On the 24 April 2019, the SSC approved Version 1.16 of the Security Controls Framework (SCF) for publication. The updates are as follows:
- Updates to SCF Part 1, Section 4.3 to incorporate the SECMP0059 assessment frequency clarification for both Other Users and Non-Domestic Suppliers;
- Updates to SCF Part 1, Section 4.5 to clarify when third and subsequent User Security Assessments should be scheduled. In line with G8.40, the SSC expects the third-year assessment to be scheduled within 12 months of the second-year fieldwork being completed. The cycle will then continue on a 12month rolling basis from this point forwards. Please note that this will take effect from the 1st August 2019 and all current booking arrangements will be honoured.
- Updates to SCF Part 1, Appendix B to expand the security obligations applicable to each user role. This now has further granularity to include Import and Export Supplier as two separate roles, as well as Registered Supplier Agent.
- Updates to SCF Part 2, minor formatting changes as well as a reference to SMETS1 Appropriate Standards – the main guidance is still being developed by the SSC.
Both clean and tracked changed versions of the documents can be found here on our website.