IoT is vast and has many security related issues – how do we go about addressing them?

The answer is collaboratively and in priority order. That’s where the Executive Steering Board and the IoTSF membership work in harmony.

IoTSF has a number of priority working groups to encourage the building of an Internet of Trust – the Working Groups is where the practical work takes place.

Here is a list of the current priority working groups. Each has been assigned an executive steering board champion to bring them to life, and a chair person to ensure progress.

Compliance Framework Working Group

The objective of this working group is to determine, and create guidance for product management, developers and vendors to improve the quality and pervasiveness of security in their IoT products.

The deliverables are publicly accessible documents and checklists covering a comprehensive set of requirements with readily actionable methods, checks and processes. This is increasingly important as international security legislation evolves to control the market. The primary output of the working group is publishing and maintaining the IoT Security Compliance Framework.

  • Board champion: David Rogers, Copper Horse 
  • Chair: Trevor Hall, DisplayLink

Best Practices Working Group

The objective of this working group is to assess the security challenges with IoT products and beyond to produce easy to consume best practice guides and sector specific security architectures. This group’s output can be found on the Best Practice Guidelines page.

  • Board champion: Ken Munro, Pen Test Partners
  • Chair: Jeff Day, BT

Smart Buildings Working Group

This working group has been set up to establish a set of guidelines to help each of the supply chain participants specify, procure, install/integrate and operate/maintain IoT securely in buildings. Find out more

  • Board Champion: Prof. Paul Dorey, CSO Confidential
  • Chairs: Sarb Sembhi, Virtually Informed & James Willison, Unified Security

Assurance Working Group 

This working group’s objective is to assess and produce guidance on the viable routes for IoT security assurance to effectively communicate security capabilities and provide confidence.


  • Board Champion: Stephen Pattison, Arm
  • Chair: Chris Torr, Multos 

Supply Chain Integrity Project 

The Supply Chain Integrity Project’s mission is to help actors throughout the IoT supply chain protect themselves and their customers from cyber-attacks on IoT deployments launched via design, production and distribution processes. The project will gather information on IoT supply chains in order to build a representative model, security analysis of which will lead to a set of prioritised recommendations accessible to a wide audience beyond the security community.

Contributions are sought from hardware and software vendors, system integrators, owners and operators of connected devices and service providers, from all parts of the ecosystem, as well as from security and risk management experts.


  • Board Champion: Haydn Povey, Secure Thingz
  • Chair: Amyas Phillips, Ambotec

About the Working Groups

Each Working Group is populated by IoTSF members who contribute to producing best practice guidelines. Each working group also has project teams within it to achieve specific deliverables.

Members collaborate via physical meetings and via online meeting facilities: i.e. our messaging/document file platform. This allows flexibility for members to discuss and exchange ideas regardless of location. The schedule is organised by each working group chair, and updates are provided regularly between the working groups in face to face / virtual meetings. In this way we ensure members are kept updated and the groups work in harmony.

IoTSF members can join any of the working groups and contribute to creating best practice guidelines.

If you are a member of IoTSF and would like to join any of the working groups, contact us by clicking here and let us know which groups you are interested to join – we’ll take care of the details.

Want to be part of the IoTSF and help raise the quality of IoT security?

Why not Join Us or Make Contact?

Membership Benefits
Membership Prices & Joining
View IoTSF Publications