Electricity Registration Data Interface Code of Connection

Transcription

1 Electricity Registration Data Interface Code of Connection Author: DCC Version: v Date: 04/08/201421/07/ July 27 March 2014 Page 1 of 32

2 Contents 1 Introduction Document Purpose Document Scope d documents Principles Policies and Standards Policies Standards Security standards to be adopted Governance Commitment Statement Organisational Commitment Statement s General Electricity Registration Data Provider s DCC s Connection Mechanisms Electricity Registration Data Provider s DCC s DCC User Gateway Equipment and Connections Electricity Registration Data Provider s DCC s Certificate and Key Management Electricity Registration Data Provider s DCC s Registration Data Processing Electricity Registration Data Provider s Page 2 of 32

3 6.5.2 DCC s Technical infrastructure Electricity Registration Data Provider s DCC s Security Electricity Registration Data Provider s DCC s Managing Demand Capacity Management Operating Profile & Schedule Appendix A RDP Specific Templates Nominated Code of Connection owner Responsible Officer Deputy Responsible Officer Contact for disaster recovery Connection Options Failover Options SFTP Services Appendix B Glossary and Definitions Revision History... Error! Bookmark not defined.30 Approvals... Error! Bookmark not defined.31 Distribution... Error! Bookmark not defined.32 Page 3 of 32

4 1 Introduction 1.1 Document Purpose The purpose of this document is to define the Electricity Registration Data Interface Code of Connection that will apply to the Electricity Registration Data Interface, defining the obligations for Registration Data Providers (RDPs) using this interface to the DCC Systems, and the obligations of the DCC to Registration Data Providers regarding this interface. This document enables the DCC to make the Electricity Registration Data Interface available to Electricity Registration Data Providers. The Electricity Registration Data Interface enables a suitably authorised Registration Data Provider to exchange Registration Data with the DCC in order that it can be used for Smart Metering Systems access control and billing purposes. 1.2 Document Scope This document details the responsibilities respons ibilities of the DCC and RDPs in relation to interactions on the Electricity Registration Data Interface. Formatted: Font color: Auto 1.3 d documents Document Title Issue Dated Electricity Registration Data Interface Specification Smart Energy Code Stage 2: Decision Version Registration Data Incident Management Policy /08/04 TBC 2014/01/30 TBC DCCKI Certificate Policy TBC TBC DCC Services Catalogue TBC TBC DCCKI Registration Authority Policy and Procedures TBC Table 1 d Documents TBC Page 4 of 32

5 2 Principles This document is subsidiary to the obligations in the SEC, and the SEC includes an obligation (E2.8) for users of the Electricity Registration Data Interface to conform to the terms of this Code of Connection, the Electricity Registration Data Interface Code of Connection. This Electricity Registration Data Interface Code of Connection shall be signed by the Electricity Network Operator. Where the Electricity Network Operator delegates responsibility to a Nominated Registration Data Provider, the Electricity Network Operator shall be responsible for ensuring that the Nominated Registration Data Provider adheres to the content of this Electricity Registration Data Interface Code of Connection. s in this Electricity Registration Data Interface Code of Connection include provision of information and commitment to conform to policies, standards and procedures. The Electricity Network Operator shall provide information as described in Appendix A. This information shall not be included in the signed version of this Electricity Registration Data Interface Code of Connection, the details shall be gathered and maintained by separate processes documented in the DCC Service Management Framework, so that it will not be necessary to re-sign the Electricity Registration Data Interface Code of Connection if the details change. Commercial terms and conditions for ordering and operating connections to the Electricity Registration Data Interface are not defined in this document; they are documented in the DCC Services Catalogue, which is part of the DCC Service Management Framework. Technical details of the use of the Electricity Registration Data Interface are not defined in this document; they are documented in the Electricity Registration Data Interface Specification. Page 5 of 32

6 3 Policies and Standards 3.1 Policies Conformance to policies and processes listed in the SEC is required, and conformance to the DCCKI Certificate Policy is required. 3.2 Standards Conformance to standards listed in the SEC is required Security standards to be adopted SEC obligations include meeting security standards, as described in Section G of the SEC, and the obligations of this Electricity Registration Data Interface Code of Connection, which include specific security obligations relevant to the Electricity Registration Data Interface. SEC Section E2.13 contains specific guidance to RDPs about applicable security obligations from SEC Section G. All of the security requirements for connecting to DCC Systems are intended to minimise the risks to the DCC Systems infrastructure and its Electricity Registration Data Providers. The DCC Systems central infrastructure shall be certified against ISO and shall be subject to certification using a UKAS-certified auditing body. The risks faced by the DCC Systems shall be managed centrally by the DCC. A fundamental prerequisite to approval of an Electricity Registration Data Provider to connect to the DCC Systems is that the connecting organisation has reliably identified and appropriately managed all risks associated with all information systems and services that interact with the DCC services as part of the process for signing this Electricity Registration Data Interface Code of Connection document. Risks to information assets and services are normally identified by determining: the vulnerabilities within or around the system or service; the threats that are in a position to exploit those vulnerabilities; the impact of any resulting compromises. It is expected that any such risk assessment, conducted by connecting Electricity Registration Data Providers, shall be aligned with well-established assessment models, such as ISO Page 6 of 32

