Security Assessment Timescales - Book Now
New SECAS Mailbox for Modifications and Releases
Version 5.7 of the SEC Designated
Security Assessment Timescales - Book Now
Under electricity supply licence condition 48 (available here) and gas supply licence condition 42 (available here), Small Suppliers who are a Party to the SEC and actively supply electricity/gas to Domestic Premises must become a DCC User by 25th November 2017. In addition pursuant to licence condition 21A.6 and as directed by the Secretary of State letter (available here), Electricity Distribution Networks must become a DCC User by 12th November 2017.
To become a DCC User, Parties must undergo the User Entry Process which includes having a Security Audit. As it stands, less than 25% of all Small Supplier SEC Parties have organised their User CIO Security Assessment.
The SEC Panel have been working with the User CIO, the Security Sub-Committee and Parties to ensure they are equipped to help Parties meet the relevant mandates. However, due to the timescales involved, any Small Supplier Party or Electricity Distribution Network Operator that has not submitted the Security Assessment application form by Friday 14th July 2017 will be unlikely to have completed the assessment process by the DCC User mandate.
Due to resource and availability being finite, even at this stage, the SEC Panel cannot guarantee that preferred dates will be available and therefore, engagement as soon as possible is advised.
SECAS therefore, urges Parties to book a Security Assessment at their earliest convenience, using the application form. Please contact the SECAS Helpdesk if you have any questions on the process.
New SECAS Mailbox for SEC Modifications and Releases
From Monday 12th June 2017, the SECAS Modifications Team will be sending all SEC change-related emails and communications from SEC.Change@Gemserv.com. We also request that from this date anyone wishing to contact the SECAS Modifications Team use this new mailbox.
Please note that the SECAS Helpdesk mailbox (SECAS@Gemserv.com) will still be in use for all other SEC matters and any SEC Change and Release related emails sent to that mailbox will continue to be picked up and forwarded on to the new one.
The creation and use of this new mailbox means that the SECAS Modifications Team will be able to:
- more efficiently manage change and release related emails;
- identify and respond more quickly to customer related queries; and
- provide a single dedicated place for all SEC Change and Release related information to be communicated from.
SEC Version 5.7 of the SEC Designated
SEC 5.7 came into effect from 11th May 2017 implementing Modification Proposal SECMP0033 “Update to CH Handover Support Materials”
SEC Appendix H: CH Handover Support Materials (CHHSM) provides information on how Communication Hubs (CHs) will work in the wider smart metering environment. More specifically, the CHHSM provides details in relation to ordering and installing CH. This Modification Proposal was raised to ensure that the CHHSM fully aligns with the solution the DCC have implemented.
A zip folder containing the SEC Sections is available here, or you can visit the SEC Website to download the Sections, Schedules and Appendices individually.
SECMP0033 ‘Update to CH Handover Support Materials’ was implemented on 11th May 2017 (in SEC Version 5.7), following Change Board’s unanimous vote to approve the Path 3 Modification.
The SEC Panel considered the Initial Modification Report (IMR) for SECMP0035 ‘Updates to SEC Appendix B – Organisation ARL expiration date to be aligned to DCCKI ARL’ at their May 2017 meeting. The Modification Report is nopw out for consultation with a closing date of 5pm, Thursday 8th June 2017.
Following the majority Change Board vote to reject SECMP0021 ‘Increase the representation of the “Other SEC Party” category on the SSC and TABASC’, a SEC Party, who is also the Proposer and a Change Board Member, referred the decision to the Panel for determination. The Panel considered the referral of SECMP0021, and agreed that the Modification Process within the SEC had been followed and there were not sufficient grounds to reverse the Change Board’s decision.
The next Modifications’ Question Hour will be held at 11am on Monday 5th June 2017. Further information and the teleconference details can be found here.
Improvement to usability of Documentation
SECAS have taken on board your feedback and have been updating our documentation in relation to modifications to:
- improve the look and feel;
- improve consistency;
- facilitate a ‘plain English approach’ to improve readability and allow for everyone (regardless of prior knowledge) to easily understand the content; and
- allow industry participants to easily identify up front whether a modification will impact their organisation.
Starting at the end of June 2017, the SEC Modifications Team will begin to introduce our updated documentation and will keep you informed as and when we introduce these documents.
Any feedback you may have will be gratefully received.
The SEC Panel met on 12th May 2017 with the key topics discussed available in the Meeting Headlines here. The Final Minutes, can be found here.
