Brian Sims

BSIA issues updated Code of Practice on cyber exposure mitigation

THE BRITISH Security Industry Association (BSIA) has updated its manufacturers’ Code of Practice that makes recommendations on the design, testing and production of safety and security products with a cyber exposure, while aligning with major new UK legislation.

Manufacturers of Safety and Security Systems: Cyber Security Code of Practice is based on international industry Best Practice regarding cyber security and refers to recognised guidance and standards applied to safety and security systems.

Crucially, it aligns with the UK’s consumer connectable product security regime, the Product Security and Telecommunications Infrastructure Act 2022, which is now in effect for relevant connectable products.

A previous iteration of this Code of Practice was released in 2021. It encompasses many of the key requirements of the Act and, in many aspects, goes beyond them.

The Code of Practice, which underpins the BSIA’s manufacturer-focused cyber assurance registration scheme, will assist in providing confidence throughout the supply chain by promoting the secure connection of products and services.

Its overriding aim is to deliver client assurance regarding connected solutions, assisting the supply chain in its Duty of Care to other network users, particularly with respect to protecting the integrity of existing cyber security countermeasures or the implementation of such countermeasures in new solutions.

In alignment

Graham Evans, technical officer at the BSIA, explained: “We’re pleased to announce the release of our updated Code of Practice incorporating the relevant references to the Product Security and Telecommunications Infrastructure Act 2022.”

Evans continued: “We’re delighted to see the requirements in the Act are aligned with our own Code of Practice. Once again, this demonstrates the forward-thinking nature of our member companies to ensure their products and services keep pace with the latest security standards and legislation.”

Welcome addition

Glenn Foot, chair of the BSIA’s Cyber Security Product Assurance Group (CySPAG) explained: “The Product Security and Telecommunications Infrastructure Act 2022 is a welcome addition to the world of cyber security, but it must be noted that it only covers the basics. There are likely to be additional requirements in the future.”

Further, Foot observed: “Cyber-responsible manufacturers should be striving to exceed these minimum requirements in order to give their customers the highest level of confidence in relation to cyber security. To support manufacturers in exceeding the Act’s requirements, the CySPAG scheme provides guidance on Best Practice and recognition for manufacturers for going beyond the bare minimum when it comes to cyber security.”

*Copies of Manufacturers of Safety and Security Systems: Cyber Security Code of Practice are available to BSIA members on the CySPAG website alongside details about how to join the CySPAG registration scheme, which is open to both BSIA and non-BSIA member businesses

Company Info


Anbrian House
1 the Tything

Login / Sign up