BSI launches Kitemark for Internet of Things devices

15 May 2018

Provides a quick and easy way for consumers to identify IoT devices they can trust

BSI, the business improvement company, has today launched a new BSI KitemarkTM for IoT Devices, the first of its kind in the internet of things (IoT) space. The BSI Kitemark has been developed in response to the growth of internet connected products, and is designed to help consumers confidently and easily identify the IoT devices they can trust to be safe, secure and functional.

It is estimated that every household in the UK owns at least 10 internet connected devices, with this number expected to increase to 15 by 20201. By the same time it is estimated that over a quarter of identified attacks will involve IoT devices2, as recent high-profile breaches have demonstrated.

In March 2018 the Government’s Secure by Design review announced a series of measures to make connected devices safer to use. The Kitemark builds on these guidelines by providing ongoing rigorous and independent assessments to make sure the device both functions and communicates as it should, and that it has the appropriate security controls in place. Manufacturers of internet connected devices will be able to reassure consumers by displaying the Kitemark on their product and in their marketing materials.

There are three different types of BSI Kitemark for IoT Devices, which will be awarded following assessment according to the device’s intended use: residential, for use in residential applications; commercial, for use in commercial applications; and enhanced, for use in residential or commercial high value and high risk applications.

The assessment process involves a series of tests that help ensure the device is fully compliant to the requirements. Before being awarded the Kitemark the manufacturer is assessed against ISO 9001, and the product is required to pass both an assessment of functionality and interoperability, as well as penetration testing scanning for vulnerabilities and security flaws. Once the BSI Kitemark is achieved the product will undergo regular monitoring and assessment including functional and interoperability testing, further penetration testing and an audit to review any necessary remedial action. Importantly, if security levels and product quality are not maintained the BSI Kitemark will be revoked until any flaws are rectified. 

David Mudd, IoT Business Development Director at BSI said:

Connected devices can bring huge benefits to consumers, but as they become ever more commonplace it’s imperative that both their function and their security is up to scratch.

“The new BSI Kitemark for IoT Devices will provide consumers with a quick and easy way of identifying which products they can trust to not only perform as expected, but also keep their data secure.”

The BSI Kitemark for IoT Devices has been developed in collaboration with industry stakeholders to ensure that they add value and address the key issues of importance to consumers and industry alike. Many organizations have good product design and security processes established already, but by having their systems independently tested with regular stringent penetration tests and monitoring, it demonstrates to customers their commitment to safeguarding information.

A number of products are currently being assessed to the scheme’s requirements, with the first product expected to achieve the BSI Kitemark in the summer.

The BSI Kitemark is one of the most recognizable trust marks in existence today and demonstrates that each BSI Kitemark approved product or service, has gone above and beyond the normal requirements to achieve the highest standards. For over a century, it has safeguarded consumers and helped businesses demonstrate clear commitment to excellence across everyday goods such as locks and windows, gas appliances, motorcycle helmets and smoke detectors. 

 

- ENDS -

Notes to Editors:

  1. Department for Digital, Culture, Media & Sport – Secure by Design: Improving the cyber security of consumer Internet of Things Report, March 2018
  2. Gartner IoT report announcement, 25 April 2016

Please note no certification can ever guarantee 100% security, however, the BSI Kitemark for IoT ensures an internet connected device has the appropriate security controls in place for the information it is handling.

BSI Kitemark™ scheme requirements:

  • Achieve and maintain certification to ISO 9001 (Quality management system)

  • Have passed the:

    • relevant product performance and safety tests

    • interoperability tests between devices and the internet

    • initial penetration tests which scans for vulnerabilities and security flaws

  • Regular monitoring and assessment comprising

    • functional/interoperability tests

    • penetration tests

    • Kitemark audit to review the penetration results in context of the product, and review what actions have been taken

 

BSI Kitemark™:
The BSI Kitemark™ provides comfort and confidence to users of products or services across a whole range of sectors. Recognition of the BSI Kitemark™ is high.  Two thirds of all UK consumers associate it with quality, assurance, reliability and trust. 93% of adults believe BSI Kitemark™ products are safer and 75% say the BSI Kitemark™ will help make choosing between products easier.