CySPAG Installer Scheme
The objective of this scheme is to allow installation organisations to be recognised as responsible installers, and maintainers of connected products. For an Installation organisation to be recognised as a CySPAG Registered Installer, they will need to declare in writing that they have the necessary Policy and Procedures in place to meet the Scheme requirements and that they commit to following these Policy and Procedures.
​
Policy and Procedures
CySPAG has prepared a default set of policies and procedures, outlined in BSIA Form 369, to meet the requirements of the scheme. Alternatively, installation organisations may create their own policies and procedures, which should be written to ensure compliance with BSIA Form 369.​
​
Some key policies of BSIA Form 369 include:​​​​​​​​​​​​​​​​​​
Installation organisation will perform due diligence regarding equipment deployed.
.png)
Install devices and applications securely, true to manufacturer recommendations.
Ensure the security of the network is not compromised by the installation.
Check and apply security updates in a timely manner to keep devices protected.
Inform the client if the manufacturer withdraws from security update support.
Objectives and Benefits​
-
Risk reduction: Ensures connected security products are designed, installed, and maintained with cybersecurity in mind
-
Industry alignment: Codes align with the UK's PSTI Act 2022, often surpassing its baseline requirements
-
Supply‑chain confidence: Enables end users and integrators to choose CySPAG-registered companies and products for demonstrably secure solutions when working on IT networks.
​
Cyber News and Updates
The CySPAG Scheme is reviewed periodically to remain current with regards to technological updates, industry best practice, and ongoing advancements in cyber and physical security. The latest review of the CySPAG Installer Scheme was: July 2025.
​
To view organisations signed up to the CySPAG Registered Installer Scheme, click below.