify connected devices at two different levels of certification.
Level One Verified Assessment
Level One consists of a verified assessment, reviewed by an independent expert.
The Level One verified assessment certification process requires manufacturers to answer a set of simple questions, using IASME’s online portal, about the cyber security controls in place on a connected device and any associated services. A board member or equivalent must sign a declaration to confirm that all the answers are accurate. The answers to the assessment are then reviewed by one of IASME’s IoT trained Assessors.
If the manufacturer is successful, a certificate and a badge is awarded. The badge can be placed on product marketing and packaging to demonstrate the security of the device to purchasers.
Price. TBC..
Level Two Audit
Level Two includes an audit via third-party compliance testing for greater assurance.
Level Two audit includes a hands-on audit of the device, a review of the supporting documentation provided by the IoT device manufacturer and an interview to verify the answers provided to the verified assessment questions. The audit is managed by an Assessor from one of IASME’s network of Certification Bodies. The scope of the certification includes the IoT device and any associated hub, app and cloud service the device relies upon to operate.
Organisations must attain verified assessment before applying for the audit.
Price. TBC..
Step 2. Which certification level do I need?
Assurance Verified Assessment or Audit?
The annually renewable scheme allows manufacturers to certify connected devices at two different levels of certification.
Level One Verified Assessment
Level One consists of a verified assessment, reviewed by an independent expert.
Level One verified assessment certification process requires manufacturers to answer a set of simple questions, using IASME’s online portal, about the cyber security controls in place on a connected device and any associated services. A board member or equivalent must sign a declaration to confirm that all the answers are accurate. The answers to the assessment are then reviewed by one of IASME’s IoT trained Assessors.
If the manufacturer is successful, a certificate and a badge is awarded. The badge can be placed on product marketing and packaging to demonstrate the security of the device to purchasers.
Price. TBC..
Level Two Audit
Level Two includes an audit via third-party compliance testing for greater assurance.
The Level Two audited certification includes a hands-on audit of the device, a review of the supporting documentation provided by the IoT device manufacturer and an interview to verify the answers provided to the verified assessment questions. The auditing is managed by an Assessor from one of IASME’s network of Certification Bodies. The scope of the certification includes the IoT device and any associated hub, app and cloud service the device relies upon to operate.
Organisations must attain verified assessment before applying for the audit.
Price. TBC..
Step 3. Please confirm your choices
IASME IoT Cyber Baseline - Level One
The IASME Cyber Baseline scheme certifies internet connected devices against the most important security controls. It aligns with UK legislation and covers the top three requirements of the leading global standard in IoT security, ETSI EN 303 645.
Level One consists of a verified assessment, reviewed by an independent expert.
Please apply for this scheme first.
Payment and Login Information
When your payment is received, we will send you login details to access the online assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment. If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC
Step 3. Please confirm your choices
IASME IoT Cyber Baseline - Level Two
The IASME Cyber Baseline scheme certifies internet connected devices against the most important security controls. It aligns with UK legislation and covers the top three requirements of the leading global standard in IoT security, ETSI EN 303 645.
Level Two provides an additional level of certification above the verified assessment of Level One, providing third-party compliance testing managed by an Assessor skilled in IoT cyber security.
Please do not apply for this scheme until you have passed Level One.
Payment and Login Information
When your payment is received, we will send you login details to access the online assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment. If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC
Step 3. Please confirm your choices
IASME IoT Cyber Assurance - Level One
The IASME IoT Cyber Assurance scheme certifies internet connected devices against a higher grade of security controls. It is aligned with UK legislation and all of the 13 provisions in the ETSI EN 303 645 standard.
Level One consists of a verified assessment, reviewed by an independent expert.
Please apply for this scheme first.
Payment and Login Information
When your payment is received, we will send you login details to access the online assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment. If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC
Step 3. Please confirm your choices
IASME IoT Cyber Assurance - Level Two
The IASME Cyber Assurance scheme certifies internet connected devices to a higher standard of cyber security. It aligns with UK legislation and covers all 13 of the requirements of the leading global standard in IoT security, ETSI EN 303 645.
Level Two provides an additional level of certification above the verified assessment of Level One, providing third-party compliance testing managed by an Assessor skilled in IoT cyber security.
Please do not apply for this scheme until you have passed Level One.
Payment and Login Information
When your payment is received, we will send you login details to access the online assessment platform to begin your certification. You have 6 months to complete your assessment before your account is archived. Unfortunately we cannot issue a refund so please do not apply until you are ready for the assessment. If you get stuck or have any questions, please give us a call on 03300 882 752 or email us on [email protected]
Price: TBC