The Secured by Design 'Secure Connected Device' accreditation scheme is for companies providing IoT connected products and services. It demonstrates that their products have achieved the appropriate and relevant IoT standards and certification from an SBD recognised certification body, thus meeting SBD requirements and providing customers with security assurance.
It was introduced for several reasons. The first being that the Government published the Code of Practice for Consumer IoT Security back in 2018, which was developed by the Department for Digital, Culture, Media and Sport (DCMS) and sets a benchmark of best practice for manufacturers to follow when developing IoT products for the UK market. This was influenced by the ETSI EN 303 645 standard, as well as other IoT related standards.
The Government have introduced new legislation, the Product Security and Telecommunications Infrastructure (PSTI) Bill, which will:
Secondly, with the increase in available IoT products and a growing ecosystem of interconnected devices, cyber criminals are targeting and exploiting vulnerabilities of the products and within apps.
This, coupled with growing demand from industry and current members seeking to gain SBD accreditation for products, has led SBD to launch the ‘Secure Connected Device’ accreditation scheme to help manufacturers develop safe IoT products that consumers can use with confidence.
Our aim is simply to prevent crime, which includes criminal activity in the cyber world.
We want to help companies get their IoT products appropriately assessed and certified against all 13 provisions of the ETSI standard, a requirement that goes beyond the Government’s legislation, so that companies can not only demonstrate that they have achieved the appropriate certification, but importantly protects our member companies, their customers and the public.
We have developed the Secure Connected Device scheme in consultation with DCMS. DCMS supports industry schemes which help consumers make better informed choices when buying connectable devices.
Our IoT Device Assessment identifies the level of risk associated with an IoT device and its ecosystem and based on the results of the assessment, we can advise companies of the appropriate level of certification they need to achieve with one of our SBD approved certification bodies.
Once third-party testing and independent certification for a product has been achieved, the company can then apply to become SBD members, with the product receiving the SBD ‘Secure Connected Device’ accreditation.
Requirements to obtain the Secure Connected Device accreditation are:
1 IoT products and services need to have achieved the appropriate and relevant IoT standards and certifications conducted by an SBD recognised certification body.
2 The certificate needs to be assessed against all 13 provisions of the ETSI EN 303 645, which goes beyond the 3 provisions being legislated by the UK government.
3 It is required for the assessment to be undertaken by one of the certifying bodies – we do not accept self-assessed certificates.
4 IoT products or services need to be assessed on an annual basis (every 12 months).
5 If you are looking for SBD membership and accreditation for a security product or service which has an IoT element to it, it will be a requirement to not only meet traditional physical security standards, but to also meet the requirements of the ‘Secure Connected Device’ accreditation scheme.
Enquiry into SCD accreditation and SBD membership for your IoT product.
If product is in scope for the SCD scheme, an loT device assessment is conducted to determine the appropriate certification route for your product.
Based on the results, you will be given a recommended certification route that you need to achieve with one of our SBD approved certifying bodies.
Complete and achieve third party testing and independent certification with one of our SBD approved certifying bodies.
Apply for SBD membership and gain SCD accreditation for your product.
SBD represents a powerful, trusted police brand and the ‘Secure Connected Device’ accreditation is the only way for companies to obtain police recognition for their IoT products in the UK
Compliance with the ‘Secure Connected Device’ accreditation sends a clear message to the wider industry of the importance of IoT security
SBD member companies accredited to this new SBD standard will lead by example and be at the forefront of the IoT revolution and in doing so will help to keep their customers and the public safer from the risk of a cyber breach
To enquire about gaining the Secure Connected Device accreditation and becoming an SBD member company.
Whilst the level of assurance provided by this accreditation significantly exceeds that currently recommended by government, any claim to protect against 100% of risks is not being made. You are reminded that it is your responsibility to ensure that you have the level of security commensurate for its intended use and associated security threat(s).
© 2023 Police Crime Prevention Initiatives Limited, Registered Company 3816000 - Registered in England and Wales. Police Crime Prevention Initiatives, PCPI and related logos are trademarks of Police Crime Prevention Initiatives Limited. The trademark may not be reproduced without approval by Police CPI Ltd.