Help & Resources
Find a Certification Body
IASME Certification Bodies or CBs are specially trained cyber security companies located across the world. Many of the CBs are micro or small organisations and all are licensed and assured by IASME to offer assessment and certification to cyber security standards such as IoT Cyber.
An IASME Assessor is a trained and qualified cyber security professional that assesses cyber security standards such as IoT Cyber. All Assessors need to work for a Certification Body to be able to carry out assessments.
Free download of IoT Verified Assessment Questions
Please note, these questions are for information only. If you want to be assessed, please apply online for an assessment. Once you have paid we will send you the login details to access a secure online assessment platform. Do not send your answers to the verified assessment questions directly to us.
What to look for when buying connected devices
Besides computers, laptops, tablets and mobile phones, do you have other objects in your home that connect to the internet? Examples might be a printer, speakers, home appliances, the TV, security cameras and lights. These ‘connected’ devices are collectively known as the ‘internet of things’ (IoT) and they enable you to control their functions from an app on your phone or tablet. In the case of a smart TV, the device can access resources from the internet such as streaming services.
If you can access your smart device online, there is the possibility that other people can also access it. This raises security and privacy questions.
The Product Security and Telecommunications Infrastructure Act 2022 has come into UK law. The first part of which will help ensure that all consumer smart products have good security to protect against threats from the internet.
IoT security threats can include the theft of personal data, the invasion of privacy, or the hijacking of connected device for uses that they were not intended.
UK law now covers three main security features which are aligned with the top three requirements of the European Technical Standard for IoT Security.
-
Consumer IoT devices must not have universal default passwords. This rule makes it harder for criminals to hack into connected devices.
-
Consumer IoT devices must have a vulnerability disclosure policy. This means that any faults that are discovered in the software (which could be used by a criminal to access the device) after the product is in use, can be addressed in an organised way.
-
Consumer IoT devices must disclose the duration for which they will receive software updates. This means that software updates are created and released to maintain the security of the device throughout its declared lifespan.
The IASME IoT Cyber badge
When the IASME IoT Cyber scheme badge is displayed on a device, it reassures the end user that the device they are using is compliant with best practice security measures and has been designed to align with UK legislation and standards. These measures will help keep personal data secure when the device is in use.
Helpful Templates
These templates are free to download. We hope you find them useful on your path to certification. Have you a suggestion for a document template that you would like to see included ? If so, contact us.
Get IoT Cyber Baseline or IoT Cyber Assurance today
If you have any other questions and would like to chat with a member of our customer services team, please contact us today on 03300 882 752 or email us on [email protected].