7 4 Governance This document is subsidiary to the SEC, and is maintained using the governance processes used for the SEC. The SEC includes an obligation (E2.8) to conform to the terms of this Electricity Registration Data Interface Code of Connection. This Electricity Registration Data Interface Code of Connection shall be approved as part of SEC approval processes, and maintained according to modification processes for future revisions of SEC. Agreement to conform to the Electricity Registration Data Interface Code of Connection is indicated by the Electricity Network Operator signing the commitment statement in section 5. The processes for returning the signed page are agreed and documented in the DCC Service Management Framework. Conformance to this Electricity Registration Data Interface Code of Connection must be reconfirmed at least annually by Electricity Network Operators by re-signing the document. Non-conformance of either the DCC or Electricity Registration Data Providers with this Electricity Registration Data Interface Code of Connection shall be raised to the SEC Panel. Issue management and resolution shall be handled by processes defined in SEC, including but not limited to M7 Dispute Resolution. Any potential sanctions on the DCC or Electricity Network Operator shall be handled by processes defined in SEC, including but not limited to M8 Suspension Expulsion and Withdrawal. Page 7 of 32

8 5 Commitment Statement Note: To be signed by Electricity Network Operators who wish to use the Electricity Registration Data Interface. A scanned image of this page, correctly signed in ink by an authorised representative, is acceptable. 5.1 Organisational Commitment Statement This Commitment is made to DCC and is entered into on: Date: Electricity Network Operator (organisation name) Full Postal Address Company/ Registration Number: The Electricity Network Operator confirms that: The Electricity Network Operator wishes to use or wishes to authorise a Nominated Registration Data Provider to use the Electricity Registration Data Interface and the Electricity Network Operator or their Nominated Registration Data Provider complies with the obligations of this Electricity Registration Data Interface Code of Connection. The Electricity Network Operator or their Nominated Registration Data Provider agrees to maintain compliance with the obligations of this Electricity Registration Data Interface Code of Connection as long as it continues to use the Electricity Registration Data Interface. Authorised Signatory Contact Details Name: Position: Telephone No: Date: Signed: Page 8 of 32

9 Nominated Registration Data Provider Contact Details Nominated Registration Data Provider (organisation name) Name: Position: Telephone No: Date: Page 9 of 32

10 6 s 6.1 General Electricity Registration Data Provider s ER_GEN_RDP1 ER_GEN_RDP2 ER_GEN_RDP3 The Electricity Registration Data Provider using the Electricity Registration Data Interface shall conform to the Electricity Registration Data Interface Specification and maintain compliance with it at all times. Each Electricity Registration Data Provider shall inform the DCC of a Nominated Code of Connection owner, providing the information shown within Appendix A Section 1 of this Electricity Registration Data Interface Code of Connection document, and shall inform the DCC if there are any changes to the primary contact details. Electricity Registration Data Providers shall identify noncompliance with the Electricity Registration Data Interface Code of Connection in their use of the Electricity Registration Data Interface, take action to resolve the issues, and report it to the DCC. Table 2 Electricity Registration Data Provider s - General DCC s ER_GEN_DCC1 ER_GEN_DCC2 ER_GEN_DCC3 ER_GEN_DCC4 The DCC when using the Electricity Registration Data Interface shall conform to the Electricity Registration Data Interface Specification and maintain compliance with it at all times. The DCC shall provide technical and contact details to Electricity Registration Data Providers to enable them to use the Electricity Registration Data Interface, on request and according to processes documented in the DCC Service Management Framework. The DCC shall identify non-compliance with the Electricity Registration Data Interface Code of Connection by users of the Electricity Registration Data Interface and report it to the SEC Panel. The DCC shall identify non-compliance with the Electricity Registration Data Interface Code of Connection by the DCC Page 10 of 32

11 and report it to the SEC Panel. Table 3 DCC s - General 6.2 Connection Mechanisms Electricity Registration Data Provider s ER_CM_RDP1 ER_CM_RDP2 ER_CM_RDP3 ER_CM_RDP34 ER_CM_RDP45 ER_CM_RDP56 ER_CM_RDP67 Each Electricity Registration Data Provider shall inform the DCC of their Means of Connection option choices, providing the information shown within Appendix A Section 5 of this Electricity Registration Data Interface Code of Connection, and shall inform the DCC of any changes to these choices. Any organisation that is participating in DCC Services in another role in addition to RDP may choose to share the physical connection to the DCC User Gateway that has been purchased for use in that other role, instead of using one provided by the DCC for RDP use. In this case, the connection options selected for that other role must be at least equivalent to the Low volume configuration described in the Electricity Registration Data Interface Specification in terms of bandwidth and availability. If an RDP is using a High Volume Connection, which is scalable and allows an RDP to increase their bandwidth when required without the need for additional site surveys or access to data centres, then any adjustment in bandwidth shall be agreed and managed via the DCC. An RDP shall not use Low Vvolume connections provisioned for the RDPs for any purpose other than the Electricity Registration Data Interface. If the Electricity Registration Data Provider is sharing physical Electricity Registration Data Interface facilities between live and test systems then the Electricity Registration Data Data Provider shall ensure that testing activity does not impair their ability to use the the Electricity Registration Data Interface for live data. The Electricity Registration Data Provider shall ensure that test security credentials and data are only used in the Electricity Registration Data Interface facilities designated for test purposes and not in the live Electricity Registration Data Interface facilities. The Electricity Registration Data Provider shall enable the DCC to conduct a site survey of locations where the Electricity Registration Data Provider has requested installation of DCC User Gateway Equipment. Page 11 of 32

