MRA and SPAA Secure Communications The Secure Data Exchange Portal (SDEP) Jonathan Hawkins and Neil Brinkley
Background ▪ The MRA and SPAA require that Suppliers and Networks Operators work together to resolve a number of issues that may arise during the lifecycle of a Metering Point. ▪ These include processes relating to Switching Exceptions, Prepayment Exceptions, Address Management, Disconnection, Metering Data and Settlement Exceptions. ▪ The majority of communications are managed by sending Data Flows through Data Transfer Network, however the MRA and SPAA also require operational queries and escalations to be resolved by email or telephone, which usually contain personal data. ▪ Following the implementation of the General Data Protection Regulations (GDPR) into UK law on 25 th May 2018, many MRA and SPAA parties reviewed their practices around sending personal data. This has resulted in differing methods and standards adopted by each organisation in the market, often contradicting each other, creating operational challenges in the market. MRA and SPAA 2
The Secure Communications Working Group ▪ The Secure Communications Working Group (SCWG) was established by the MRA Executive Committee (MEC) in July 2018, consisting of MRA and SPAA parties and the SPAA Code Administrator. ▪ The purpose of the SCWG was to identify a common solution to ensure the secure transfer of personal data sent between parties to satisfy their obligations in the MRA and SPAA. ▪ The SCWG decided to issue an Invitation to Tender (ITT) to potential solution providers to identify an interoperable solution for the market to communicate personal data securely that is currently sent by email. ▪ 4 responses were received and 2 potential solutions were recommended to MEC for decision, where MEC selected a solution using ECOES as a platform to enable Secure Communications between market participants. MRA and SPAA 3
Changes to the MRA ▪ MRA CP 0262 (Web based solution for sending customer information securely): ▪ Introduces new Clause 58 to the MRA ▪ Requires that MEC procure the establishment, operation and maintenance of a “Secure Data Exchange Portal” to enable market participants to exchange data. ▪ Mandates that Suppliers and Distribution Businesses use the Portal when exchanging personal data relating to Consumers, where this isn’t exchanged via another secure means (e.g. the DTN). ▪ Funded by Electricity Suppliers while in the MRA. Will be funded by all Suppliers when transferred to the Retail Energy Code (REC). ▪ Accepted by MDB on 29 th August 2019. ▪ Will be implemented 25 th June 2020. MRA and SPAA 4
Changes to the MRA ▪ MAP CP 0323 (Introduction of new MRA Agreed Procedure for the Secure Data Exchange Portal) ▪ Introduces a new MRA Agreed Procedure (MAP) to govern the establishment, operation and maintenance of the Secure Data Exchange Portal (SDEP), and the requirements for provision of access to the SDEP. ▪ Accepted by MDB on 30 th January 2020. ▪ Will be implemented on 25 th June 2020. ▪ MAP CP 0322 (Changes to existing MAPs required for the implementation of the Secure Data Exchange Portal) ▪ Proposes the consequential amendments to existing MRA Agreed Procedures to clarify that information previously sent by email should be sent using the SDEP. ▪ Accepted by MDB on 30 th January 2020. ▪ Will be implemented on 25 th June 2020. MRA and SPAA 5
Changes to the SPAA ▪ SCP 472 (Web-based solution for sending Customer information securely) makes equivalent changes to the SPAA: ▪ Mandates that Gas Suppliers only (not Gas Transporters) use the Secure Data Exchange Portal to exchange personal data relating to Consumers for named SPAA procedures. ▪ Accepted by SPAA Change Board on 10 th September 2019. ▪ Will be implemented on 26 th June 2020. ▪ SCP 485 (Consequential Amendments following SCP 472 ‘Web -based solution for sending Customer information securely’) ▪ Proposes the consequential amendments to existing SPAA Schedules to clarify that information previously sent by email should be sent using the SDEP. ▪ Accepted by SPAA Change Board on 11 th February 2020. ▪ Will be implemented on 26 th June 2020. MRA and SPAA 6
