MP127 SMKI RAPP Security Screening clarification

Proposer Gordon Hextall
Lead Analyst Joe Hehir
Date raised 11/05/2020
StageImplemented
Implementation date 29/11/2020 (Nov 20 SEC Release)
Latest update This modification was implemented on 29 November 2020 as part of the November 2020 SEC Release.

What is the issue?

The Security Sub-Committee (SSC) has confirmed that the obligations in SEC Section G ‘Security’ G4.2 and G4.3 apply to Authorised Responsible Officers (AROs) and that AROs should be subject to security screening to British Standard (BS) 7858:2019 or equivalent. However, this obligation isn’t made explicit in the Appendix D ‘SMKI Registration Authority Policies and Procedures’ (SMKI RAPP) which is followed by Users and the Data Communications Company (DCC) Registration Authority in processing applications for the appointment of AROs. Failure to comply with the obligation in Section G4.3 will result in a non-compliance being raised during a User Security Assessment.

What is the solution?

The Proposed Solution is to amend the sections of the SMKI RAPP that explain the process of the becoming an ARO, making it clear that AROs must be subject to BS 7858:2019 or equivalent. SEC Parties should not be impacted by this modification as they should already be screening AROs under the obligation in Section G4.3.

Who is impacted?

No Parties are impacted

What SEC documents are affected?

Appendix D ‘SMKI Registration Authority Policies and Procedures’

Timeline

11 May 2020
Draft Proposal raised
19 Jun 2020
Modification Report approved by the Panel
22 Jun 2020
to
10 Jul 2020
Modification Report Consultation
22 Jul 2020
Change Board vote
26 Aug 2020
Change Board vote

Modification documents

MP127 Conclusions Report v1.0
03/09/2020
MP127 Modification Report Consultation
22/06/2020
MP127 Legal Text v2.0
22/06/2020
MP127 Modification Report v1.0
11/05/2020
No files
No files
No files
No files
No files

If you believe there is a problem with this modification, please let us know HERE.

Feedback
close slider