This modification was implemented on 29 November 2020 as part of the November 2020 SEC Release.
What is the issue?
The Security Sub-Committee (SSC) has confirmed that the obligations in SEC Section G ‘Security’ G4.2 and G4.3 apply to Authorised Responsible Officers (AROs) and that AROs should be subject to security screening to British Standard (BS) 7858:2019 or equivalent. However, this obligation isn’t made explicit in the Appendix D ‘SMKI Registration Authority Policies and Procedures’ (SMKI RAPP) which is followed by Users and the Data Communications Company (DCC) Registration Authority in processing applications for the appointment of AROs. Failure to comply with the obligation in Section G4.3 will result in a non-compliance being raised during a User Security Assessment.
What is the solution?
The Proposed Solution is to amend the sections of the SMKI RAPP that explain the process of the becoming an ARO, making it clear that AROs must be subject to BS 7858:2019 or equivalent. SEC Parties should not be impacted by this modification as they should already be screening AROs under the obligation in Section G4.3.
Who is impacted?
No Parties are impacted
What SEC documents are affected?
Appendix D ‘SMKI Registration Authority Policies and Procedures’
This is the April 2024 SEC Modifications Working Group meeting, where we will be discussing: MP085B ‘Synchronisation of Smart Meter voltage measurement periods (meters currently installed)’ MP244 ‘Device Alerts
This is the April 2024 SEC Issues Group meeting, where we discussed: PPM continuity plan Please see the meeting summary here: SEC Issues Group Meeting Summary - April 2024 (CLEAR)
By subscribing you consent to receiving the SECAS newsletter.
Manage Cookie Consent
This website uses cookies. Please choose which categories of cookies you would like to enable.
Functional cookies
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
