Security Controls Framework »

Security Controls Framework

It is a requirement under Smart Energy Code (SEC) Section H1.10, that all SEC Parties undergo an Initial Full User Security Assessment as part of the User Entry Process to become a DCC User.

Each User shall be independently assessed by the User Competent Independent Organisation (User CIO). The User CIO is appointed by the SEC Panel to undertake security assessments on their behalf, and the assessment type and cycle varies by User role in both their approach and coverage of SEC obligations.

The purpose of these assessments is to provide confidence to SEC Parties (via the SEC Panel) on the compliance status of each User. To allow the SEC Panel to make this assessment, each User is assessed against SEC obligations via a Security Controls Framework (SCF).

The SCF is an essential and comprehensive guide to security assessments, which are part of the process to become a Data Communications Company (DCC) live User. The framework provides an overview of the process from start to finish, giving clear guidelines on what can be expected in the assessment. This includes the types of evidence that can be used to demonstrate compliance with the SEC obligations set out in sections G3 to G6.

The SCF should be used by all SEC Parties going through the security assessment process in order to become a DCC live user. The SCF provides valuable guidance to prepare users for the process to ensure an efficient assessment. This, in turn, may reduce the time taken to have the assessment and therefore the cost. More information on assessment costs can be found on the Security Assessment Process page, found here.