The IoT is typically a network of smart devices and systems that can be connected, enabling data to be exchanged to provide services, efficiency and innovation. Its technology can positively enhance lives and businesses, but the complexity of IoT also means that those of criminal intent may attempt to access it to steal data, hack cameras, enter buildings or otherwise breach security.
The UK government’s Department for Digital, Culture, Media and Sport has assessed the growing threat of this and created a Code of Practice (CoP) for IoT security, in collaboration with the National Cyber Security Centre (NCSC) and other experts from academia and industry. BSI (British Standards Institution) has been part of this collaborative work to give clarity on best practice for IoT security, subsequently developing a scheme to assess connected/IoT devices. The scheme determines whether a product has the appropriate security controls for its intended use and is suitably supported throughout its intended life. This cyber/physical security scheme forms the security element of the BSI Kitemark for IoT/Connected products.
The Enhanced Level IoT Kitemark demonstrates that a connected product has a higher level of security controls in place than the market standard for its type and is generally suitable for higher value or risk applications. Assessment to this level involves BSI’s most in-depth and exacting testing and analysis.
To achieve certification, the SALTO XS4 One access control solution had to meet the requirements of a Quality Management System such as ISO 9001 to demonstrate functional, safety and interoperability performance. SALTO were also required to undergo advanced security testing for vulnerabilities and security flaws in BSI’s state of the art IoT laboratory. Furthermore, SALTO also submitted their JustIN mobile app and ProAccess Space web services for assessment under BSI’s Secure Digital Applications Kitemark, ensuring the wider system associated with the XS4 One had the appropriate security controls in place to provide support effectively.
SALTO Systems Limited MD Ramesh Gurdev says: “This achievement is yet another milestone that sets SALTO apart from others in the market. We’re immensely proud to have achieved the Enhanced Level IoT Kitemark, which provides a mark of trust for current and potential customers to demonstrate that our connected products are safe, secure and fit for purpose throughout their life. Combining this with the Secure Digital Applications Kitemark for our app and web services gives further confidence to our customers that we have taken care of security across our whole eco-system.”
David Mudd, Global Digital and Connected Product Certification Manager at BSI said “SALTO has focussed heavily on the security aspects of the whole environment of the organization’s Access Control System. Achieving the Enhanced Level IoT Kitemark has enabled the organization to demonstrate that its XS4 One product exceeds the market standard for security control.
“Additionally, certification to the Secure Digital Applications Kitemark for the organization’s JustIN app and web services will provide further reassurance to SALTO customers so that its entire access control eco-system has the appropriate security control in place.”