How can I ensure I comply with SEC G3.17 – G3.20 prior to my User Security Assessment?

4th February 2019

To satisfy the SEC security obligations G3.17 – G3.20, it is necessary to have contractual arrangements with your Meter Asset Provider (MAP) or Device manufacturer which clearly states a duty to notify each other as soon as reasonably practical of any material security vulnerability in, or likely cause of a material adverse effect on the security of any hardware, software or firmware which forms part of the Smart Metering System.

SECAS have produced a guidance document which explains how you can make sure you are compliant with G3.17 – G3.20 and it includes:

  • The responsibility on you, as it is written in the SEC;
  • Suggested contract wording;
  • Security Assessment Guidance; and
  • Relevant Licence Conditions.
SEC Section G3.17 - G3.20 - FAQs