Are you breaking the law?
The government mandated compliance with the Product Security and Telecommunications Infrastructure Act 2022 by 29th April 2024.
How to get your IoT product SCD accredited
What is the SBD ‘Secure Connected Device’ accreditation?
The Secured by Design 'Secure Connected Device' accreditation scheme is for companies providing IoT connected products and services. It demonstrates that their products have achieved the appropriate and relevant IoT standards and certification from an SBD recognised certification body, thus meeting SBD requirements and providing customers with security assurance.
Why was it introduced?
The Government’s Code of Practice (CoP) for the Internet of Things, developed by The Department for Science, Innovation & Technology (DSIT), sets a benchmark for security for manufacturers to follow when developing IoT products for the UK market. This is now being influenced by ETSI EN 303 645 and other IoT related standards.
The Government subsequently introduced legislation, the Product Security and Telecommunications Infrastructure Act 2022 (PSTI), which:
- Requires consumer connectable products to be more secure against cyber attacks, protecting individual privacy and security
- Requires manufacturers, importers and distributors to comply with new security requirements relating to consumer connectable products
- Creates an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market
With the increase in available IoT products and a growing ecosystem of interconnected devices, cyber criminals are targeting and exploiting vulnerabilities of the products and within apps.
This, coupled with growing demand from industry and current SBD members seeking to gain SBD accreditation for IoT connected products, led SBD to launch the ‘Secure Connected Device’ accreditation scheme to help manufacturers develop safe IoT products that consumers can use with confidence.
Our aim is simply to prevent crime, which includes criminal activity in the cyber world.
We want to help companies get their IoT products appropriately assessed and certified against all 13 provisions of the ETSI standard, a requirement that goes beyond the Government’s legislation, so that companies can not only demonstrate that they have achieved the appropriate certification, but importantly protects our member companies, their customers and the public.
We have developed the Secure Connected Device scheme in consultation with DSIT.
DSIT supports industry schemes which help consumers make better informed choices when buying connectable devices.
What is the process for accreditation?
Our IoT Device Assessment identifies the level of risk associated with an IoT device and its ecosystem and based on the results of the assessment, we can advise companies of the appropriate level of certification they need to achieve with one of our SBD approved certification bodies.
Once third-party testing and independent certification for a product has been achieved, the company can then apply to become SBD members, with the product receiving the SBD ‘Secure Connected Device’ accreditation.
Requirements to obtain the Secure Connected Device accreditation are:
1 IoT products and services need to have achieved the appropriate and relevant IoT standards and certifications conducted by an SBD recognised certification body.
2 The certificate needs to be assessed against all 13 provisions of the ETSI EN 303 645, which goes beyond the 3 provisions being legislated by the UK government.
3 It is required for the assessment to be undertaken by one of the certifying bodies – we do not accept self-assessed certificates.
4 IoT products or services need to be assessed on an annual basis (every 12 months).
5 If you are a company looking for SBD membership, it will be a requirement for any IoT connected product or service to meet the requirements of the ‘Secure Connected Device’ accreditation scheme.
1. Enquiry
Enquiry into SCD accreditation and SBD membership for your IoT product.
2. Scoping
If product is in scope for the SCD scheme, an loT device assessment is conducted to determine the appropriate certification route for your product.
3. Results
Based on the results, you will be given a recommended certification route that you need to achieve with one of our SBD approved certifying bodies.
4. Certification
Complete and achieve third party testing and independent certification with one of our SBD approved certifying bodies.
5. Accreditation
Apply for SBD membership and gain SCD accreditation for your product.
What are the benefits of the Secure Connected Device accreditation?
SBD represents a powerful, trusted police brand and the ‘Secure Connected Device’ accreditation is the only way for companies to obtain police recognition for their IoT products in the UK
Compliance with the ‘Secure Connected Device’ accreditation sends a clear message to the wider industry of the importance of IoT security
SBD member companies accredited to this new SBD standard will lead by example and be at the forefront of the IoT revolution and in doing so will help to keep their customers and the public safer from the risk of a cyber breach
How do I apply?
To enquire about gaining the Secure Connected Device accreditation and becoming an SBD member company.
Whilst the level of assurance provided by this accreditation significantly exceeds that currently recommended by government, any claim to protect against 100% of risks is not being made. You are reminded that it is your responsibility to ensure that you have the level of security commensurate for its intended use and associated security threat(s).
-
Yale
“As we continue to see more homeowners across the UK utilising the many benefits of smart security devices, it's important that consumers have confidence in the products they’re using, whilst also offering the highest level of security for their homes”
-
Yale
"The backing of this reputable, trusted independent initiative helps to reinforce to homeowners that our products have been tested to highest standards"
-
Mighton
“As smart locks and related home security products are still relatively new to homeowners, it is more important than ever that they have meaningful and recognisable standards by which they may make important choices. The Secure Connected Device marque is particularly important in that context”
-
Mighton
“Consumers will only trust smart products to protect their homes if they can be assured that their homes are as secure as possible”
-
ERA
“TouchKey presents the next generation in smarter door security. It was therefore crucial that the product was certified to the highest possible standard to provide door manufacturers and their customers with complete peace of mind and confidence in its capabilities”
-
Kubu Smart Security
"Earning this accreditation underscores our dedication to providing homeowners with smart security solutions that are not only innovative but also rigorously tested and trusted”
-
Abloy UK
“This achievement underscores our unwavering commitment to providing cutting-edge solutions that meet the highest standards of safety and reliability”