- Security TWENTY
- Women in Security
BSI (British Standards) has launched a new BSI Kitemark for IoT Devices, the first of its kind for the internet of things (IoT), says London-based BSI. The BSI says it has been developed in response to the growth of internet connected products, and is designed to help consumers confidently and easily identify the IoT devices they can trust to be safe, secure and functional.
In March the Government’s Secure by Design review announced measures to make connected devices safer to use. The Kitemark builds on these guidelines by providing ongoing assessments to make sure the device both functions and communicates as it should, and that it has the appropriate security controls. Manufacturers of internet connected devices will be able to reassure consumers by displaying the Kitemark on their product and in their marketing materials.
There are three types of Kitemark; awarded after assessment according to the device’s intended use: residential, for use in residential applications; commercial, for use in commercial applications; and enhanced, for use in residential or commercial high value and high risk applications. Before being awarded the Kitemark the manufacturer is assessed against ISO 9001, and the product is required to pass both an assessment of functionality and interoperability, as well as penetration testing scanning for vulnerabilities and security flaws. Once the Kitemark is achieved the product will undergo regular monitoring and assessment including functional and interoperability testing, further penetration testing and an audit to review any necessary remedial action. If security and product quality are not maintained the Kitemark will be revoked until any flaws are rectified.
David Mudd, IoT Business Development Director at BSI said: “Connected devices can bring huge benefits to consumers, but as they become ever more commonplace it’s imperative that both their function and their security is up to scratch. The new BSI Kitemark for IoT Devices will provide consumers with a quick and easy way of identifying which products they can trust to not only perform as expected, but also keep their data secure.”
The BSI adds that a number of products are being assessed to the scheme’s requirements, and the first product is expected to achieve the Kitemark in the summer.