Cybersecurity Services
for Consumer Products

For most of the time, consumer products have been regarded and rated only based on their functionalities, and of course their price.

YOUR CHALLENGE

However, recently discovered security vulnerabilities and attacks on such products such as the Mirai botnet are making users more aware about the cybersecurity risks. Moreover, the fact that these products are connected to the same network to which other sensitive services or data is being stored or processes, makes their security impact much larger. Developers and architects determine the security of these products, and international standards and best practices are the best ways to guide security implementations.

How BV can help

Bureau Veritas can support with testing and certification based on the most relevant international publications in the domain of consumer products.

Consumer IoT Certification

Consumer IoT products need to have a very well-thought-out approach towards security assessments and certification. It requires efficient and effective testing, with limited effort and costs. Moreover, such a certification program needs to take into account the high-paced software update process associated with these products. Certification for IoT products (based on Common Criteria or ETSI EN 303 645) is currently voluntary.

On the other hand, there are international discussions on mandating (by regulation) a minimum of security features linked to these connected products. For example, in the EU, the Radio Equipment Directive (RED) will shortly incorporate requirements linked to cybersecurity. These requirements will ask for protection of software updates, confidentiality of personal data, as well as protection against malicious impact on the other components connected to the same network.

Bureau Veritas can support with consumer IoT certification based on ETSI EN 303 645 and Common Criteria, as well as tailored testing in line with the security requirements of the RED.

OUR CAPABILITies
Support and Preparation	- Design Reviews - Security Requirements Development - Threat Modeling - Vulnerability Assessments and Penetration Testing of Hardware, Software and Infrastructure
Compliance and Testing	- ETSI EN 303 645 - P-SCAN (product vulnerability scanning)
Certification/Regulatory	- BV IoT Class 1 (CTIA 1) - BV IoT Class 2 (OWASP) - BV IoT Class 3 (ETSI EN 303 645) - OWASP - IoXT - CTIA - ETSI EN 303 645 - Common Criteria Certification - Radio Equipment Directive (RED) - EUROSMART IoT Certification

P-Scan Vulnerability Scan

BV IoT Cybersecurity Certification

ioXt Certification Testing

Get in touchwith us

First name

Last name

Phone

Company

Country / Territory

How can we help you?

Would you like to receive marketing communication from Bureau Veritas?

Yes

INFORMATION NOTICE TO DATA SUBJECTS
Your personal data are collected by Bureau Veritas Consumer Products Services Division (“BVCPS”), through its entity Bureau Veritas Hong Kong Limited (having its registered office at 1/F, Pacific Trade Centre, 2 Kai Hing Road, Kowloon Bay, Kowloon, Hong Kong), as well as the BVCPS affiliate(s) with which you had, have or will have a business relationship or that otherwise decide(s) which of your personal data is collected and how it is used.  A list of BVCPS affiliates is available at: BVCPS Locations (https://www.cps.bureauveritas.com/sites/g/files/zypfnx236/files/media/document/BVCPS%20Locations_20210611_for%20web.pdf)
Your personal data are subject to computer processing in order to respond to your requests and to provide you with additional information about BVCPS services, events or topics that may be of interest to you on the basis of your consent to the processing of your personal data for that purpose (by checking the box below).
Your personal data are intended for use by the relevant business departments of BVCPS and/or their service providers depending on the nature of your requests, as well as by BVCPS IT department.    Your personal data will be retained until the earlier of (a) one year after the last communication, or (b) your request to delete the personal data. 
Your personal data may be transferred outside the European Union, on the basis of your explicit consent, as the data subject, to the proposed transfer. By checking the box below, you are providing your explicit consent to the proposed transfer, with your acknowledgement of the possible risks of such transfer due to the absence of an adequacy decision pursuant to Article 45 of the General Data Protection Regulation of 27 April 2016 or of appropriate safeguards pursuant to Article 46 of the General Data Protection Regulation of 27 April 2016.
In accordance with the French Data Protection Act of 6 January 1978 as amended and the General Data Protection Regulation of 27 April 2016, you may have the right to access, rectify and erase any personal data concerning you, as well as the right to limit the processing, the right to oppose to the processing or the right to portability of your personal data. You have the right to withdraw your consent at any time by connecting to the site or application (https://personaldataprotection.bureauveritas.com). and unchecking the box dedicated to the collection of your consent. You also have the right to set out general and specific guidelines that define how you intend these rights to be exercised after your death. You can exercise your rights by e-mail at the following address: https://personaldataprotection.bureauveritas.com. Finally, you have a right to lodge a complaint to the Commission Nationale Informatique et Libertés (CNIL) or the relevant authorities in your country.
Fields marked with an asterisk must be filled in. Otherwise, BVCPS would not be able to respond to your requests and/or provide you with additional information.

Cybersecurity Services for Consumer Products