One of the UK's premier testing and certification houses for security products, Sold Secure, has launched a new standard to support businesses who produce or supply Internet of Things (IoT) connected locks (smart locks).
The new SS504 – Specification for Smart Locks in use within Domestic and Similar Buildings standard will ensure that the physical, technical and connectivity security are thoroughly tested, approved, and granted a unified standard of endorsement for both IoT security and physical attack.
Internet of Things (IoT) connected security devices - often referred to as ‘smart locks’ - are a revolutionary technology that has transformed the way we secure our homes and properties. These locks utilise connectivity options that allow users to control the security of their property remotely through a smartphone app, or other form of credential, enabling the ability to grant access to individuals without the need for physical keys. This is particularly useful for homeowners who frequently have guests or service providers visiting their property.
With a smart lock, you can easily generate temporary access codes or send virtual keys to authorised individuals, ensuring that you maintain control over who enters your home.
Additionally, smart locks can send real-time notifications to your smartphone, allowing you to monitor and control access to your property. Furthermore, smart locks can integrate with other smart home devices, creating a seamless and interconnected ecosystem. For example, you can set up routines that automatically unlock the door when you arrive home or lock it when you leave. These benefits and level of convenience smart locks offer has makes them attractive to many.
Unfortunately, until recently there has been no definitive answer to this question. Traditional security products undergo rigorous testing and adhere to standards like SS301 Specification for Mechanical Security Systems for Domestic Buildings or SS312 Specification for Cylinders for Locks. However, there has been a lack of standards to evaluate the physical, technical and connectivity security (hacking) of the security device as a holistic approach.
The Government introduced new legislation, the Product Security and Telecommunications Infrastructure (PSTI) Bill, which requires manufacturers, importers and distributors who produce or supply IoT connected products to ensure that minimum security requirements are met in relation to consumer connectable products that are available to consumers and provides a robust regulatory framework to tackle those who do not comply with this law.
Companies now have less than four months to ensure compliance with the Act, with the government mandating compliance by 29th April 2024.
The new Sold Secure SS504 – Specification for Smart Locks in use within Domestic and similar Buildings provides a benchmark for assessing the security of these devices, ensuring the physical, technical and connectivity security are thoroughly tested, approved, and granted a unified standard of endorsement for both IoT security and physical attack.
Testing will ensure that connected security devices meet the requirements of TS621, a standard that will test not only the electronic component of the product but also the credentials (e.g. fobs) that may be used to activate them. The physical security of the products will be attack tested by experts at Sold Secure to meet the requirements of standard SS301 Bronze and if the product has a cylinder to SS 312.
The smart product will also have to be assessed and certified against the ETSI EN 303 645 standard, which ensures that all IoT devices meet a security baseline to help prevent large-scale, prevalent attacks against such devices. Sold Secure work closely with other IoT certification bodies who will conduct the testing against the ETSI EN 303 645 standard.
This standard sets a new benchmark in the security industry, providing an all-encompassing and dependable solution to help determine the security levels of these connected security devices. It presents an exciting opportunity for Connected Security Devices to be integrated into newly constructed homes, whilst still ensuring compliance with the security guidelines outlined in Approved Document Q of the Building Regulations.
Justin Freeman, Technical Manager for the Master Locksmiths Association (MLA) Group said:
"Sold Secure has been working very closely with Secured by Design (SBD) to ensure that the level of security that has been set within this specification is correct. By out-sourcing some of the testing to credible test laboratories and mixing that with Sold Secure mechanical expertise we believe this specification is fit for purpose.”
Jon Cole, Chief Operating Officer at Secured by Design, said:
“We warmly welcome the new SS504 standard, which encapsulates the full TS621 requirements and builds upon them by incorporating the IoT requirements of the ETSI EN 303 645, in doing so ensuring that the product meets the legal requirements set out in the PSTI Act 2022, which comes into force on the 29th April this year. This is a positive step forward and addresses both the physical and cyber security elements of smart products. SS504 will further reduce crime and protects consumers when using such devices in homes, businesses or public spaces”.