Frequently Asked Questions - Consumer IoT Security Programme

What is the new programme?

The Consumer IoT Security accreditation programme is a service developed and administered by the Global Certification Forum (GCF) that enables manufacturers of connected consumer products to demonstrate that their devices comply with industry specified IoT security requirements.

Why do I need to do this for my device?

Consumers are increasingly aware of the need for connected devices to be created with considerations of personal privacy and security protection at the forefront. Achieving accreditation to industry security standards with a respected, independent organisation such as GCF, enables manufacturers to provide peace of mind to their customers and supply chain.

Which standards is the accreditation programme based on?

The GCF Consumer IoT Security accreditation programme is based on the ETSI EN 303 645 standard for cybersecurity, which is designed to prevent ongoing, large-scale attacks on consumer IoT products.

Do I need to be a GCF member to use this service?

No, the Consumer IoT Security accreditation programme is open to non-members, as well as the members of GCF.

How do I apply for the accreditation?

Manufacturers can achieve accreditation by filling out a security compliance declaration for their product(s). To learn more and apply for accreditation, visit https://iotsecurity.globalcertificationforum.org

How much does accreditation cost, is there a charge per product?

As with all GCF programmes, the Consumer IoT Security programme accreditation is free of charge to GCF members, regardless of the number of product types covered. Companies who are not GCF members can achieve accreditation on payment of a fee of €400 (or USD/GBP equivalent) per product.

Note: The programme is currently available free of charge to non-members until March 31st, 2021.

Are GCF RTOs available to perform the testing required for the product?

Currently the programme is offered as a self-accreditation. No third party testing by GCF Recognised Test Organisations (RTOs) is required. As the programme evolves in the future, the need for third party testing will be investigated.

What kind of products would this programme be suitable for?

The GCF Consumer IoT Security accreditation programme is suitable for any connected consumer product. Examples include smart door locks, TVs, wearables, connected home automation and appliances, connected toys and baby monitors.

How can I access the programme?

To access the programme, visit https://iotsecurity.globalcertificationforum.org/