Security Controls Framework Version 1.16 Published

29 April 2019

On the 24 April 2019, the SSC approved Version 1.16 of the Security Controls Framework (SCF) for publication. The updates are as follows:

  • Updates to SCF Part 1, Section 4.3 to incorporate the SECMP0059 assessment frequency clarification for both Other Users and Non-Domestic Suppliers;
  • Updates to SCF Part 1, Section 4.5 to clarify when third and subsequent User Security Assessments should be scheduled. In line with G8.40, the SSC expects the third-year assessment to be scheduled within 12 months of the second-year fieldwork being completed. The cycle will then continue on a 12month rolling basis from this point forwards. Please note that this will take effect from the 1st August 2019 and all current booking arrangements will be honoured.
  • Updates to SCF Part 1, Appendix B to expand the security obligations applicable to each user role. This now has further granularity to include Import and Export Supplier as two separate roles, as well as Registered Supplier Agent.
  • Updates to SCF Part 2, minor formatting changes as well as a reference to SMETS1 Appropriate Standards – the main guidance is still being developed by the SSC.

Both clean and tracked changed versions of the documents can be found here on our website.