Section Development History/Status Origin Link (to relevant. documentation) SEC stage 4 consultation. SEC Stage 4 consultation Content first proposed



Similar documents
Incident Management Policy

Smart Metering Implementation Programme: Testing Baseline Requirements Document

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

SMKI Recovery Procedure

Consultation on DCC Enduring Release Management Policy. Consultation opens: 18 September 2015

SMKI Recovery Procedure

Data Communications Company (DCC) price control guidance: process and procedures

Incident Management Policy

Smart Meters Programme Schedule 8.6. (Business Continuity and Disaster Recovery Plan) (CSP North version)

E-Zec Medical Transport Services Ltd

Co-operative Energy, Co-operative House Warwick Technology Park, Warwick CV34 6DA.

Competition and Markets Authority Energy market investigation: Notice of possible remedies Response of Smart DCC Ltd

Information Paper for the Legislative Council Panel on Financial Affairs. Protection of Consumer Credit Data

SCHEDULE 16. Exit Plan. sets out the strategy to be followed on the termination (including Partial Termination) or expiry of this Agreement; and

Spotlight on the SEC Seminar. 23 rd October :00 15:00

Policy Document Control Page

NOTICE ON OUTSOURCING

DATA AND PAYMENT SECURITY PART 1

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

Operations update - DCC Industry Day 25 th March 15

BUSINESS ASSOCIATE AGREEMENT

Appendix A. Call-off Terms and Conditions for the Provision of Services

The Installation, Maintenance and Removal of Data Logging Equipment on Scottish Water s Water Revenue Meters. Terms and Conditions

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

1.4 For information about our management of your other personal information, please see our Privacy Policy available at

technical factsheet 176

Asset Protection Agreement Templates - Customer Explanatory Notes. Explanatory Notes on Asset Protection Agreement

For the purposes of this Chapter: by a national of a Party in the territory of the other Party;

Privacy and Electronic Communications Regulations

Customer Service Charter Guidelines

Legislative Language

Smart Meters Programme Schedule 1 (Interpretation and Definitions) (CSP Central version)

Distribution Agreement for the ENC Service by and between Norwegian Hydrographic Service and. Agreement No.:.. Version No.: 1.0

SCHEDULE 3. Milestones and Deliverables. Redacted Version

SaaS. Business Associate Agreement

Terms of Reference Annex: Energy Sector

BUSINESS ASSOCIATE AGREEMENT. (Contractor name and address), hereinafter referred to as Business Associate;

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Council, 14 May Information Governance Report. Introduction

Supervisory Policy Manual

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

TERMS & CONDITIONS of SERVICE for MSKnote. Refers to MSKnote Limited. Refers to you or your organisation

THE UK GREENHOUSE GAS EMISSIONS TRADING SCHEME 2002

Standard conditions of electricity supply licence

CLINICAL NEGLIGENCE SCHEME FOR TRUSTS

Terms of Reference Annex: Energy Sector

Kinetic Internet Limited

NSW Government Digital Information Security Policy

SOFTWARE DEVELOPMENT AGREEMENT

Thames Water Utilities Limited. Settlement deed

Title: Mr Mrs Ms Others... Family Name (in block letters):... First Names (in block letters):... NIC No:...Nationality:...

Professional Solutions Insurance Company. Business Associate Agreement re HIPAA Rules

Contract Terms and Conditions for the supply of gas and electricity by Kensington Power Limited to Small & Medium Enterprises and Micro-Businesses

Objective and key requirements of this Prudential Standard

This form may not be modified without prior approval from the Department of Justice.

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

CERM NEGOTIATING FRAMEWORK NEGOTIATED DISTRIBUTION SERVICES. 1 July 2015

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

SCHEDULE 25. Business Continuity

How To Register A Power Plant On The Em Delivery Body Website

Updated SIT1 functionality (annex to SIT Approach Document) request for SEC Panel approval

Spillemyndigheden s Certification Programme Change Management Programme

HIPAA Business Associate Contract. Definitions

Global Research Alliance Charter

DATED and - (2) [SUPPLIER NAME] FRAMEWORK AGREEMENT

Rothschild Visa Card Terms and Conditions

Electricity Settlements Company Ltd Framework Document

TITLE III INFORMATION SECURITY

BUSINESS ASSOCIATE AGREEMENT

Release 3.2 Oct 2009.

