To satisfy the SEC security obligations G3.17 – G3.20, it is necessary to have contractual arrangements with your Meter Asset Provider (MAP) or Device manufacturer which clearly states a duty to notify each other as soon as reasonably practical of any material security vulnerability in, or likely cause of a material adverse effect on the security of any hardware, software or firmware which forms part of the Smart Metering System.
SECAS have produced a guidance document which explains how you can make sure you are compliant with G3.17 – G3.20 and it includes:
- The responsibility on you, as it is written in the SEC;
- Suggested contract wording;
- Security Assessment Guidance; and
- Relevant Licence Conditions.