RISCAuthority Connected Security Devices & Systems Guidelines
The RISCAuthority have produced an Internet of Things IoT ‘Need to Know Guide’, which provides an overview of risk control measures and available equipment/system accreditations.
Published by the Fire Protection Association (FPA) with input from Secured by Design (SBD), BSI (British Standards Institution) and the British Security Industry Association (BSIA), the S35 Internet of Things – Connected Security Devices and Systems document is a concise high-level guide, providing an overview of risk control measures and available equipment/system accreditations.
The guide’s aim is to inform insurance risk consultants, underwriters, other insurance professionals and security equipment users of the main hazards, controls, guidelines and accreditations that make up the landscape for internet-connected security devices.
Adrian Butler, RISCAuthority Principal Consultant at the FPA commented: “The Internet of Things (IoT) is bringing many opportunities to positively impact our lives and businesses. But this brings risks associated with connected devices, particularly those around security, privacy, and safety, that can make it difficult for manufacturers and suppliers to build trust in new products and services.
“To overcome this, suppliers of IoT connected devices and systems must be able to demonstrate security, safety, functionality, interoperability (will it work with other devices), and durability. Security systems with connections to internal and external networks have increased exposure to malicious attack, so to ensure effective security from interference, these systems need to meet suitable certifications and be appropriately designed, installed, commissioned, and maintained.
“S35 Internet of Things – Connected Security Devices and Systems has been developed by the RISCAuthority - with thanks to Secured by Design (UK Police Service), BSI, and BSIA for their support in developing this guide - to inform security equipment users and insurance professionals, of the main hazards, controls, guidelines, and accreditations that make up the landscape for internet-connected security devices.”
Alfie Hosker, SBD Technical Manager, said: “We were approached by the RISCAuthority back in 2021 during the IFSEC Exhibition in London and I am grateful to them, and the other stakeholders involved, for the opportunity to assist in the production of these guidelines.
“The Internet of Things brings many opportunities, however it also carries with it many risks, particularly those around security, privacy, and safety, that can make it difficult for manufacturers and suppliers to build trust in products and services.
“The S35 Internet of Things – Connected Security Devices & Systems document will be useful for insurance risk consultants, underwriters, other insurance professionals and security equipment users as it informs of the main hazards, controls, guidelines, and accreditations that make up the landscape for internet-connected security devices.”
Michelle Kradolfer, SBD’s IoT Technical Officer, said: “Without the appropriate levels of security, any internet connected device is at risk of providing cyber criminals a key to enable them to access and steal personal data. It is therefore vitally important for companies to ensure their IoT products are built as securely as possible, as well as protect their customers and reduce the risk of them falling victim to cyber crime.
“The RISCAuthority have developed an essential guide for insurance professionals and security equipment users to raise awareness on the risks, controls and advice on using internet connected devices, and I am delighted we were able to assist and highlight our Secure Connected Device (SCD) accreditation scheme within the guide.
“SCD encourages companies to focus on the cyber security side of their smart products and it sends a clear message to the wider industry on the importance of IoT security, as well as the need to work together across the board to help keep UK consumers safe from a cyber breach.”
The RISCAuthority S35 Internet of Things – Connected Security Devices & Systems document is available to download on the FPA website here.
RISCAuthority is an annually funded research scheme administered by the Fire Protection Association (FPA), the UK's national fire safety organisation, and supported by a significant group of UK insurers.
RISCAuthority publish extensive guides and recommendations for risk management in the areas of fire and security, with a core purpose of continually raising resilience standards within the business community.
Secured by Design
Secured by Design (SBD) is the official police security initiative.
The housing boom of the 1960s, ‘70s and ‘80s, led to homes being built quickly and cheaply, often with little consideration given to security. Crime increased significantly, particularly burglary. In response, the Police Service set up SBD in 1989 and since it was launched SBD has built up a wealth of experience promoting crime prevention and security through active involvement in local communities – constantly adapting the advice to keep pace with changing patterns of criminal behaviour.
SBD has worked with the Government to embed crime prevention into the planning process and establish police security standards in the building and construction industry. Across the UK SBD is delivered by local specialist officers called Designing Out Crime Officers (DOCOs). These officers work closely with architects, developers and local authority planners at the design stage to design out crime by improving the physical security of buildings and incorporating crime prevention techniques in the layout and landscaping of the immediate surroundings.
Developers can achieve SBD awards for incorporating crime prevention measures and techniques into their developments in all kinds of building sectors, such as residential, education, health, transport, commercial, retail, sport and leisure.
More than one million homes have been built to SBD crime prevention standards across the UK – that’s 30% of all new homes built – with reductions in crimes such as burglary of up to 87% as reported by Police Scotland. These are sustainable reductions each and every year, which is significant as most SBD homes are in social housing, many in deprived and higher crime areas.
Police Preferred Specification
On behalf of the UK Police Service, SBD also operates an accreditation scheme for products or services that have met recognised security standards. These products or services – which must be capable of deterring or preventing crime - are known as being of a ‘Police Preferred Specification’.
The Police Preferred Specification scheme has been operating for over 20 years. It requires all security products to meet or exceed the performance expectations documented within the relevant security standard for that type of product. It ensures that the product is sufficiently robust to resist physical attack by casual and opportunistic criminals. The SBD focus is on the critical factors that combine to deliver a product’s performance - design, use, quality control and the ability to deter or prevent crime.
Products that have met the Police Preferred Specification provides reassurance to the specifier, purchaser or user that their products have been independently tested to a relevant security standard and fully certified by an independent third-party certification body recognised by the United Kingdom Accreditation Service (UKAS), or tested and certified by an alternative approved body. Better quality means these products last longer too, making them more cost effective and leading to greater sustainability in crime prevention.
The SBD website contains details of the many hundreds of companies who produce thousands of individual attack resistant crime prevention products in more than 30 different categories that have met the exacting Police Preferred Specification. This includes doors, windows, external storage, bicycle and motorcycle security, locks and hardware, asset marking, alarms, CCTV, safes, IoT connected products, perimeter security products and many others. All of the companies have their full website and contact information listed, as well as a detailed list of all of the SBD accredited products which they provide.
SBD is the only way for companies to obtain police recognition for security-related products in the UK.
Secure Connected Device accreditation
SBD introduced the Secure Connected Device (SCD) accreditation scheme in-line with government legislation for companies providing Internet of Things (IoT) connected products.
The UK’s Product Security and Telecommunications Infrastructure Act 2022 requires manufacturers, importers and distributors to ensure that minimum security requirements are met in relation to consumer connectable products that are available to consumers. The government has announced that companies must implement the changes put forth in the legislation, with compliance required by 29th April 2024.
The Secure Connected Device accreditation scheme, developed in consultation with the Department for Science, Innovation &Technology (DSIT), helps companies get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard, a requirement that goes beyond the Government’s legislation so that they can not only demonstrate their compliance with the legislation but protect themselves, their products and their customers.
The Secure Connected Device IoT Assessment identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes with one of the SBD approved certification bodies.
SBD continually monitor national crime trends to keep pace with changing patterns of criminal behaviour, advances in building design and new technology.
Find out more about the Secure Connected Device accreditation here.