SALTO Systems, a manufacturer of electronic access control solutions, has become the first company to achieve the BSI Enhanced Level IoT Kitemark™ for access control systems.
The IoT is typically a network of smart devices and systems that can be connected, enabling data to be exchanged to provide services, efficiency and innovation. Its technology can positively enhance lives and businesses, but the complexity of IoT also means that those of criminal intent may attempt to access it to steal data, hack cameras, enter buildings or otherwise breach security.
The UK government’s Department for Digital, Culture, Media and Sport has assessed the growing threat of this and created a Code of Practice (CoP) for IoT security, in collaboration with the National Cyber Security Centre (NCSC) and other experts from academia and industry. BSI (British Standards Institution) has been part of this collaborative work to give clarity on best practice for IoT security, subsequently developing a scheme to assess connected/IoT devices. The scheme determines whether a product has the appropriate security controls for its intended use and is suitably supported throughout its intended life. This cyber/physical security scheme forms the security element of the BSI Kitemark for IoT/Connected products.
The Enhanced Level IoT Kitemark demonstrates that a connected product has a higher level of security controls in place than the market standard for its type and is generally suitable for higher value or risk applications. Assessment to this level involves BSI’s most in-depth and exacting testing and analysis.
To achieve certification, the SALTO XS4 One access control solution had to meet the requirements of a Quality Management System such as ISO 9001 to demonstrate functional, safety and interoperability performance. SALTO were also required to undergo advanced security testing for vulnerabilities and security flaws in BSI’s state of the art IoT laboratory. Furthermore, SALTO also submitted their JustIN mobile app and ProAccess Space web service for assessment under BSI’s Secure Digital Applications Kitemark, ensuring the wider system associated with the XS4 One had the appropriate security controls in place to provide support effectively.