Brisant Secure add smart lock to Secured by Design range

Secured by Design (SBD) member company Brisant Secure have added the Ultion Nuki Plus Smart Residential Lock to their range of SBD accredited products.

The Ultion Nuki Plus has successfully achieved the SBD Secure Connected Device accreditation, an SBD membership requirement for any IoT connected product or service to have achieved.

Founded in 2013, Brisant Secure took the market by storm with built-in real-life security standards based on consumer expectations that redefined security in the hardware industry. The Ultion family of locks offers homeowners the very best in security and protection.

Alfie Hosker, Secured by Design, said: “Brisant continue to expand their Police Preferred Specification range with their Ultion Nuki Plus Smart Residential Lock. Not only does this meet the physical security necessity against criminal attack but also incorporates protection against the cyber-criminal and meets the SBD Secure Connected Device requirement.”

Nick Dutton, CEO of Brisant Secure, said: “We’re really excited to add the Ultion Nuki Plus Smart Lock to our SBD accredited lineup. At Brisant, it’s all about making people feel safe, whether it’s protecting their home from break-ins or guarding against cyber threats. This new accreditation shows that we’re serious about keeping up with both physical and digital security, and we’re proud to offer homeowners a smart lock that truly does both”.

Find out more about Brisant Secure’s range of SBD accredited products here.

The Product Security and Telecommunications Infrastructure Act

The Product Security and Telecommunications Infrastructure Act became law in December 2022, with compliance with the law mandated by 29th April 2024. The law requires manufacturers, importers and distributors to ensure that minimum security requirements are met in relation to consumer connectable products that are available in the UK and provides a robust regulatory framework for non-compliance.

The law applies to all consumer IoT products, including but not limited to:

• connected cameras
• connected safety-relevant products such as door locks
• connected home automation and alarm systems
• Internet of Things base stations and hubs to which multiple devices connect
• smart home assistants
• smartphones
• smoke detectors
• connected fridges, washers, freezers, coffee machines

The legislation covers the following three main security features:

• Consumer IoT devices will not be allowed to have universal default passwords
• Consumer IoT devices will have to have a vulnerability disclosure policy
• Consumer IoT devices will need to disclose how long they will receive software updates

The robust regulatory framework within the law contains an enforcement regime with civil and criminal sanctions aimed at preventing insecure products being made available on the UK market within it. This enforcement regime enables the government to take a range of actions against companies that are not compliant with the law. This includes:

• Enforcement Notices: Compliance notices, Stop notices and Recall notices
• Monetary penalties: the greater of £10 million or 4% of the company’s qualifying worldwide revenue
• Forfeiture: of stock which is in the possession or control of any manufacturer, importer or distributor of the products, or an authorised representative

These minimum security requirements contained within the law are based on the UK’s Code of Practice for Consumer IoT security, the leading global standard for consumer IoT security ETSI EN 303 645, and on advice from the UK’s technical authority for cyber threats, the National Cyber Security Centre.

The regime will also ensure other businesses in the supply chains of these products play their role in preventing insecure consumer products from being sold to UK consumers and businesses.

How can SBD’s Secure Connected Device accreditation help with compliance?

Secured by Design’s (SBD) Secure Connected Device accreditation, developed in consultation with the Department for Science, Innovation and Technology (DSIT), helps companies to get their products appropriately assessed against all 13 provisions of the ETSI EN 303 645 standard, a requirement that goes beyond the Government’s PSTI Act legislation so that companies can not only demonstrate their compliance with the legislation but help protect themselves, their products and customers. It is a unique and recognisable accreditation that highlights products as having achieved the relevant IoT standards and certification.

The SBD Secure Connected Device IoT Assessment identifies the level of risk associated with an IoT device and its ecosystem, providing recommendations on the appropriate certification routes with one of the SBD approved certification bodies. Once third-party testing and independent certification for a product has been achieved, the company can apply to become SBD members, with the product receiving the SBD’s Secure Connected Device accreditation.

In addition, the Secure Connected Device accreditation ensures compliance with evolving government requirements and cyberthreats, via an annual appraisal.

It is an SBD membership requirement for any IoT connected product or service to have achieved the SBD ‘Secure Connected Device’ accreditation.

Compliance with the Secure Connected Device accreditation also sends a clear message to the wider industry of the importance of IoT security and companies accredited to this SBD standard will lead by example and be at the forefront of the IoT revolution and in doing so will help to keep their customers and the public safer from the risk of a cyber breach.

The Secure Connected Device accreditation is the only way for companies to obtain police recognition for the security of their IoT products in the UK.

To start the SBD Secure Connected Device accreditation process or find out more, visit www.securedbydesign.com/IoT