12 ER_CM_RDP78 For each location where a site survey is to be carried out, the Electricity Registration Data Provider shall provide contact details of a suitable technical person with knowledge of the site, and shall ensure that sufficient access and information is available to the DCC at the time of the site survey to investigate the following topics regarding the suitability of potential locations for installation of DCC User Gateway Equipment and connections to the Electricity Registration Data Interface: Internal cabling routes for connecting DCC User Gateway Equipment; availability & distance of power supply for connecting DCC User Gateway Equipment; position and availability of rack space for connecting DCC User Gateway Equipment; availability of spare fibre to the building for connecting DCC User Gateway Equipment; any requirements for civil engineering work to support the installation of new communication links; any requirements for wayleaves from landlord to support the installation of new communication links; any requirements for local government licences to support the installation of new communication links; availability of capacity on existing hardware (applicable only to upgrades to existing DCC User Gateway Equipment). Table 4 Electricity Registration Data Provider s - Connection Mechanisms DCC s ER_CM_DCC1 ER_CM_DCC2 The DCC shall provision and be responsible for a Low Volume connection to the RDP s primary location and for a Backup Only connection to both the RDP s primary location and a secondary location for disaster recovery purposes, unless an RDP which is also participating in Services in another role elects to share the physical connection to the DCC User Gateway that has been purchased for use in that other role. As part of the connection to the Electricity Registration Data Interface, the DCC shall provide and maintain the terminating DCC User Gateway Equipment within the Page 12 of 32

13 Electricity Registration Data Provider s location(s). ER_CM_DCC3 ER_CM_DCC4 ER_CM_DCC5 The DCC shall conduct a site survey of locations where Electricity Registration Data Providers have requested connection to the Electricity Registration Data Interface. After an Electricity Registration Data Provider makes a request for connection to the Electricity Registration Data Interface the DCC shall conduct site surveys in a timely manner as specified in the DCC Services Catalogue. The DCC shall give the Electricity Registration Data Provider results of a site survey in a timely manner as specified in the DCC Services Catalogue. The output from the site survey shall provide: The time required for supplying Electricity Registration Data Interface service to the Electricity Registration Data Provider; the confirmed cost of supplying Electricity Registration Data Interface service to the Electricity Registration Data Provider, except where the Electricity Registration Data Provider has elected to use the DCC-provided connection option; confirmed details of the expected connection speeds (for FTTC and backup options); technical details specific to the connection including IP addresses and firewall configurations; details of how the Electricity Registration Data Provider shall configure their own translation of IP address scheme to match the DCC IP address range; how VLAN connections will be setup and implemented; how testing will be managed across connections; which ports will be used on the DCC User Gateway Equipment; failover plans from primary to backup links; any actions required from the Electricity Registration Data Provider arising from investigations into the following topics: internal cabling routes for connecting DCC User Gateway Equipment; availability & distance of power supply for connecting DCC User Gateway Equipment; position and availability of rack space for connecting DCC User Gateway Equipment; availability of spare fibre to the building for connecting DCC User Gateway Equipment; any requirements for civil engineering work to Page 13 of 32

14 support the installation of new communication links; any requirements for wayleaves from landlord to support the installation of new communication links; any requirements for local government licences to support the installation of new communication links; availability of capacity on existing hardware hardware (applicable only to upgrades to existing DCC User Gateway Equipment). ER_CM_DCC6 The DCC shall enable separate test connections for access to the Electricity Registration Data Interface test services. This test connection can be provided over the same physical connection as the main services and shall be subject to the same authentication and security requirements as described in this Electricity Registration Data Interface Code of Connection, albeit using separate test systems and security credentials to establish the test connection. Table 5 DCC s - Connection Mechanisms 6.3 DCC User Gateway Equipment and Connections This section covers equipment and connections for accessing the Electricity Registration Data Interface which is provided to Electricity Registration Data Providers by the DCC. The high level obligations and responsibilities around this equipment are described in SEC Section H3 DCC User Gateway Equipment Electricity Registration Data Provider s ER_EQ_RDP1 ER_EQ_RDP2 ER_EQ_RDP3 The Electricity Registration Data Provider shall provide location(s) for installation of DCC User Gateway Equipment which are in accordance with the security requirements of the DCC and SEC. The Electricity Registration Data Provider shall provide the DCC reasonable access to location(s) where the of DCC User Gateway Equipment will be installed, including for the installation, maintenance or removal of the DCC User Gateway Equipment. The Electricity Registration Data Provider shall accept that during the installation of the DCC User Gateway Equipment the Electricity Registration Data Provider may, in unusual circumstances, suffer temporary interference to other telecommunications services received at the Electricity Registration Data Provider location, which shall be reinstated Page 14 of 32