UK-London: IT services: consulting, software development, Internet and support 2011/S CONTRACT NOTICE. Services

Privacy Statement. What Personal Information We Collect. Australia

Appendix : Business Associate Agreement

CREDIT REPORTING PRIVACY CODE (CR Code) Draft v.3.1

Informatics Policy. Information Governance. Network Account and Password Management Policy

DATED 1 JUNE The DISTRIBUTION BUSINESSes as named herein. - and - The SUPPLIERs as named herein. - and - Elexon Limited (as the BSC Agent)

Support and Tenant Education Program Information Management System (STEPIMS) Agency Case Enquiry Access

PII Compliance Guidelines

Protective security governance guidelines

General Protocol relating to the collaboration of the insurance supervisory authorities of the Member States of the European Union March 2008

SPECIAL CONDITIONS PART A SPECIFIC CONDITIONS OF CONTRACT

Transcription:

SECTION O development version [This is a development version of Section O. It contains: The designated content (currently SEC4.5 as at 28 th September 2015) Black text Content that has been concluded on but not yet designated (Blue Text) Further changes, currently undergoing consultation (Red Text) Any Secretary of State variation directions are shown as footnotes (Green Text) within the relevant Paragraphs Note this wording may be revised as part of the publication of any consultation conclusions The purpose of this development version is to clearly show that while some wording is designated, other wording is yet to be designated. With it further subject to development and revision through subsequent consultations from DECC. To aid navigation the following table signposts the source(s) and status of text that is either undergoing consultation or has been concluded, but not yet designated. Note Any wording that has been deleted as part of a SEC conclusion or consultation, is not included. This development version will be updated following publication of consultation conclusions and subsequent SEC designations.] Section Development History/Status Origin Link (to relevant O1 SEC Stage 4 consultation Content first proposed SEC Stage 4 consultation (30 June 2014) documentation) SEC stage 4 consultation March 2015 Smart Energy Code Government Response Consultation on new Smart Energy Code content and related licence amendments July 2015 March 2015 SEC Government Response (26 March 2015) New SEC content consultation (16th July 2015) March 2015 SEC Government response July 2015 consultation

Section Development History/Status Origin Link (to relevant documentation) O2 Current Status: Proposed content concluded on but not designated or active Further content undergoing consultation SEC Stage 4 consultation Content first proposed SEC Stage 4 consultation (30 June 2014) SEC stage 4 consultation O3 March 2015 Smart Energy Code Government Response Current Status: Proposed content concluded on but not designated or active No further content undergoing consultation SEC Stage 4 consultation Content first proposed March 2015 SEC Government Response (26 March 2015) SEC Stage 4 consultation (30 June 2014) March 2015 SEC Government response SEC stage 4 consultation SEC4A Government response commentary of moving some content of Section O3 into a Subsidiary Document (the Non Gateway Interface Specification). SEC4A Government Response (17 November 2014) SEC stage 4 consultation O4 March 2015 Smart Energy Code Government Response Current Status: Proposed content concluded on but not designated or active No further content undergoing consultation SEC Stage 4 consultation Content first proposed March 2015 SEC Government Response (26 March 2015) SEC Stage 4 consultation (30 June 2014) March 2015 SEC Government response SEC stage 4 consultation March 2015 Smart Energy Code Government Response March 2015 SEC Government Response (26 March 2015) March 2015 SEC Government response

Section Development History/Status Origin Link (to relevant Current Status: Proposed content concluded on but not designated or active No further content undergoing consultation documentation)

SECTION O: NON-GATEWAY COMMUNICATIONS O1 NON-GATEWAY INTERFACE Obligation to Maintain the Non-Gateway Interface O1.1 The DCC shall maintain the Non-Gateway Interface in accordance with the Non- Gateway Interface Specification, and make it available to: Eligible Non-Gateway Suppliers to send and receive communications in accordance with the Non-Gateway Interface Specification; and Non-Gateway Suppliers for the purpose of undertaking the tests necessary to satisfy the entry process set out in the Non-Gateway Interface Specification. O1.2 The DCC shall ensure that the Non-Gateway Interface is available at all times (subject to Planned Maintenance undertaken in accordance with Section H8.3). Communications to be sent via Non-Gateway Interface O1.3 The DCC and each Non-Gateway Supplier shall use the Non-Gateway Interface for the purposes of sending the communications outlined in the Non-Gateway Interface Specification. O1.4 The communications required to be sent via the Non-Gateway Interface under Section O1.3 shall only be validly sent for the purposes of this Code if sent in accordance with the Non-Gateway Interface Specification. O1.5 No Party may use the Non-Gateway Interface for any purpose other than as set out in Section O1.3. Use of User IDs O1.6 A Supplier Party wishing to act as a Non-Gateway Supplier may obtain a User ID in accordance with Section H1 (User Entry Process), notwithstanding that the Supplier Party does not intend (at that time) to become a User. O1.7 Sections H1.5 and H1.6 (User IDs) shall apply to the DCC and Non-Gateway Suppliers as if there were User Roles of 'Non-Gateway (Electricity) Supplier' and

