BSI IoT laboratory achieves accreditation for testing services

10 January: BSI has achieved accreditation to the international standard for testing for its Internet of things (IoT) laboratory, ensuring the effective cyber security of consumer smart devices ahead of new UK legislation coming into effect later this year.

Accreditation to the international standard for testing and calibration of laboratories, ISO 17025, demonstrates the quality and credibility behind BSI’s IoT services. It highlights the rigorous security assessment that products undergo in BSI's laboratory to safeguard the cyber resilience of smart devices. The accreditation can help build consumer trust that all steps have been taken to ensure IoT devices can be used safely and are protected to the best practice levels of cyber security today.

Devices tested at BSI’s IoT laboratory in Hemel Hempstead include smoke detectors, fire detectors and door locks; connected home automation devices, smart doorbells, and alarm systems; IoT-based stations and hubs to which multiple devices connect; smart home assist, smartphones, connected cameras (IP and CCTV), wearables, connected fridges, washers, freezers, coffee machines, and other similar products.

BSI, the business improvement, and standards company, underwent rigorous independent assessment by UKAS demonstrating the provision of accurate and reliable results from laboratory testing carried out at its purpose-built site.

The successful accreditation makes BSI the first UKAS-accredited laboratory for the ETSI EN 303 645 product cybersecurity standard, including the test methodology ETSI TS 103 701. The audit assessed multiple aspects of the IoT laboratory operations, including staff qualifications, training and experience, properly calibrated and maintained equipment, adequate quality assurance procedures, proper sampling practices, appropriate testing procedures, valid test methods, traceability of measurements to national standards, accurate recording and reporting procedures, and suitable testing facilities.

BSI’s achievement comes ahead of the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act 2022 coming into force in April 2024[1], which applies new laws to consumer IoT products to ensure that minimum security standards are met. Compliance with the security requirements of the UK’s PSTI legislation can be assured by having products tested and certified to the relevant parts of ETSI EN 303 645.

Carlos Perez, Global Digital & Connected Product Certification Director, BSI said: “The digitalization of society offers an immeasurable opportunity for society, from helping us manage our health via wearable technologies to tracking the energy efficiency of our homes using connected devices. To truly unlock the potential of the IoT, consumers need to be able to trust that their smart devices are equipped with the latest cyber security protective measures to ensure their safe use.

“Ahead of the PSTI, independent accreditation verifies our procedures have met a clear and internationally recognized standard and shows that the public can trust that products tested by BSI are future-ready in an ever-evolving cyber security landscape, helping to advance the safe digitalization of society. We are proud to be recognized for the high quality of BSI’s IoT laboratory testing and by becoming the first UKAS laboratory to achieve ISO 17025 accreditation for this we have demonstrated our commitment to cyber security best practices to ensure consumer safety and security.”

For more information on cyber security certification and testing, visit the BSI website.

[1]Gov.UK source: The UK Product Security and Telecommunications Infrastructure (Product Security) regime.