15 ER_EQ_RDP4 ER_EQ_RDP5 ER_EQ_RDP6 ER_EQ_RDP7 ER_EQ_RDP8 ER_EQ_RDP9 ER_EQ_RDP10 ER_EQ_RDP11 following installation. Prior to the DCC User Gateway Equipment being installed the Electricity Registration Data Provider shall implement recommendations as indicated in the DCC s site survey, which may include but not limited to obtaining consents for any necessary alterations to buildings for installation of the DCC User Gateway Equipment, taking up or removing fitted or fixed floor coverings, ceiling tiles, suspended ceiling and partition covers, or the provision of additional electricity and connection points. The Electricity Registration Data Provider shall accept that the DCC is not responsible for any making good or decorator's work required after installation or maintenance work by the DCC. The Electricity Registration Data Provider shall provide electricity and connection points required by the DCC for network equipment, as documented in the site survey. The Electricity Registration Data Provider shall notify the DCC in a timely manner if the DCC User Gateway Equipment is not operating correctly or a fault is suspected. The Electricity Registration Data Provider shall ensure that no person other than the DCC will provide any maintenance services in respect to the DCC User Gateway Equipment and Network Software, without prior permission from the DCC. The Electricity Registration Data Provider shall provide local access to the DCC to DCC User Gateway Equipment installed at an Electricity Registration Data Provider location for maintenance of the DCC User Gateway Equipment which cannot be carried out remotely by the DCC using the network connection itself. The Electricity Registration Data Provider shall act reasonably in cooperation with the DCC s personnel in diagnosis investigation and correction of any fault or suspected fault in the DCC User Gateway Equipment and the Network Software. The Electricity Registration Data Provider shall make available to the DCC free of charge all information, facilities and services reasonably required by the DCC in relation to the DCC User Gateway Equipment to enable DCC to perform the Services. Table 6 Electricity Registration Data Provider s DCC User Gateway Equipment DCC s Page 15 of 32

16 ER_EQ_DCC1 ER_EQ_DCC2 ER_EQ_DCC3 ER_EQ_DCC4 ER_EQ_DCC5 ER_EQ_DCC6 ER_EQ_DCC7 ER_EQ_DCC8 ER_EQ_DCC9 The DCC shall use its reasonable endeavours to comply with the Electricity Registration Data Provider's reasonable requests in respect of installation but the final decision on the routing of cables and wires and the positioning of outlets and other apparatus constituting the DCC User Gateway Equipment shall be at the discretion of the DCC. The DCC may vary the technical specification of the DCC User Gateway Equipment where necessary for operational reasons provided such variation does not materially diminish the quality or speed of the Electricity Registration Data Interface and after giving reasonable notice to the Electricity Registration Data Provider except in the case of emergencies where notice is not reasonably practicable. If the DCC User Gateway Equipment for an initial installation is to be different from items listed in the DCC Services Catalogue this will be fully defined as part of the site survey. Any variation of specification of alreadyinstalled equipment that is deemed necessary will be handled in accordance with the Registration Data Incident Management Policy. The DCC shall use its reasonable endeavours to minimise interference to other telecommunications services received at the Electricity Registration Data Provider location during the installation of the DCC User Gateway Equipment. The DCC shall ensure the continued operation of DCC User Gateway Equipment in accordance with the DCC Service Management Framework. The DCC shall resolve issues arising from faults in DCC User Gateway Equipment in accordance with the Registration Data Incident Management Policy. The DCC shall wherever possible carry out maintenance of the DCC User Gateway Equipment installed at an Electricity Registration Data Provider location remotely, using the network connection itself to gain access to the DCC User Gateway Equipment. The DCC shall give the Electricity Registration Data Provider reasonable notice of required site visits. The DCC shall conform to policies regarding times of day of site visits as defined in the DCC Services Catalogue for installations and the DCC Service Management Framework for any other required visits. Table 7 DCC s DCC User Gateway Equipment Page 16 of 32