'Non-Gateway (Gas) Supplier' (and as if the only Parties eligible for such roles are Supplier Parties that are not Users in the User Roles of 'Import Supplier' and 'Gas Supplier' respectively). A Party that is both a Non-Gateway (Electricity) Supplier and a Non-Gateway (Gas) Supplier may use the same User ID for both roles. O1.8 Where a Party that was a Non-Gateway (Electricity) Supplier becomes a User for the User Role of 'Import Supplier', that Party shall use its Non-Gateway Supplier (Electricity) User ID(s) (as referred to in Section O1.7) for that User Role (but without prejudice to its right to obtain new User IDs in accordance with Section B2 (DCC, User and RDP Identifiers)). O1.9 Where a Party that was a Non-Gateway (Gas) Supplier becomes a User for the User Role of 'Gas Supplier', that Party shall use its Non-Gateway Supplier (Gas) User ID(s) (as referred to in Section O1.7) for that User Role (but without prejudice to its right to obtain new User IDs in accordance with Section B2 (DCC, User and RDP Identifiers)). Non-Gateway Interface Tests O1.10 The DCC shall provide a means by which Non-Gateway Suppliers can undertake Non- Gateway Interface Tests as described in Section H14 (Testing Services). Each Non- Gateway Supplier that undertakes tests pursuant to the Non-Gateway Interface Tests shall do so in accordance with Section H14 (Testing Services). Non-Gateway Supplier Entry Guide O1.11 The Code Administrator shall establish and publish on the Website a guide to the process to be followed by Non-Gateway Suppliers seeking to become Eligible Non- Gateway Suppliers. Such guide shall: identify any information that a Party is required to provide in support of its application to become an Eligible Non-Gateway Supplier; and include a recommendation that each Party undertakes a privacy impact assessment in accordance with the Information Commissioner s guidance concerning the same (but there shall be no obligation under this Code to do so).

O1.12 The DCC will notify a Party whether or not its application to become an Eligible Non-Gateway Supplier has been successful. Disputes Regarding Entry Process O1.13 Where a Party wishes to raise a dispute in relation to its application to become an Eligible Non-Gateway Supplier, and to the extent that the dispute relates to: the establishment of an Organisation Certificate, then the dispute shall be determined in accordance with Section L7 (SMKI and Repository Entry Process Tests); or any matters other than those referred to above, then the dispute may be referred to the Panel for determination. O1.14 Where a Party disagrees with any decision of the Panel made pursuant to Section O1.13, then that Party may refer the matter to the Authority for its determination, which shall be final and binding for the purposes of this Code.

O2 OBLIGATION TO CHANGE CREDENTIALS Obligation on Non-Gateway (Electricity) Suppliers O2.1 Where a Non-Gateway (Electricity) Supplier becomes the Import Supplier for a Smart Metering System, the Non-Gateway (Electricity) Supplier shall ensure that (within 24 hours of it becoming the Import Supplier) any Device Security Credentials which pertain to a Supplier Party on any Device comprising part of that Smart Metering System are those of the Non-Gateway (Electricity) Supplier. Obligation on Non-Gateway (Gas) Suppliers O2.2 Where a Non-Gateway (Gas) Supplier becomes the Gas Supplier for a Smart Metering System, the Non-Gateway (Gas) Supplier shall ensure that (within 24 hours of it becoming the Import Supplier) any Device Security Credentials which pertain to a Supplier Party on any Device comprising part of that Smart Metering System are those of the Non-Gateway (Gas) Supplier. Threshold Volumes O2.3 Each Eligible Non-Gateway Supplier shall notify the DCC from time to time of that supplier's Non-Gateway Supplier Threshold Volume (such notification to be made in accordance with the Non-Gateway Interface Specification). O2.4 Each Eligible Non-Gateway Supplier shall ensure that the Non-Gateway Supplier Threshold Volume notified to the DCC from time to time is set at a level designed to ensure that it will function when used as an effective means of detecting any Compromise to any relevant part of its Non-Gateway Supplier Systems. O2.5 Each Eligible Non-Gateway Supplier shall: (c) keep its Non-Gateway Supplier Threshold Volume under review, having regard to the need to ensure that it continues to function as described in Section O2.4; for this purpose have regard to any opinion provided to it by the Security Sub-Committee from time to time; and where the level of its Non-Gateway Supplier Threshold Volume is no longer appropriate, set a new Non-Gateway Supplier Threshold Volume.

