ETSI EN 303 645: security of IoT consumer electronics
Receive a quote tailored to your needs
Nowadays, smart devices can now be found in almost every household. These devices usually collect, store and transmit data from the user in one way or another. Too often, these devices are by default not or insufficiently protected against hacks, data leaks, etc. The European Telecommunications and Standardization Institute (ETSI) has therefore developed the standard ETSI EN 303 645. Based on this standard Kiwa tests and assesses whether IoT products are sufficiently secure for end users.
Essential security requirements
By developing the standard ETSI EN 303 645, ETSI participants (manufacturers, network service providers, governments, telecom regulators and end users) have established effective, essential security requirements and best practices regarding cyber security and privacy protection of consumer electronics which partake in data traffic. Check the leaflet for more information about the security aspects Kiwa checks.
Cyber security IoT consumer products
ETSI EN 303 645 contains cybersecurity requirements and procedures for IoT consumer products. This not only concerns smart devices themselves, but also sensors and operating parts of these devices. Connected devices can often also be operated with a smartphone app. The safety thereof is not covered by ETSI EN 303 645, but as an optional service Kiwa can assess its safety using the RARS scheme.
Manufacturers of IoT consumer electronics
Certification by Kiwa according to ETSI EN 303 645 is of added value to developers and manufacturers of consumer electronics that can be connected to the web. Examples include baby monitors, smart doorbells, cameras, TV’s and speakers, wearable health trackers and connected home appliances such as washing machines and refrigerators. Basically, any consumer electronic device utilizing data can be put to the test according to ETSI 303 645. Product development according to ETSI EN 303 645 contributes to better safety, updateability, transparency, structure, etc.
ETSI EN 303 645 Compliance
The certification process results in a test report. If the product meets the requirements of the standard, the manufacturer will receive a certificate of compliance. If the manufacturer applied for a RED certificate their compliance to the ETSI EN 303 645 will be mentioned on the RED Certificate. This allows the manufacturer to demonstrate that the product meets the basic requirements in the field of IoT and Cyber security which is becoming increasingly important. In this way, a manufacturer not only creates trust among the (potential) users of his product, but can also distinguish himself from other manufacturers.
Penetration Tests and Ethical Hacking Services
A penetration test, also known as a pentest or ethical hacking, is an authorised simulated cyberattack on an IT/ OT system, performed to ultimately evaluate the cybersecurity of that digital system. At Kiwa we perform tailormade pentests of which the results provide valuable insights to the owners of the tested system.
IEC 62443 certification: Cyber Security for Industrial Automation & Control Systems (IACS)
Digitalization and the Internet of Things (IoT) offer great opportunities for manufacturing industries. However, if not properly secured they can cause vulnerability, leading to cybercrime and attacks by hackers. This can seriously damage daily operations and business continuity.
Remote Access for Remote Services (RARS) Certification Scheme
By taking the recent cybersecurity trends into account, Kiwa developed the Remote Access for Remote Services (RARS) scheme, also known as K21048. The RARS scheme is a collection of assessments set up by Kiwa that focusses on different types of systems that are remotely accessible.
Bug Bounty Security Testing
Want to gain insight on the cybersecurity of your internet connected assets and applications? Kiwa and bug bounty security platform Intigriti proudly present their joint private bug bounty security testing service. This service makes it possible for you to organise (private) bug-bounty programs according to your specific preferences.