17 6.4 Certificate and Key Management This section covers obligations regarding Certificates and keys. Processes are described in more detail in the Electricity Registration Data Interface Specification Electricity Registration Data Provider s ER_CKM_RDP1 ER_CKM_RDP2 ER_CKM_RDP3 ER_CKM_RDP4 The Electricity Registration Data Provider shall comply with the DCC s Certificate Policy for DCCKI with respect to the associated Certificates and keys. The Electricity Registration Data Provider shall appoint and notify to DCC a Responsible Officer as specified in the RAPP (Registration Authority Policy and Procedures) for the DCCKIThe Electricity Registration Data Provider shall provide details of an individual who is responsible for service related cryptographic operations as part of the DCCKI on boarding process, and inform DCC of any role changes. This is referred to as the Crypto Owner role. The details required are shown in Appendix A Section 2 of this Electricity Registration Data Interface Code of Connection. Where an Electricity Registration Data Provider is an SMKI consumer then this may be the same individual providing commensurate services in support of the SMKI Certificate Authority. Where an Electricity Registration Data Provider is also using other DCC services they may use the same Crypto Owner for all services. The details required are shown in Appendix A Section 2 of this Electricity Registration Data Interface Code of Connection. The Electricity Registration Data Provider may elect to appoint a Deputy Responsible Officer who can deputise for the Responsible Officer, in which case notification shall be provided to the DCC. The details required are shown in Appendix A Section 3 of this Electricity Registration Data Interface Code of Connection.The Electricity Registration Data Provider shall provide details of a Deputy Crypto Owner who can deputise for the Crypto Owner, supplying the details indicated in Appendix A Section 3 of this Electricity Registration Data Interface Code of Connection. The Electricity Registration Data Provider shall ensure that individuals assigned to the Crypto OwnerResponsible Officer and Deputy Crypto OwnerResponsible Officer roles are competent trained in the cryptographic technology in use and in the Electricity Registration Data Provider s own policies and procedures which ensure compliance with this Electricity Registration Data Interface Code of Connection and the DCCKI Certificate Policy. Page 17 of 32

18 ER_CKM_RDP5 ER_CKM_RDP6 ER_CKM_RDP7 ER_CKM_RDP8 ER_CKM_RDP9 ER_CKM_RDP10 The Electricity Registration Data Provider shall maintain an SFTP server for use with the DCCKI Gateway in accordance with the usage of the DCCKI Gateway described in the Electricity Registration Data Interface SpecificationSS..The Electricity Registration Data Provider Crypto Owner shall ensure correct and secure processes are in place and audited for generation and storage of the key pairs on which DCC services rely, conforming to the Electricity Registration Data Interface Specification, within a secure manner proportional to their ISO27005 aligned risk treatment and the requirements of SEC. The Electricity Registration Data Provider shall issue a Certificate Signing Request for the key pairs they have generated in support of the Electricity Registration Data Interface service to the DCCKI Certificate Authority, in accordance with the DCCKI Certficate Policy, for public keys for TLS communications and for Registration Data File Signing.The Electricity Registration Data Provider Crypto Owner shall follow the processes for requesting and supplying Certificates as defined in the Electricity Registration Data Interface Specification. The Electricity Registration Data Provider shall ensure that any datastore / cache it uses for keeping copies of public key Certificates delivered to it by the DCC is maintained in an accurate and up to date state. Electricity Registration Data Providers shall ensure that Private Keys generated in support of the Electricity Registration Data Interface are protected from interference or exposure in a manner proportional to their ISO27005 aligned risk treatment and in concordance with SEC and the Electricity Registration Data Interface Specification. The Electricity Registration Data Provider Crypto Owner shall ensure that prior to the expiry of an Electricity Registration Data Provider s Certificate a replacement key is generated and Certificate obtained, in conformance with the Electricity Registration Data Interface Specification, and in a timely manner as described in the DCCKI Certificate Policy, in order to ensure continuous service. The Electricity Registration Data Provider Crypto Owner shall notify the DCC CA if there is any concern that a Private Key has been compromised. This shall be raised as an incident in accordance with the Registration Data Incident Management Policy. Table 8 Electricity Registration Data Provider s - Certificate and Key Management Page 18 of 32

19 6.4.2 DCC s ER_CKM_DCC1 ER_CKM_DCC2 ER_CKM_DCC3 ER_CKM_DCC4 ER_CKM_DCC5 ER_CKM_DCC6 The DCC DCCKI Certificate Authority DCCKI shall publish a Certificate Policy defining the policy that must be applied to the Certificates that they issue and associated keys. The DCC shall comply with the DCC s Certificate Policy for DCCKI with respect to their associated Certificates and keys. The DCC shall make the DCCKI Gateway available to Electricity Registration Data Providers, enabling Electricity Registration Data Providers to use this connection as specified in the the GasElectricity Registration Data Interface Design Specification.The DCC shall provide details on request of the DCC Crypto Owner and deputisation arrangements to Electricity Registration Data Providers to use for delivery of Certificates and keys, providing these details according to the DCC Service Management Framework. The DCC shall provide access to Electricity Registration Data Providers to relevant public Certificates and and Certificate Revocation Listskeys, as defined in the Electricity Registration Data Interface Specification. [The interface to public Certificates and keys is a subject of SEC3 consultation.] The DCC Crypto OwnerResponsible Officer shall ensure that prior to the expiry of a DCC Certificate a replacement key is generated and Certificate obtained, in conformance with the Electricity Registration Data Interface Specification, and in a timely manner as described in the DCC Service Management Framework, in order to ensure continuous service. The DCC Crypto Owner shall notify relevant Electricity Registration Data Providers if there is any concern that a Private Key has been compromised. This shall be raised as an incident in accordance with the Registration Data Incident Management Policy. Table 9 DCC s - Certificate and Key Management 6.5 Registration Data Processing This section covers registration data processing, including capacity management Electricity Registration Data Provider s Page 19 of 32

