Frequently Asked Questions


Why do I want this certification for my product?

Certification shows your customers that their device is in line with UK law to protect their data, but it also shows you take any potential cyber security risks seriously and are doing everything you can to protect customer data.

How long does certification last?

Certification must be renewed annually. We will aim to use the same Certification Body for reassessment, allowing manufacturers to maintain a relationship with their Certification Body. Should you want a different Certification Body, please contact us and it can be arranged.

We are only a startup, is this scheme affordable?

The scheme is costed to make it accessible to any company making IoT devices, whether you’re a huge multinational corporation or a startup of one. Our scheme costs just £475 + VAT for a micro business or £525 + VAT for other businesses.

On your website for IoT, I see Baseline or Assurance. What’s the difference?

The Baseline scheme is compliant with the top three requirements of the ETSI EN 303 645 standard and UK Law (PSTI Act 2022). The Assurance scheme covers all 13 requirements of the ETSI EN 303 645 and the IoTSF’s Security Compliance Framework.
The Level Two audited level of the Assurance scheme has been identified by Secured by Design (a Police Crime Prevention Initiative) as one of the ways for manufacturers to confirm their products have the highest level of cyber security.

What’s the difference between IoT Cyber Assurance Level One and Level Two?

Our Level One scheme is a verified assessment. The applicant answers a set of questions, using IASME’s online portal, about the security controls in place on a connected device and any associated services. A board member or equivalent must sign a declaration to confirm that all the answers are accurate. The answers to this assessment are then reviewed by one of IASME’s IoT trained Assessors.
Level Two is a hands-on audit of the device that includes an interview and a full review of the supporting documentation.

Do I have to pay for the scheme before I know what questions I will be asked?

The question set for Level One of the scheme is available to download free of charge from our website. This covers both Baseline and Assurance. You can also map the questions against EN 303 645 and the IoT Security Compliance Framework.

How long do I have to complete my assessment after I have paid?

When your payment is received, we will send you login details to access the on-line assessment platform to enable you to begin your certification, you will then have 6 months to complete the assessment.

My company doesn’t have a vulnerability policy as we are only just starting out, can you help?

Yes, we specialise in helping SMEs and you can download a free vulnerability disclosure policy and a free security policy template from our website. These can be personalised to your specific company specifications.

If I don’t pass on the first attempt, do I have another chance?

Yes, if you fail on your first attempt you are allowed a free submission, but this must be completed within 30 days.

I’m unsure whether my device is suitable for the IoT assessment, is there anything I can do?

Yes, please email our scheme manager [email protected] to discuss your concerns and we will discuss the scope of the assessment prior to purchasing.

Can I apply just for Level Two of the scheme?

No, holding a Level One certification is a prerequisite for applying for Level Two.

If I fail, will I get feedback about why I failed?

All clients get feedback on any aspect of the assessment which is not fully compliant. You will get a report including all the answers you gave and comments from the Assessor against any that were considered non-compliant. If you fail the assessment, this feedback should help you improve your security so you can pass in the future.

My company makes multiple IoT devices, do I have to certify each device?

Yes, each device will be assessed on its own merits and need its own certification. However, discounts could be available, depending on the number of devices needing to be certified. Please contact the IoT Scheme manager to discuss. His email is [email protected]

My company wants to become a Certification Body for the IoT Cyber Scheme, how do I do that?

We are always looking for new Certification Bodies; if you are interested, please contact our IoT Scheme manager [email protected].

Get IoT Cyber Baseline or IoT Cyber Assurance today

If you have any other questions and would like to chat with a member of our customer services team, please contact us today on 03300 882 752 or email us on [email protected].