Internet of Things (IoT) is a standard against which manufacturers of IoT devices can have their devices certified.

The scheme aligns with all 13 provisions of the worldwide standard in IoT cyber security, ETSI EN 303 645 and with the current UK IoT security legislation and guidance.

It is also mapped to the IoTSF Security Compliance Framework.
Level 1 and Level 2 (Audited) versions of the standard are available.

Who is it for?

Who is it for?

The Internet of Things (IoT) refers to any device you have that connects to the internet
– examples include devices such as virtual assistants, smart energy meters, connected appliances e.g., fridge or washing machine, fall detectors, baby monitors, building sensors,
electric vehicle charging stations and intruder alarm systems.

It is estimated that adult only households have approximately 10 IoT devices,
whereas households with children have approximately 15 IoT devices. So, as you can
imagine, it is imperative that these devices are protected from cyber security risks.

An attacker may be able to exploit vulnerabilities within your IoT devices to gain access to your network, allowing them to access sensitive data including personal information, bank details, and user credentials visible within your network.

Alternatively, an attacker may be able to target an IoT device directly, for example, manipulating an electric vehicle charging station to consume large amounts of energy, impacting required costs for electricity and operating costs, or alternatively compromising digital signage devices to display undesirable content as a form of defamation for a brand.

The UK is the second largest manufacturer of IoT devices in the world, so the resulting
concern, as more and more people trust poorly secured devices with their personal data,
prompted the implementation of a scheme to ensure manufacturers comply with the globally recognised standard for IoT – ETSI EN 303 654

How can we help?

How can we help?

Secarma are an IASME Accredited Certification body that can certify that a device is compliant with current legislation. Contact us today to get a quote and understand how to ensure your device is:

  • Compliant with current UK Legislation (Product Security and Telecommunication Infrastructure Act 2022 (PSTI2022)
  • Defended against enforcement action regarding the above legislation. (Product recall is a potential outcome)
  • To reassure potential buyers of the device that their data is secure
  • To stand out in a competitive market
  • To allow sale of devices into regulated industries.

Unlike Cyber Essentials which is applicable to the whole business, each individual device
requires its own certification.

The IASME IoT Cyber Scheme certification must be renewed annually.

What we test

What we test

By certifying against the IASME IoT Cyber Schemes, your organisation is showing firstly,
that your device is compliant with UK and European Law and secondly, that you are taking
appropriate measures to mitigate potential cyber security risks to enhance the protection of your customer data.

IASME IoT Cyber Assurance Scheme:

  • Certifies against all 13 ETSI EN 303 654 standards,
  • Protects against common vulnerabilities such as weak passwords, legacy software, and insecure communications.

It is worth noting that IoT Assurance Level 2 has been identified by Secured by Design, which is a Police Crime Prevention Initiative, as one of the ways that manufacturers can ensure their products have the highest level of cyber security.

If you want to know more about what your organisation needs, feel free to contact us here
at Secarma on 0161 513 0960 and speak to our Business Development Team who will be happy to support your security needs.

Certification under the IASME IoT scheme lasts for 12 months and there are two IASME Internet of Things Schemes that you as an organisation can certify against – IoT Cyber Baseline and IoT Cyber Assurance.

Within each scheme, there are two levels: level 1 and level 2.
Level 1 consists of a self-assessment which is completed by your organisation as
the applicant, and is then reviewed by one of our qualified assessors here at Secarma as
a certification body,

Level 2 includes a technical audit of the device by an appointed assessor, including
an interview and full review of supporting documentation.

Please Note: Level 1 is a mandatory prerequisite prior to applying for the level 2 certification.

IASME IoT Cyber Baseline Scheme:

  • Certifies against the top 3 ETSI EN 303 654 standards,
  • Can be used by manufacturers to improve the security of their internet connected

The top 3 standards of ETSI EN 303 654 are:

  • Ensure no default passwords are used,
  • Implement a vulnerability disclosure policy,
  • Ensure software is supported and maintained with security updates when available

Download our Fact Sheet


Other services

Virtual Information Security Manager

Virtual Information Security Manager

Developing and maintaining a robust cybersecurity posture can be challenging for organisations who e...

Incident Response Scenario Testing (Wargaming)

Incident Response Scenario Testing

Modern organisations face a range of cybersecurity risks and whilst every effort may be made to prev...

Build Configuration Security Review

Build Configuration Security Review

A build configuration security review can provide system administrators with a comprehensive overvie...

Cloud Configuration Security Review

Secarma’s Cloud Configuration Security Review tests the configuration of the chosen cloud provider...

Cyber Security Maturity Assessment

Our Cyber Security Maturity Assessment (CSMA) evaluates your organisation's current security program...

Threat Modelling

Threat Modelling is a structured tabletop exercise which is used to identify and mitigate potential...

Firewall Configuration Security Review

Firewall Configuration Security Review

Firewalls are an essential component of network security as they monitor incoming and outgoing netwo...

IOT Cyber Scheme

IoT Cyber Scheme

Internet of Things (IoT) is a standard against which manufacturers of IoT devices can have their dev...

Privacy and Data Protection Services

As UK data protection laws evolve away from the requirement to employ Data Protection officers, Seca...