20 ER_RDP_RDP1 ER_RDP_RDP2 ER_RDP_RDP3 ER_RDP_RDP4 Each RDP shall commit to ensuring that the data they provide to the DCC is a true and accurate reflection of the information they have been provided with in relation to each meter point and any associated organisations (Supplier, Network Operator or Meter Operator). The Electricity Registration Data Provider shall produce an update file corresponding to every working day even if there are no updates from a Registration Data Provider, in order to enable the DCC to distinguish between situations when zero updates are required and those when an update file is not received (the latter being an error scenario). Before commencing service RDPs shall provide size estimates for the average daily registration data files. In addition, and where possible, RDPs shall also provide an estimate of the size of a full refresh file. The RDP shall inform the DCC in advance of sending daily registration data files which are a significant deviation from normal expected daily registration data files volumes. A significant deviation would be considered to be an occasion where the volume of records requires an RDP to split the data into multiple files due to file size restrictions within its software. Such occasions will be managed in accordance with the Registration Data Incident Management Policy. Table 10 Electricity Registration Data Provider s - Registration Data Processing DCC s ER_RDP_DCC1 Each calendar day the DCC Systems shall push files containing DCC Status updates to each RDP for the relevant MPANs registered with that RDP, according to schedules and practices defined in the Electricity Registration Data Interface Specification. ER_RDP_DCC2 The DCC shall perform Threshold Anomaly Detection as defined in the Electricity Registration Data Interface Specification. ER_RDP_DCC3 The DCC shall monitor usage in the live service and ensure that suitable capacity is provided for the RDP. Table 11 DCC s - Registration Data Processing 6.6 Technical infrastructure Page 20 of 32

21 6.6.1 Electricity Registration Data Provider s ER_TI_RDP1 ER_TI_RDP2 ER_TI_RDP3 ER_TI_RDP4 ER_TI_RDP5 The RDP shall provision and configure its own SFTP servers for use for registration data, and shall be responsible for operation and housekeeping of its SFTP staging platform used to receive files from the DCC. The RDP shall be responsible for providing the SFTP service details described in Appendix A Section 7 to the DCC, and providing updates to the DCC if the information changes. The RDP shall inform the DCC of the configuration required to access RDP System at both the Primary and alternate secondary locations (where appropriate), and shall inform the DCC if there are any changes to the details. The information required is listed in Appendix A Section 6 of this Electricity Registration Data Interface Code of Connection. The RDP shall inform the DCC of contact details of a person responsible in the event of an incident requiring the use of a secondary location, and shall inform the DCC if there are any changes to the details. The information required is listed in Appendix A Section 3 of this Electricity Registration Data Interface Code of Connection. The RDP shall inform the DCC in advance of any expected outages in availability of its Electricity Registration Data Interface services. The method for informing the DCC of outages shall be defined as part of the Registration Data Incident Management Policy. Table 12 Electricity Registration Data Provider s - Technical Infrastructure DCC s ER_TI_DCC1 ER_TI_DCC2 The DCC shall notify RDPs in advance of any planned outages to the Electricity Registration Data Interface. The method for informing the RDP of outages shall be defined as part of the Registration Data Incident Management Policy. The DCC shall provide service continuity (whether as a result of failure of an individual component within the Live service location, or complete failover of DCC services to a secondary location) without requiring a change in access arrangements by RDPs. In every case, the Internet Protocol (IP) address of the service shall remain constant. Table 13 DCC s - Technical Infrastructure Page 21 of 32

22 Page 22 of 32

23 6.7 Security Electricity Network Operators and the DCC are required to ensure that they are compliant to SEC Section G as part of the process for signing this DCC Electricity Registration Data Interface Code of Connection document Electricity Registration Data Provider s ER_SEC_RDP1 The Electricity Registration Data Provider shall comply with all the obligations as detailed within SEC Section G. Table 14 Electricity Registration Data Provider s security DCC s ER_SEC_DCC1 The DCC shall comply with all the obligations as detailed within SEC Section G. Table 15 DCC s - security Page 23 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

24 7 Managing Demand 7.1 Capacity Management The DCC will ensure that the network link provided to RDPs will be sufficiently scaled to enable the exchange and processing of these files within the agreed operational targets. In order to assist with this, and where possible, RDPs will provide size estimates for the average daily registration data files based on at least 30 days of live data, with the earliest file being no older than one calendar month. In addition, and where possible, RDPs will also provide an estimate of the size of a full refresh file. The DCC will monitor usage in the live service and ensure that suitable capacity is provided for the RDP. If an RDP is aware of a situation that will lead to a significant deviation from these normal expected volumes, they should inform the DCC in advance of sending those files. A significant deviation would be considered to be an occasion where the volume of records requires an RDP to split the data into multiple files due to file size restrictions within its software. Such occasions will be managed in accordance with the Registration Data Incident Management Policy. 7.2 Operating Profile & Schedule The expected daily processing timelines for electricity are summarised in the following diagrams: Figure 1 Registration Data Expected Daily Processing Schedule - Electricity The milestones shown as Latest time for completion are the very latest time by which these tasks are expected to be completed. Wherever possible, these tasks will be completed earlier and always at the earliest opportunity. This will ensure that the Registration Data is as accurate as it can be, with minimal time lag against industry registration data changes. Page 24 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

