The purpose of the IoTSF’s Best Practice working group is to produce short, one-page sheets stating the best practice approach to various topics.

Further detail can be found HERE explaining the thinking behind the text and bullet points. The guides also map to various items in the IoTSF Assurance Framework, so everything is linked at different levels to suit to readership and situation.

The aim is for each guide to have carefully crafted, concise text that keeps each guide down to a single page – the idea being that a designer/developer can sit at their workbench, pin the guide on their cork board, and use the guides as an aide memoire of how to develop their solution.

Members’ platform

– All documents can be found on our members’ platform at: Best Practice Working Group > Docs & Files
– All of the best practice guides are stored in Docs & Files > BPG
– The draft documents that will eventually go into a published guide pack are held in ‘Master Drafts (only!)’
– Draft documents that go into a final release pack (e.g. Release 2) are copied into a dedicated release folder, e.g. ‘2 Release Guides’. From here it gets turned into the official BPG release pack
– The editor would compile contributor input from the ‘Supplementary Material’ sub-folders and write up a draft of a new guide (or edit an existing) and store it in ‘Master Drafts’
– Reviewers then look at the draft and add further comments or content into the relevant ‘Supplementary Material’ sub-folder. Over time, a draft is worked-up until everyone is satisfied with it

Updates

There has been a review of all BPGs in ‘Master Drafts’, and all links have been checked. Draft numbers have been ‘upped’ and that new version has been added into ‘Master Drafts’.

Documents changed in ‘Master Drafts’

Executive Summary
Physical Security (B)
Device Secure Boot (C)
Secure Operating System (D)
Application Security (E)
Credential Management (F)
Encryption (G)
Network Connections (H)
Software Update Policy (L)
Assessing Secure Boot Process (M)
Software Update Signing (N)
Side Channel Attacks (P)

What’s next?

The next meeting of the Best Practice working group will take place on Thursday 21st May 2026. Go to our members’ platform for the meeting link.

We will select a new group chair and co-chair and review existing guides to ensure their content is still current. There is also a need to ensure that cross-referencing is current between BPGs and the Assurance Framework, as well as seeking ideas for new BPGs.

Much appreciated

Many thanks to the former IoTSF Best Practice WG chair, Jeff Day, for conducting this review and making the updates.