During the meeting, a number of key items were discussed, including:
- The Panel set an assurance status for a number of Parties going through the Security Assessment Process to meet the Large Supplier User Mandate on 25th May 2017. An ex-committee meeting was held on 25th May 2017 to finalise a number of assurance statuses.
- SECAS provided an update on the decision-making activities that have been ongoing in the lead up to DCC Release 1.3 (R1.3) Live, including an update from the Testing Advisory Group (TAG) meeting held on 10th May 2017. A number of outstanding actions remain prior to the Panel holding their decision on R1.3 Systems Integration Testing (SIT) Exit which, the Panel were informed, would be scheduled for the end of June 2017 based on the latest information available.
- Ofgem presented the outputs from the Cross-Code Administration Survey that was undertaken in November 2016. The report recommended a number of improvements and SECAS noted that they would formalise these areas into an action plan to be presented to the Panel at the June 2017 meeting.
The next Panel meeting will be held on 9th June 2017.
Security Sub-Committee (SSC)
The SSC continue to divide their time to two key areas:
- The review of SEC Parties undertaking their Initial User Security Assessment as part of the wider User Entry Process, and providing a recommendation to the SEC Panel on the assurance status that should be set following this review; and
- The wider End-to-End Security Obligations as set out in the Code.
During May 2017, the SSC undertook three Full User Security Assessment reviews of Large Suppliers – with the assurance status recommendation being submitted to the SEC Panel in advanced of the Large Supplier mandate on the 25th May 2017. In addition, the SSC reviewed a Follow-up Security Assessment of a Large Supplier, and again, a recommendation of an assurance status for this party was submitted to the SEC Panel.
In terms of wider work, the Sub-Committee continue to provide support and discus a number of key areas, specifically:
- Providing clarity around Supply Sensitive Checks, specifically around the value-based check and how these must be completed within the User System;
- The legal advice provided by the SECCo Lawyers in regards to a Change of Ownership of organisations and the considerations this may have following a User Security Assessment; and
- The ways in which the User CIO will consider reliance from previous User Security Assessments.
- The end to end risk assessment of smart metering security.
Further information on these discussions can be found under the SSC meeting documentation, found here. The next SSC meeting is 14th June 2017.
Technical Architecture and Business Architecture Sub-Committee (TABASC)
The TABASC are continuing to focus on several key areas, including the development of the Business Architecture Document (BAD).
The final drop of content for the BAD will be provided in June 2017 with a consultation to be issued out to all Parties for opportunity to provide feedback. The consultation is expected to be published following the TABASC meeting in June 2017.
The TABASC have developed Principle 5 – Use of the latest Protocol Standard to be added to the TABASC Principles for Assessing Modification Proposals. The intent of Principle 5 is to ensure developments in relevant open protocol standards used within the Technical Specifications remain fit for purpose. Opportunities include when a SEC Modification requires functionality from a later version of the protocol specification, or when the review of the effectiveness of the End-to-End Technical Architecture identifies constraints or reduced benefit realisation due to the use of older versions of the protocol specifications.
Following discussions with Ofgem on the potential new Modification Proposal Path for specification defect resolution, it was agreed to utilise the existing modification routes for specification defect management in the first instance, until such time it becomes apparent that a new/additional Path is required.
The next TABASC meeting will be held on 15th June 2017.
SMKI Policy Management Authority (SMKI PMA) Update
The SMKI PMA met on 16th May 2017, where the following items were discussed:
- the SMKI & Repository Testing (SRT) Approach Document, with the Sub-Committee agreeing to provide a recommendation to the SEC Panel;
- a progress update on the continued development of the SMKI Recovery Key Guidance, which is being updated following the SMKI Recovery Workshop that was held in March 2017;
- the guidance document that is being produced to assist Network Operators when they create their SMKI Organisation Certificates; and
- requesting the DCC to undertake a review of the reporting mechanisms that might be provided to DCC Users in regards to the activity of their Senior Responsible Officers (SROs) and Authorised Responsible Officers (AROs).
The next SMKI PMA meeting will be held on 20th June 2017.
SECAS continue to develop guidance material for SEC Parties. If you feel your organisation could benefit from more specific and specialised guidance, please contact the SECAS Helpdesk.
Consultation on changing the end date of the Secretary of State Variations on the Self-Service Interface (SSI) functionality as defined in SEC Section H8.16(c)
On 23rd May, the DCC wrote to the panel to request a change in End Date for the Transitional Variation in place for the SSI functionality defined in SEC Section H8.16 (c).
