First CSC certification mark goes to a smart home appliance
Cybersecurity CertifiedMünchen, )
So far, many consumers have been wary of buying smart home appliances such as smart TVs and alarm or home automation systems that connect households to the Internet, even though these devices ease workloads and offer time and cost savings in everyday life. This reticence is rooted in concerns over cyberattacks or inadequate data protection. According to a Forsa study commissioned by TÜV-Verband, the association of testing, inspection and certification organisations in Germany, and carried out in January 2021, two out of three respondents were concerned that their IoT devices might be hacked. Three-quarters of those surveyed said they would look out for third-party IoT certification. “Against this backdrop, we are proud to be the first testing, inspection and certification (TIC) company in Germany to have issued the CSC certificate”, says Florian Wolff von Schutter, Expert for IoT cybersecurity at TÜV SÜD.
A landmark for the IoT market
The new CSC certification mark is modelled on the GS mark for product safety. It inspires trust and transparency in a new and sensitive market. As genuine vendor-independent certification, it is based on international norms and standards such as ETSI EN 303 645. Companies can choose between three certification levels of "Basic", "Substantial" and "High", with the detail and scope of certification increasing level by level. The certification auditing procedure examines all security-relevant processes such as security incident management, security patches and subcontractors. The resulting certificate is valid for three years and covers annual factory inspections including auditing of vulnerability management. The scheme was developed by TÜV-Verband.
In their first certification, the TÜV SÜD experts assessed a connected vacuum robot, including its development and production processes, in accordance with international standards. The audit agenda took in extensive penetration testing, cloud verification and testing of processes relevant for IT security. Florian Wolff von Schutter points out: “In this context an important factor is to ensure security by design, from intermediate products such as integrated circuits to subsequent software updates. The same applies to radio interfaces and the encryption used.” Testing was carried out at testing laboratories in Germany, the UK, the USA and Singapore. TÜV SÜD accompanied the certification, which was successfully concluded within only four months.
For more information about the CSC marking, see: www.tuvsud.com/en-gb/services/product-certification/ps-cert/tuv-sud-csc-certification-scheme