Q5) G3.20 continues to be an issue for Suppliers – current SEC obligations and licence conditions put MAPs in a position of power. Is this being addressed?

The SEC obligations in G3.17 to G3.20 are mitigations for identified security risks, considered necessary by the Security Sub-Committee (SSC). The SSC has provided suggested contractual wording here, which is deemed suitable for Suppliers to meet the requirements of G3.17 – G3.20. The wording was originally developed with SSC members comprising Large and Small Supplier Representatives, the User CIO and the Community of Meter Asset Providers (CMAP) and has been generally accepted by all parties. The arrangements well established for installed Devices.

The SSC is aware of some isolated issues experienced with inherited Devices and the SSC has liaised with MAPs in relation to this.

The SSC Chair and TABASC Chair will be attending the next CMAP meeting to discuss any remaining problems to ensure that arrangements continue to be suitable for G3.17 – G3.20.
Both SECAS and the SSC continue to work with Suppliers on an ad-hoc basis where concerns are raised with compliance to G3.17 – G3.20.