25 NB DCC works to UTC and therefore all times stated are UTC. Page 25 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

26 Appendix A RDP Specific Templates This appendix has templates showing values and particulars to the Electricity Registration Data Interface Code of Connection which will need to be supplied by each specific RDP. Details specific to an Electricity Registration Data Provider are not themselves part of the Electricity Registration Data Interface Code of Connection, it is only the obligation to provide them that is part of the Electricity Registration Data Interface Code of Connection, so the Electricity Registration Data Provider will not populate this page, the data will be gathered by a different process to be agreed under the DCC Service Management Framework. 1. Nominated Code of Connection owner Name Data required Name <Contact name> <Contact > Telephone <Contact telephone> Role <Contact role> Table 16 Nominated owner details 2. Crypto OwnerResponsible Officer Name Data required Name Telephone Role Type of HMG grade photographic identity document, such as Passport or Driving Licence number for the HMG grade photographic identity document <Contact name> <Contact > <Contact telephone> <Contact role> <Document type> <Document reference number> Table 17 Crypto OwnerResponsible Officer details 3. Deputy Crypto OwnerResponsible Officer Name Data required Name <Contact name> Page 26 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

27 Name Data required Telephone Role Type of HMG grade photographic identity document, such as Passport or Driving Licence number for the HMG grade photographic identity document <Contact > <Contact telephone> <Contact role> <Document type> <Document reference number> Table 18 Deputy Crypto OwnerResponsible Officer details 4. Contact for disaster recovery Name Data required Name <Contact name> <Contact > Telephone <Contact telephone> Role <Contact role> Table 19 Disaster recovery contact details 5. Connection Options Name Data required Primary Line < Connection option selected > Secondary Line < Connection option selected > Backup Line (to primary location) Backup Line (to secondary location) 6. Failover Options Table 20 Connection details < Connection option selected > < Connection option selected > Name Primary Line configuration Data required <configuration details> Page 27 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

28 Name Data required Primary Line failover Backup Line (primary location) configuration Backup Line (primary location) failover Backup Line (secondary location) configuration Backup Line (secondary location) failover 7. SFTP Services Table 21 Failover option details Manual/Automatic < configuration details> Manual/Automatic < configuration details> Manual/Automatic Name Data required Dedicated Target IP Address < IP Address > DCC DNS Server Name < server name > DCC Delivery Directory < directory > RDP DNS Server Name < server name > RDP Delivery Directory < directory > Alternate RDP DNS Server Name (if required for secondary location) Alternate RDP Delivery Directory (if required for secondary location) Table 22 SFTP services details < server name > < directory > Page 28 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

29 Appendix B Glossary and Definitions Definitions from SEC This table contains definitions copied from SEC of SEC terms used in this document. Term Certificate Certificate Policy DCC DCC Systems DCC User Gateway DCC User Gateway Equipment DCC User Gateway Means of Connection Device Electricity Registration Data Interface Code of Connection Electricity Registration Data Interface Specification Incident Management Incident Management Policy Meaning as defined in SEC means a Device Certificate, DCA Certificate, Organisation Certificate or OCA Certificate. means either the Device Certificate Policy or the Organisation Certificate Policy. means, subject to Section M9 (Transfer of DCC Licence), the holder from time to time of the DCC Licence. In accordance with Section A2.1(l), references to the DCC shall (where applicable) include references to the DCC Service Providers with whom the DCC has contracted in order to secure performance of its obligations under this Code. means the Systems used by the DCC and/or the DCC Service Providers in relation to the Services and/or this Code, including the SM WAN but excluding the Communications Hub Functions. means, in respect of each DCC User Gateway Means of Connection, the code of connection applicable to that means of connection, each of which is set out as a SEC Subsidiary Document in Appendix [TBC]. means the computer hardware and other equipment forming part of the DCC System that is (or is to be) located within each User s premises in order to enable that User to access the DCC User Gateway. means one of the technology solutions provided by the DCC for Users to enable connection of Users to the DCC User Gateway, as further described in the DCC User Gateway Code of Connection means one of the following individual devices: (a) an Electricity Smart Meter; (b) a Electricity Smart Meter; (c) a Communications Hub Function; (d) a Electricity Proxy Function; (e) a Pre-Payment Interface; (f) an Auxiliary Load Control; and (g) any Type 2 Device. means the SEC Subsidiary Document of that name to be incorporated into this Code pursuant to Section X5 (Incorporation of Certain Documents into this Code). means the SEC Subsidiary Document of that name to be incorporated into this Code pursuant to Section X5 (Incorporation of Certain Documents into this Code). means a framework of processes designed to identify, raise, allocate responsibility for, track and close Incidents. means the SEC Subsidiary Document of that name set out in Appendix [TBC]. Page 29 of 32 25/07/2014 v /03/2014 v1.1 Formatted: Border: Top: (No border)

