A new cyber security code of practice for manufacturers of safety and security systems has been launched by the British Security Industry Association’s (BSIA) Cybersecurity Product Assurance Group (CySPAG).
The code has been designed to build confidence throughout the supply chain, promoting the secure connection of products and services and delivering client assurance regarding connected solutions. It will assist in the duty of care to other network users, particularly with respect to protecting the integrity of existing cyber security countermeasures, or the implementation of such countermeasures in new solutions, says the BSIA.
The issue of IoT device vulnerability has also been addressed by the UK Government in recent weeks, as it announced plans for a new law to make sure “virtually all smart devices”, including smartphones, meet minimum requirements. The BSIA’s CySPAG also launched a cyber security code of practice for installers in 2020.
Included within the new code of practice is advice on vulnerability threat analysis, default credentials and how to keep devices cyber secure for remote access.
Steve Lampett, Technical Manager, BSIA, said: “Here at the BSIA we have long considered and debated how our industry sector can provide effective cyber secure solutions to end users via its supply chain and we feel that to do this our supply chains must find ways to collaborate and support processes that achieve this.
“The publication of this new code of practice now provides a complete process for supply chains when utilised together with installers adhering to the Installation of safety and security systems – cybersecurity code of practice. This should provide peace of mind for end users in terms of cyber security of their systems, not only when they are installed but throughout the entire contract period.
“The release of this code of practice is the next step in acknowledging a collective stakeholder effort of installers, manufacturers, and designers in providing a cyber secure solution.
“We hope to continue to drive the sector forward with this practical approach when addressing and managing cybersecurity risks. The idea is to steer safety and security practitioners into thinking outside the box on using new technology and equipping our industries with professional tools for the future.”
The recommendations of this code of practice apply in addition to other standards and codes of practice relating to systems and equipment to be installed. Any documentation or checklists mentioned in this code of practice may be combined with those required by the other standards or codes of practice, applying to safety and security systems and their components but can be applied to other devices and systems.
To download Manufacturers of safety and security systems – cybersecurity code of practice, please visit the BSIA’s CySPAG page.
The BSIA will be attending IFSEC Connect and IFSEC International in-person in June and July. Why not join them and find out more about the new cyber security codes of practice for both manufacturers and installers? Secure your place, here >>
Connect 2021 is your first major opportunity to come together with the security industry online from 1-30 June!
The month-long online event will give attendees the opportunity to make up for lost time by browsing security solutions, connecting with suppliers and accessing thought-leadership content - all from the comfort of your own home or workplace!
