The benefits of accreditation and compliance ahead of new Product Security and Telecommunications Infrastructure (PSTI) legislation

Founded at the very beginning of the 20th century, BSI was the world’s first National Standards Body. Its Royal Charter has shaped our priorities, using their unique position to develop solutions to pressing issues, locally and globally.

BSI’s certification team works tirelessly testing a wide range of products so consumers, workers and the society know they’re in safe hands. BSI is helping to address industry challenges with their unique Global Internet of Things (IoT) and application testing and certification solutions portfolio, based on well-respected security standards.

Ultimately, if a product has been tested and then certified by BSI, this can give people confidence that it meets the highest best practice-based standards.

With the rise of IoT technology changing the face of the industry, there are major benefits to be realised from using certified products, showing that the supplier has embedded cyber security into the design of its products.

And with new PSTI legislation in place, now is the time to act. The Product Security and Telecommunications Act of 2022 (PSTI) legislation applies new laws to all consumer IoT products to ensure that minimum security standards are met.

Ahead of the new PSTI legislation affecting customers and organisations across the UK, we speak to Carlos Perez, BSI’s Global Digital and Connected Product Certification Director. 

Through our expertise in Standards and Knowledge, Assurance Services, Regulatory Services and Consulting Services, BSI helps clients to improve their performance, grow sustainably, manage risk and ultimately accelerate progress towards a sustainable world.

Our product certification teams spend thousands of hours in labs each year testing windows, electronics, medical devices, and many other types of products so people know they’re safe in their own homes, on worksites, and when under the care of medical professionals. 

The opportunities brought about by the Internet of Things (IoT) to positively impact individuals, organisations and society are endless. However, the risks associated with connected devices – particularly those around security, privacy, and safety – mean it is important for manufacturers to build trust in new products and services.

To achieve this digital trust, device manufacturers can consider the following:

• Is the device secure?
• Is the device safe?
• Does the device function as intended?
• Will it work with other devices (interoperability)?

Organisations need to deliver IoT devices safely to the market, taking into account the latest product cybersecurity regulations coming into force in regions around the world, such as the UK’s PSTI legislation.

Engaging with product evaluation and testing providers early in the product design process can help accelerate and de-risk time-to-market by gathering valuable feedback on the security of the product design.

The new PSTI legislation is designed to help ensure consumer connectable products – such as smart TVs, Smart home appliances, wireless speakers and alarm signaling devices– have a minimum degree of security against cyberattacks.

For organisations, the immediate challenge is to demonstrate that the products they place on the UK market when the PSTI comes into effect in April next year, meet those requirements. Engaging with test labs will become increasingly challenging as we approach next April, so organisations are encouraged to start looking at the requirements and how they can demonstrate compliance as soon as they can.

Aside from the technical challenges of ensuring the security of IoT products in a world where nothing stands still, one of the biggest challenges is around the current expectations for product cyber security.

Some countries have introduced voluntary schemes for product cyber security, and the UK is currently leading the way with the PSTI as the world’s first mandatory legislation to come into force, starting next year. This means that until now – and for some time to come – there has been little requirement for products to adopt any cyber security measures.

While we at BSI welcome and support the PSTI legislation as a start, it does set a low bar for compliance. That said, consumers and the ecosystem at large can continue to benefit from the presence of manufacturers who recognise the need to go above and beyond the minimum and choose to adopt best practice.

At BSI, we focus on delivering a testing and certification partnership underpinned by quality, safety, reliability, and trust. As a global organisation, we have the scale and reach to support organisations both large and small.

In our dedicated state-of-the-art IoT laboratory, our experts provide fast, effective testing for a huge range of IoT products. BSI also has a world-class cyber security capability, recognised by CREST global accreditation, combined with decades of experience in product assurance and testing.

We help organisations embed trust and confidence in their products and services with their customers by supporting them to ensure they are safe and secure. This support culminates in the application of our BSI Kitemark™, our widely recognised mark of trust that has been providing assurance to consumers for 120 years, helping compliant products to stand apart from the crowd.

The BSI Internet Of Things Kitemark™ is a mark that a product has been tested and certified as cyber secure to a level over and above the minimum legal requirements. It’s a sign that the product has been designed with, and supports, cyber security measures in line with best practice today.

Our IoT Kitemark™ certification scheme has been carefully developed based on the most relevant global and well-known security standards, providing continual assurance covering the product life cycle. The BSI Secure Digital Applications Kitemark™ is the mark for mobile applications, web applications and software programs. These are apps that are designed to run on different platforms and devices, allowing users to perform various tasks – accessing information, enabling transaction handling or even financial services.

However, with new technological developments, both individual and organisations face a whole array of new challenges. Addressing these can help to protect users’ personal and financial data as well as brand reputation.

To address these challenges in an evolving market, BSI also offers a Secure Digital Applications Kitemark™ to our clients by means of a tailored testing and certification scheme, designed to address the latest cyber threats and vulnerabilities. It’s also worth noting that the requirements of the Secure Digital Applications Kitemark™ are applied to the associated apps working with IoT devices bearing the BSI IoT Kitemark™.

Ultimately, it comes down to trust. As we adopt more and more IoT technology in our lives, end-consumers could become more wary of trusting their personal data, privacy, and security to this technology. The presence of certified products on the market can help organisations to establish trust with end-consumers, which can help drive adoption and growth in this space.

Testing and certification activities according to industry and government regulations are the cornerstone for a successful deployment, introduction, and adoption of different IOT devices and applications for all different vertical markets: consumer, medical, automotive, retail, and industrial.

Today, IoT certification helps organisations to demonstrate to their customers that they have taken the cyber security of their product seriously. As national regulations roll out over the coming years, IoT certification will still have a place, to distinguish those products with best practice cyber security over those that simply meet the bare minimum. 

At BT Redcare, we’re proud that our signalling devices hold the IoT Kitemark™. Our portal and app also hold the Secure Digital Applications Kitemark™.

To find out more about IoT safety in BT Redcare products, contact an account manager.