Technical Solution ▪ New module within ECOES ▪ Secure, robust, fully audited centralised GDPR compliant solution ▪ Provides a secure information exchange facility, not an enduring file storage facility ▪ Encrypted both in transit and when at rest on the servers ▪ Files will be automatically archived after 30 days of the last message sent ▪ Audit data will remain within the database, but not the content of the message or attachment ▪ No transactional charges for volume / size of messages transmitted ▪ Hosted within the ECOES Service Provider’s ISO 27001 data centres MRA and SPAA 7
SDEP Supported Business Processes Electricity Only Dual Fuel Disputed Change of Retrospective MPAD Electricity Erroneous Transfers Supplier Meter Amendments (MAP04) Disconnections Readings Smart Prepayment Debt Assignment Metering Point Change of Supply Protocol Address Management Exceptions Prepayment Customer Requested Misdirected Payments Objections Gas Only Contract Manager Queries Duplicate Meter Points Crossed Meters MRA and SPAA 8
Functionality User Management Sending Messages Receiving Messages Reporting • Each Companies • Messages can include • Users can view all • Reporting available Master attachments (photos, communications for for companies to Administration User spreadsheets, etc.) each business process monitor number of (MAU) can assign where they have been messages sent, • Escalation messages access to system users assigned permission. received, and can be escalated to within their company. assigned by each user the next level within • Messages can be and business process • Users can be assigned the message once assigned to an owner to monitor internal to individual business required response and email alerts can performance. processes and contact timescales have be configured by types (e.g. Erroneous elapsed. individual users. • Reporting available to Transfers) MRA Code • Can add a search tag • Messages can be Administrator to (MPxN, internal downloaded to monitor availability refrence, etc.) preserve locally. and use of the system. MRA and SPAA 9
Home Page / Menu MRA and SPAA 10
Sending Communications MRA and SPAA 11
Sending Communications MRA and SPAA 12
Receiving Messages MRA and SPAA 13
Receiving Messages MRA and SPAA 14
Receiving Messages MRA and SPAA 15
Receiving Messages MRA and SPAA 16
Receiving Messages MRA and SPAA 17
User Management MRA and SPAA 18
SDEP Access Agreement ▪ All Suppliers and Electricity Distributions Businesses will be required to use the SDEP from the MRA and SPAA releases in 25 th June 2020 and 26 th June 2020 respectively. ▪ Will be required to accede to the terms and conditions of the service set out in the SDEP Access Agreement. ▪ The SDEP Access Agreement was issued to MRA and SPAA parties for consultation between 11 th November 2019 to 29 th November 2019. ▪ The updates to the consultation were published in January 2020, with an invitation for any additional comments prior to approval by MRASCo Board. ▪ MRASCo Board approved the SDEP Access Agreement on 30 th January 2020. ▪ Parties are now invited to accede to the Access Agreement by 13 th March 2020. MRA and SPAA 19
Accession Process Review the terms and conditions of access set out in the SDEP Access 1. Agreement Complete the relevant sections (Parts A-F) of the SDEP Application Form and 2. submit this to Support.SDEP@Gemserv.com by Friday 13 th March 2020. Gemserv will validate the Application Form and respond with any questions or 3. clarifications (such as any potential omissions / inaccuracies in company group and market participant role data). Gemserv will send an updated copy of the SDEP Access Agreement, with 4. company details and Schedule 1 updated. Submit a signed copy of the SDEP Access Agreement to 5. Support.SDEP@Gemserv.com. MRA and SPAA 20
Company Group and Market Participant Roles Company Group Users* *Users can only have email address associated with one Company Group Gas Gas Electricity Electricity Supplier 1 Supplier 2 Supplier 1 Supplier 2 Gemserv 21
Company Group and Market Participant Roles Parent Company Company Group Company Group (Original) (M&A) *Users can only have email address *Users can only have email address Users* Users* associated with one Company Group associated with one Company Group Gas Supplier Gas Supplier Electricity Electricity Supplier Supplier MRA and SPAA 22
Recommend
More recommend