Prism Infosec becomes IoT Security Assured Assessor

Gaining ‘hands-on’ certification via an independent assessor will help manufacturers reassure customers and comply with regulatory demands

Cheltenham, U.K. — 8 June, 2022 — Prism Infosec, the independent cybersecurity consultancy, today announced it has been certified as an IoT (Internet of Things) Security Assured Assessor under the IoT Security Assured scheme run by the IASME Consortium. The scheme sees internet connected devices assessed against industry best practice and is aligned with the ETSI technical standard for IoT security, EN 303 645, with the proposed UK IoT security legislation and guidance, the Product Security and Telecommunications Infrastructure (PSTI) Bill, and is also mapped to the IoTSF Security Compliance Framework. Prism Infosec is now able to help those manufacturers looking to comply with the new standard by assessing and validating their application as an IoT Security Assured Assessor.

Initially funded by a grant from the Department for Digital, Culture, Media and Sport (DCMS), the IoT Security Assured scheme aims to boost consumer confidence in the IoT and was launched following a successful pilot in 2021. The scheme features three levels of security. A Basic level aligned with the PSTI and the top three requirements of the ETSI standard, a Silver level with the ETSI mandatory requirements and data protection provisions, and a Gold level with the ETSI mandatory requirements as well as all additional ETSI recommended requirements and data protection provisions. Those manufacturers meeting the criteria will be able to display the relevant badge on their IoT device, providing consumers with added reassurance.

The IoT Security Assured Scheme is designed to be accessible and achievable and requires the applicant to work through eight categories of questions about the security controls in place on the connected device and any associated services. These cover issues including passwords and credentials, vulnerabilities and anomalies, software, secure configuration, communications and usage of data. A board member from the organisation must then declare the claims are true before submitting the application for review by the assessor within six months. As the process is self-led up until this point, the assessor plays a crucial role in providing feedback and in helping the manufacturer to meet the necessary criteria to reach the desired level of certification.

“Assessors will provide hands-on certification of the IoT Security Assured Scheme. This means that manufacturers are required to first achieve the verified self-assessment and then upgrade to the hands-on version which would involve additional documentation and a hands-on assessment of the device by the assessor. Importantly, this level of certification does not involve an in-depth technical assessment, but sees the assessor examining the device from a user-perspective in a typical use environment, providing a significant additional level of assurance without a significant additional cost,” explains Dr Emma Philpott MBE, CEO, IASME.

“Security is a top concern among consumers when it comes to the Internet of Things so it’s vital to the industry to allay those concerns. The IoT Security Assured Scheme provides a low barrier of entry, enabling manufactures to assess their products against the security controls and practices advocated by the existing and emerging sets of regulation. Those that sign-up to the scheme can capitalise on our expertise to help improve their security controls, are able to reassure their customers and to use the badge to differentiate their offering in the marketplace. But it will also enable them to get ahead of the regulatory curve and futureproof their offering,” states Phil Robinson, Principal Consultant and Founder of Prism Infosec.

IoT manufacturers can preview the self-assessment questions here and are invited to sign-up for the IoT Security Assured Scheme here: https://iasme.co.uk/internet-of-things/get-iot-security-assured-self-assessment/

About IASME Consortium
IASME is a cyber security business dedicated to keeping organisations safer online. Through its products and services, it helps organisations of all sizes to protect themselves against cyber threats.

About Prism Infosec

Prism Infosec is an award-winning independent cyber security consultancy that provides assessment services over cloud and traditional on-prem architectures and enterprise applications to the public and private sector. Our team of dedicated consultants combine business and management skills with technical acumen and are vetted to the highest standards. We like to practice what we preach and are Cyber Essentials Plus, ISO27001:2013 ISMS and ISO9001:2015 QMS accredited.

Offering a range of consultancy services we also act as assessors for a number of standards bodies. We are a STAR member of CREST, a National Cyber Security Centre CHECK Green Light company, a Cyber Essentials Plus certifying body, and a Payment Cards Industry (PCI) Qualified Security Assessor (QSA).

Prism Infosec was founded in 2006 and has offices in Cheltenham and Liverpool in the UK as well as Brussels. For more information please go to www.prisminfosec.com.