This request has been published for consultation with Parties.
Please find below a link to a consultation document, which explains the change in more detail and the requested revised variation end date. Also provided below is a link to the consultation response form to provide views on the proposed change.
Appendix A - Consultation response form
How do I respond?
If you wish to respond to this consultation, please provide comments by Wednesday, 14th June 2017 by completing the attached response form and submitting it to SECAS (firstname.lastname@example.org).
Data Communications Company's Consultations on the DCC's deliver plan for SMETS1 Services
Energy Suppliers are installing a number of Smart Meters in order to prepare for the main rollout stage of the Smart Metering Implementation Programme (SMIP). The meters in question are, or will be, SMETS1 compliant, and therefore, cannot currently be serviced by the DCC central systems.
It is considered that there will be shared benefits for both industry and consumers from the enrolment of SMETS1 meters into a DCC Service; the ability for all SMETS1 customers to maintain use of their smart services following switching supplier.
In November 2016, in accordance with SEC Section N - the DCC published a consultation on a study of feasible options for the enrolment of SMETS1 meters into a new DCC SMETS1 Service – the draft Initial Enrolment Project Feasibility Report (IEPFR). The draft consultation for IEPFR closed on 20th January 2017 and the DCC submitted the final IEPFR to BEIS on 12th May 2017 (Found here).
In January 2017, the DCC received a Direction from the Secretary of State, to prepare a plan for the delivery of services to support SMETS1 meters.
This consultation constitutes the DCC’s formal consultation on the plan for a SMETS1 Service in accordance with this requirement. The plan has identified several options for the delivery of a SMETS1 Service and are described in the IEPFR.
The closing date for responses to this consultation is 26th May 2017 and can be read in full here.
BEIS - Request for Change 056 - Consulting on DUIS/MMC/SRPD/UISS for Release 2
The RFC was developed to initiate consultation to the following SEC Subsidiary Documents:
- DCC User Interface Specification (DUIS);
- Message Mapping Catalogue (MMC);
- DCC User Interface Services Schedule (UISS); and
- Service Request Processing Document (SRPD).
These documents have been updated to reflect requirements for Release 2. All parties are invited to review these documents.
A supporting ‘Release Note’ is provided for each document that explains the changes made, section by section.
The deadline for comments is 9th June 2017. The draft updated versions of the above documentation can be read here, alongside their Release Notes.
Subject to addressing any consultation comments, it is intended that these documents will be baselined at the Technical and Business Design Group (TBDG) on 21st June 2017.
Pursuant to SEC Section M6.2, each Party is required to ensure that its Party Details remain up-to-date. This will be particularly important for when you commence the DCC User Entry Process, as the DCC checks these details as part of those procedures, for example, the SMKI Registration Authority Policies and Procedures (SMKI RAPP).
If you are expecting or have recently had a change in Party Details, please complete the ‘Change in Party Details’ form as found here and send it to the SECAS Helpdesk.
Spotlight on the SEC - May 2017
On Thursday 18th May, SECAS held its quarterly Spotlight on the SEC. In response to feedback that until now SEC training days have been too London-centric, the session was held in Sheffield, in order to give an opportunity to SEC Parties who had not previously been able to attend. Speakers included various members of the SECAS team and a representative from the DCC. The event was well attended and positive feedback was received.
For a full PDF of the slide pack from the day please follow this link.
The table below shows the current status of SEC Parties.
SEC Parties and Accessions
| || |
| Current SEC Parties|| 223|
| Accession of new Parties to the SEC since last Newsletter || 2|
| Parties withdrawing from the SEC || 0|
| Expulsion of Parties from the SEC|| 0|
| Changes to SEC Panel Member employment status || 0|
A list of SEC Parties can be accessed on the SEC Website via the link provided.
Upcoming SEC Calendar Dates
The following meetings coming up over the next month are accessible via the Meeting Calendar on the SECAS Website.
| Date (2017)||Meetings and Events|
|9th June||SEC Panel Meeting 45 |
|14th June||SSC Meeting 32|
|15th June||TABASC meeting 19|
|20th June||SMKI PMA Meeting 36|
|21st June||SEC Change Board 12|
We are on Twitter and LinkedIn. SECAS are using social media to provide links and other information organisations may find useful. Follow us to stay up to date with developments with the SEC.
2017 SECCo Ltd. All Rights Reserved.