Best Practice User Mark FAQ and Terms of Use

By downloading and using the Best Practice User Mark the user agrees to abide by the terms and conditions expressed in this FAQ.

Who can use the best practice user mark?

Organisations that use (follow and implement) the latest IoT Security Assurance Framework (Framework) and associated guidance documentation provided by the IoT Security Foundation (IoTSF) can use the Best Practice User Mark (‘user-mark’).

What is the purpose of the user-mark?

It is intended to help companies quickly communicate to their market that they have considered the security needs of a particular product and taken measures to implement fit for purpose security features.

It also demonstrates that the company understands that security is crucial for IoT and is conscious of their responsibilities as a supplier of IoT products or services.

How should the user-mark be used?

The user-mark is intended to be used in marketing literature such as web pages, product sheets, presentation materials or product packaging.

Do I have to be a member of IoTSF to use the user-mark?

No. Much of the guidance provided by IoTSF is free to download and use as IoTSF aims to reduce the barriers to providing good security. All we ask is that you use the user-mark in good faith and as intended. You might also consider joining too of course if you’d like to be part of IoTSF’s community and/or support our mission.

Are there any fees for using the user-mark?

No.

Where can I find the Framework?

The current IoT Security Assurance Framework can be found on THIS PAGE. The companion Questionnaire to record conformance is a member-only asset.

How can I prove I have used the Framework?

The Questionnaire is used to collect and record evidence to support self-certification against the Framework – the video explains how to use it.

What is expected from users of the user-mark?

• Users of the mark are expected to uphold the IoTSF values of security first, the fitness of purpose and resilience.
• Users will also demonstrate IoT security stewardship and maintain cyber security hygiene throughout their products and/or services.
• Users are expected to consider the needs of their immediate customers and how the wider IoT stakeholders could be affected indirectly by their outputs.
• Users of the mark should respond to specific questions relating to their security posture by customers and/or stakeholder organisations – such as organisational processes and/or product security features.

Does the user-mark offer any guarantees to purchasers?

No. The user-mark is part of the IoT Security Foundation’s efforts to promote awareness and excellence in IoT security. It is used voluntarily and offers no guarantee as to the user’s claim of using IoTSF guidance materials. Third parties should not rely on the mark as a statement of fact and are encouraged to conduct their own diligence to ensure their specific security needs are satisfied. The completed questionnaire may be used as supporting evidence in conducting due-diligence.

Where can I get the user-mark?

You can download the user-mark from the IoTSF website as a registered user (which is quick, free and also gives access to our guidance materials).