Media contact

Sarah Bark

T: +44 (0)1420 587978

E: sarah.bark@prisminfosec.com

Phil Robinson

Phil Robinson has worked in information security for over 25 years and is the founder of Prism Infosec which offers cutting edge penetration testing, red teaming and security consultancy services of cloud and traditional on-prem architectures and enterprise applications. Phil has been instrumental in the development of numerous penetration testing standards and certifications. He was involved in the original formation of the Council for Registered Ethical Security Testers (CREST), chaired the management committee of the Tiger scheme and established key CESG Certified Professional (CCP) roles on behalf of the British Computer Society (BCS), and has also contributed toward the Open Source Testing and Security Manual (OSSTMM). An Associated Member of the ISSA, an (ISC)2 CISSP, ISACA CISA and a CHECK Team Leader, Phil has worked as a CLAS Consultant / Senior CCP Security and Information Risk Advisor and in this capacity has delivered cybersecurity advice and guidance to HMG departments and agencies. He regularly speaks about penetration testing and e-crime to help promote cybersecurity awareness and industry best practice.

Why ABM is Key to Strengthening your Marketing Strategy

Erin Lanahan • 16th May 2024

Account-Based Marketing (ABM) is revolutionizing B2B marketing by targeting high-value accounts with personalized strategies. Unlike traditional methods, ABM focuses on specific companies, delivering tailored content that meets their unique needs. This approach not only boosts ROI but also strengthens customer relationships and drives long-term growth. By aligning marketing and sales efforts, ABM ensures a unified...

Overcoming the Obstacles to AI Adoption

Kit Cox • 02nd May 2024

The power of AI combined with suitable use cases and a robust implementation plan can help businesses to radically reduce the time spent on manual, repetitive tasks, and allow teams to prioritise value-added work. But in all the excitement, it’s evident that many businesses are held back by inertia, and a lack of understanding about...

Overcoming the Obstacles to AI Adoption

Kit Cox • 02nd May 2024

The power of AI combined with suitable use cases and a robust implementation plan can help businesses to radically reduce the time spent on manual, repetitive tasks, and allow teams to prioritise value-added work. But in all the excitement, it’s evident that many businesses are held back by inertia, and a lack of understanding about...

How Predictive AI is Helping the Energy Sector

Colin Gault head of product at POWWR • 29th April 2024

In the past year or so, we have seen the emergence of many new and exciting applications for predictive AI in the energy industry to better maintain and optimise energy assets. In fact, the advances in the technology have been nothing short of rapid. The challenge, though, has been in supplying the ‘right’ data to...

How Predictive AI is Helping the Energy Sector

Colin Gault head of product at POWWR • 29th April 2024

In the past year or so, we have seen the emergence of many new and exciting applications for predictive AI in the energy industry to better maintain and optimise energy assets. In fact, the advances in the technology have been nothing short of rapid. The challenge, though, has been in supplying the ‘right’ data to...

Cheltenham MSP is first official local cyber advisor

Neil Smith Managing Director of ReformIT • 23rd April 2024

ReformIT, a Managed IT Service and Security provider (MSP) based in the UK’s cyber-capital, Cheltenham, has become the first MSP in the local area to be accredited as both a Cyber Advisor and a Cyber Essentials Certification Body. The Cyber Advisor scheme was launched by the Government’s official National Cyber Security Centre (NCSC) and the...

How we’re modernising BT’s UK Portfolio Businesses

Faisal Mahomed • 23rd April 2024

Nowhere is the move to a digitised society more pronounced than the evolution from the traditional phone box to our innovative digital street units. Payphone usage has dropped massively since the late 1990s/2000s, with devices and smart phones replacing not only communication access, but the central community points that the payphones once stood for. Our...

How we’re modernising BT’s UK Portfolio Businesses

Faisal Mahomed • 23rd April 2024

Nowhere is the move to a digitised society more pronounced than the evolution from the traditional phone box to our innovative digital street units. Payphone usage has dropped massively since the late 1990s/2000s, with devices and smart phones replacing not only communication access, but the central community points that the payphones once stood for. Our...