30 Term Meter Operator Panel Private Key Registration Authority Policy and Procedures Registration Data Registration Data Incident Management Policy Registration Data Provider RDP Systems Services Threshold Anomaly Detection Meaning as defined in SEC has the meaning given to that expression in the MRA. means the body established as such in accordance with Section C2.1 (Establishment of the Panel). means the private part of an asymmetric Key Pair used for the purposes of public key encryption techniques means the SEC Subsidiary Document of that name set out in Appendix D, which is originally to be developed pursuant to Sections L9.5 to L9.6 (the Registration Authority Policies and Procedures: Document Development). has the meaning given to that expression in Section E1 (Reliance on Registration Data). means the SEC Subsidiary Document of that name to be incorporated into this Code pursuant to Section X5 (Incorporation of Certain Documents into this Code). means: (a) in respect of each Electricity Distributor, the person nominated in writing to the DCC from time to time by that Electricity Distributor; or (b) in respect of each Electricity Transporter, the person nominated in writing to the DCC from time to time by that Electricity Transporter, on the basis that more than one Party may specify the same Registration Data Provider, and that the Electricity Distributor or the Electricity Transporter shall be deemed to have so nominated itself in the absence of any other nomination. means any Systems: (a) which are operated by or on behalf of an Electricity Distributor or Gas Transporter responsible for providing (or procuring the provision of) Registration Data in respect of a particular MPAN or MPRN; and (b) which are used wholly or partly for the collection, storage, Back-Up, processing or communication of that Registration Data prior to, or for the purposes of, its provision to the DCC over the Registration Data Interface. means the services provided, or to be provided, by the DCC pursuant to Section H (DCC Services) or Section L (Smart Metering Key Infrastructure), including pursuant to Bilateral Agreements. means, in respect of each User, a process for detecting whether the number of messages (in general or of a particular type) sent, received or processed by the DCC in relation to that User over such period of time as the DCC may have agreed with the User exceeds any agreed threshold number. [DCC Threshold Anomaly Detection to be further developed as part of SEC4.] Additional Definitions This table contains definitions of terms used in this document which are not in SEC. Page 30 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

31 Term Crypto Owner DCCKI Certificate Policy Deputy Crypto OwnerResponsible Officer Responsible Officer Site Survey Definition An individual who is responsible for Services cryptographic operations which are required to conform to the DCCKI and/or SMKI policies. The DCCKI Certificate Policy shall define the roles and duties of participants in the DCCKI, including Electricity Registration Data Providers. An individual who can act as a deputy to the Crypto OwnerResponsible Officer. An individual who is responsible for Services cryptographic operations which are required to conform to the DCCKI and/or SMKI policies. Review of the location information and technical details provided on the DCC User Gateway order form for the purpose of evaluating the feasibility of connecting the RDP location(s) to the DCC User Gateway network using the Connection Mechanisms requested. The evaluation and analysis may, especially for High Volume connections, require a physical visit to the location(s) in order to ensure that the DCC can adequately provide the Services. Should a physical visit be required, the User will be informed prior to confirmation of order. Glossary Acronym BS CESG CHECK CISO CoCo CREST CRL DCC DCCKI DR DSP EFD ETD FTP Definition British Standard Communications Electronic Security Group, the UK Government's National Technical Authority for Information Assurance UK government IT Health Check Service Chief Information Security Officer Code of Connection A not for profit organisation for the information security industry Certificate Revocation List Data Communications Company Data Communications Company Key Infrastructure Disaster Recovery Data Services Provider (CGI) Effective From Date Effective To Date File Transfer Protocol FTTC Fibre To The Cabinet GPG HMG CESG Good Practice Guide Her Majesty s Government Page 31 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1

32 Acronym ICT IP ISMS ISO IT MOP MPAN MPRS MRASCo PEP PKCS RAPP RDP SECCo SFTP SMKI TLS U UFDS UKAS UPRN UTC VPLS WD WIP Definition Information & Communications Technology Internet Protocol Information Security Management System International Organization for Standardization Information Technology Meter Operator Metering Point Administration Number Metering Point Registration System Master Registration Agreement Service Company Policy Enforcement Point Public-key cryptography standards Registration Authority Policy and Procedures Registration Data Provider Company established to facilitate the operation of the SEC Secure File Transfer Protocol Smart Meter Key Infrastructure Transport Layer Security Rack Unit User File Design Specification United Kingdom Accreditation Service Unique Property Number Coordinated Universal Time Virtual Private LAN Service Working Days Work In Progress Table 23 Glossary Formatted Table Page 32 of 32 Formatted: Border: Top: (No border) 25/07/2014 v /03/2014 v1.1