Abloy UK’s eCliq achieves SBD Secure Connected Device accreditation
One of the UK’s leading experts on high quality door locking and functionality, Abloy UK’s eCliq Electronic Key/Cylinder Locking System has achieved the Secured by Design (SBD) Secure Connected Device accreditation.
eCLIQ is Abloy's completely electronic key/cylinder platform. A system of programmable keys and compact, secure locking cylinders, offering security and flexibility. eCLIQ is designed to replace traditional master key systems in institutional organisations such as accommodation, universities, schools and hospital estates.
Hazel Goss, Secured by Design, said: “I am delighted that Abloy UK’s eCliq Electronic Key/Cylinder Locking System has achieved the Secure Connected Device accreditation, having met the required standard for both its physical and cyber security attributes. It is the first product to achieve the Sold Secure SS504:2024 Specification for Smart Locks for Domestic and Similar Buildings, having also achieved the IASME Level 2 IoT Cyber Assurance certificate.
“The government has mandated compliance with the Product Security and Telecommunications Infrastructure Act 2022 by 29th April 2024 so it is critical that businesses who produce or supply IoT connected products ensure that they are sighted on this law and have taken the appropriate steps to ensure that they are compliant with its requirements.
“Obtaining the Secure Connected Device accreditation will build confidence and trust in Abloy UK’s eCliq and I hope that other companies within the industry and beyond will take note of this achievement and follow in their footsteps. The regulatory framework within the law contains an enforcement regime with both civil and criminal sanctions for non-compliance, so the penalties can be harsh”.
Tony Barnes, Abloy UK, said: “We are extremely proud that our eCLIQ cylinders are now Secured by Design accredited. Our products are being specified more and more in large projects around the UK with Secured by Design certification being requested in both retrofit and new build projects within the commercial and residential markets.
“At Abloy UK, we consistently lead the way in compliance and security innovation. This achievement underscores our unwavering commitment to providing cutting-edge solutions that meet the highest standards of safety and reliability.”
Abloy UK is part of the ASSA ABLOY Group, the global leader in access solutions. Every day, they help billions of people experience a more open world through their trusted access control hardware. Find out more about Abloy UK’s extensive range of SBD accredited products here.
The Product Security and Telecommunications Infrastructure Act
The Product Security and Telecommunications Infrastructure Act applies to all consumer IoT products, including but not limited to:
- connected safety-relevant products such as door locks
- connected home automation and alarm systems
- Internet of Things base stations and hubs to which multiple devices connect
- smart home assistants
- smartphones
- smoke detectors
- connected cameras
- connected fridges, washers, freezers, coffee machines
The legislation covers the following three main security features:
- Consumer IoT devices will not be allowed to have universal default passwords
This makes it easier for consumers to configure their devices securely to prevent them being hacked by cyber criminals - Consumer IoT devices will have to have a vulnerability disclosure policy
This means manufacturers must have a plan for how to deal with weaknesses in software which means it's more likely that such weaknesses will be addressed properly - Consumer IoT devices will need to disclose how long they will receive software updates
This means that software updates are created and released to maintain the security of the device throughout its declared lifespan
The robust regulatory framework within the law contains an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market within it. This enforcement regime enables the government to take a range of actions against companies that are not compliant with the law. This includes:
- Enforcement Notices: Compliance notices, Stop notices and Recall notices
- Monetary penalties: the greater of £10 million or 4% of the company’s qualifying worldwide revenue
- Forfeiture: of stock which is in the possession or control of any manufacturer, importer or distributor of the products, or an authorised representative
These minimum security requirements contained within the law are based on the UK’s Code of Practice for Consumer IoT security, the leading global standard for consumer IoT security ETSI EN 303 645, and on advice from the UK’s technical authority for cyber threats, the National Cyber Security Centre.
The regime will also ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses.
SBD’s Secure Connected Device accreditation
Secured by Design’s (SBD) Secure Connected Device accreditation, developed in consultation with the Department for Science, Innovation and Technology (DSIT), helps companies to get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard, a requirement that goes beyond the Government’s PSTI Act legislation so that companies can not only demonstrate their compliance with the legislation but help protect themselves, their products and customers. It is a unique and recognisable accreditation that highlights products as having achieved the relevant IoT standards and certification.
In addition, the Secure Connected Device accreditation ensures compliance with evolving government requirements and cyberthreats, via an annual appraisal.
The Secure Connected Device accreditation is the only way for companies to obtain police recognition for the security of their IoT products in the UK. Find out more on SBD’s Secure Connected Device accreditation and the companies who have achieved it to date at www.securedbydesign.com/IoT