O3 PROCESSING OF NON-GATEWAY COMMUNICATIONS O3.1 A Non-Gateway Supplier that becomes subject to the obligation set out in Section O2.1 (Obligation on Non-Gateway (Electricity) Suppliers) or O2.2 (Obligation on Non-Gateway (Gas) Suppliers) shall send an NGI Change of Credentials Request to the DCC via the Non-Gateway Interface by such point in time as is reasonably necessary to ensure that the request is processed in time to meet that obligation (and shall, where such request is not successfully processed, send a further NGI Change of Credentials Request to the DCC via the Non-Gateway Interface). O3.2 Where the DCC receives an NGI Change of Credentials Request from an Eligible Non-Gateway Supplier, the DCC shall process the request in accordance with the Non-Gateway Interface Specification. Role of the NGI Party O3.3 Following the successful processing of an NGI Change of Credentials Request in accordance with the Non-Gateway Interface Specification, the NGI Party shall send a CoS Update Security Credentials Service Request to the DCC in relation to each of the relevant Devices associated with the MPAN or MPRN that was the subject of that NGI Change of Credentials Request in order to replace the relevant Device Security Credentials on each such Device with those of the relevant Non-Gateway Supplier. O3.4 The CoS Update Security Credentials Service Request sent by the NGI Party to the DCC shall be Digitally Signed by the NGI Party in each case. O3.5 The NGI Party shall send the CoS Update Security Credentials Service Request in order that the relevant Device Security Credentials are replaced on, or as soon as is reasonably practicable after, the date upon which the Non-Gateway Supplier becomes the Responsible Supplier for the relevant Device.

O4 SECURITY OBLIGATIONS O4.1 Each Non-Gateway Supplier shall use its reasonable endeavours to ensure that its Non-Gateway Supplier Systems are protected from unauthorised use and from installation and execution of unauthorised software. O4.2 Each Non-Gateway Supplier shall establish, maintain and implement processes for the identification and management of the risk of its Non-Gateway Supplier Systems being Compromised. O4.3 Each Non-Gateway Supplier shall carry out an assessment of such processes for the identification and management of risk where such assessments are designed to identify any vulnerability of its Non-Gateway Supplier Systems to Compromise: (c) on at least an annual basis; on any occasion on which it implements a material change to its Non- Gateway Supplier Systems; and on the occurrence of any Major Security Incident in relation to its Non- Gateway Supplier Systems. O4.4 Where, following any assessment of its Non-Gateway Supplier Systems in accordance with Section O4.3, any material vulnerability has been detected, the Non- Gateway Supplier shall use its reasonable endeavours to ensure that the cause of the vulnerability is rectified, or the potential impact of the vulnerability is mitigated, as soon as is reasonably practicable. O4.5 Each Non-Gateway Supplier shall implement controls which are proportionate to the potential impact of each part of its Non-Gateway Supplier Systems being Compromised. O4.6 Each Non-Gateway Supplier shall develop, implement and maintain procedures in relation to the secure management of all Secret Key Material of the Non-Gateway Supplier, which shall in particular make provision for: the security of that Secret Key Material throughout the whole of its lifecycle from its generation to its destruction;

(c) the manner in which that Secret Key Material will be registered, ordered, generated, labelled, distributed, installed, superseded and renewed; and the verifiable destruction of that Secret Key Material. O4.7 Each Non-Gateway Supplier shall, on the occurrence of a Major Security Incident in relation to its Non-Gateway Supplier Systems, promptly notify the Security Sub- Committee and the DCC in accordance with the incident management provisions of the Non-Gateway Interface Specification.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information