MRA and SPAA Secure Communications The Secure Data Exchange Portal - - PowerPoint PPT Presentation

MRA and SPAA Secure Communications

Jonathan Hawkins and Neil Brinkley

The Secure Data Exchange Portal (SDEP)

Background

▪ The MRA and SPAA require that Suppliers and Networks Operators work together

to resolve a number of issues that may arise during the lifecycle of a Metering Point.

▪ These include processes relating to Switching Exceptions, Prepayment Exceptions,

Address Management, Disconnection, Metering Data and Settlement Exceptions.

▪ The majority of communications are managed by sending Data Flows through

Data Transfer Network, however the MRA and SPAA also require operational queries and escalations to be resolved by email or telephone, which usually contain personal data.

▪ Following the implementation of the General Data Protection Regulations (GDPR)

into UK law on 25th May 2018, many MRA and SPAA parties reviewed their practices around sending personal data. This has resulted in differing methods and standards adopted by each organisation in the market, often contradicting each other, creating operational challenges in the market.

MRA and SPAA 2

The Secure Communications Working Group

▪ The Secure Communications Working Group (SCWG) was established by the MRA

Executive Committee (MEC) in July 2018, consisting of MRA and SPAA parties and the SPAA Code Administrator.

▪ The purpose of the SCWG was to identify a common solution to ensure the

secure transfer of personal data sent between parties to satisfy their obligations in the MRA and SPAA.

▪ The SCWG decided to issue an Invitation to Tender (ITT) to potential solution

providers to identify an interoperable solution for the market to communicate personal data securely that is currently sent by email.

▪ 4 responses were received and 2 potential solutions were recommended to MEC

for decision, where MEC selected a solution using ECOES as a platform to enable Secure Communications between market participants.

MRA and SPAA 3

Changes to the MRA

▪ MRA CP 0262 (Web based solution for sending customer information securely):

▪ Introduces new Clause 58 to the MRA ▪ Requires that MEC procure the establishment, operation and maintenance of a

“Secure Data Exchange Portal” to enable market participants to exchange data.

▪ Mandates that Suppliers and Distribution Businesses use the Portal when exchanging

personal data relating to Consumers, where this isn’t exchanged via another secure means (e.g. the DTN).

▪ Funded by Electricity Suppliers while in the MRA. Will be funded by all Suppliers

when transferred to the Retail Energy Code (REC).

▪ Accepted by MDB on 29th August 2019. ▪ Will be implemented 25th June 2020.

MRA and SPAA 4

Changes to the MRA

▪ MAP CP 0323 (Introduction of new MRA Agreed Procedure for the Secure Data

Exchange Portal)

▪ Introduces a new MRA Agreed Procedure (MAP) to govern the establishment,

• peration and maintenance of the Secure Data Exchange Portal (SDEP), and the

requirements for provision of access to the SDEP.

▪ Accepted by MDB on 30th January 2020. ▪ Will be implemented on 25th June 2020.

▪ MAP CP 0322 (Changes to existing MAPs required for the implementation of the

Secure Data Exchange Portal)

▪ Proposes the consequential amendments to existing MRA Agreed Procedures to

clarify that information previously sent by email should be sent using the SDEP.

▪ Accepted by MDB on 30th January 2020. ▪ Will be implemented on 25th June 2020.

MRA and SPAA 5

Changes to the SPAA

▪ SCP 472 (Web-based solution for sending Customer information securely)

makes equivalent changes to the SPAA:

▪ Mandates that Gas Suppliers only (not Gas Transporters) use the Secure Data

Exchange Portal to exchange personal data relating to Consumers for named SPAA procedures.

▪ Accepted by SPAA Change Board on 10th September 2019. ▪ Will be implemented on 26th June 2020.

▪ SCP 485 (Consequential Amendments following SCP 472 ‘Web-based solution

for sending Customer information securely’)

▪ Proposes the consequential amendments to existing SPAA Schedules to clarify that

information previously sent by email should be sent using the SDEP.

▪ Accepted by SPAA Change Board on 11th February 2020. ▪ Will be implemented on 26th June 2020.

MRA and SPAA 6

Technical Solution

▪ New module within ECOES ▪ Secure, robust, fully audited centralised GDPR compliant solution ▪ Provides a secure information exchange facility, not an enduring file storage

facility

▪ Encrypted both in transit and when at rest on the servers ▪ Files will be automatically archived after 30 days of the last message sent ▪ Audit data will remain within the database, but not the content of the message or

attachment

▪ No transactional charges for volume / size of messages transmitted ▪ Hosted within the ECOES Service Provider’s ISO 27001 data centres

MRA and SPAA 7

Electricity Only Dual Fuel

SDEP Supported Business Processes

MRA and SPAA 8

Disputed Change of Supplier Meter Readings Smart Prepayment Change of Supply Exceptions Debt Assignment Protocol Customer Requested Objections Erroneous Transfers Prepayment Misdirected Payments Contract Manager Queries Electricity Disconnections Metering Point Address Management Retrospective MPAD Amendments (MAP04)

Gas Only

Crossed Meters Duplicate Meter Points

Functionality

User Management

• Each Companies

Master Administration User (MAU) can assign access to system users within their company.

• Users can be assigned

to individual business processes and contact types (e.g. Erroneous Transfers) Sending Messages

• Messages can include

attachments (photos, spreadsheets, etc.)

• Escalation messages

can be escalated to the next level within the message once required response timescales have elapsed.

• Can add a search tag

(MPxN, internal refrence, etc.) Receiving Messages

• Users can view all

communications for each business process where they have been assigned permission.

• Messages can be

assigned to an owner and email alerts can be configured by individual users.

• Messages can be

downloaded to preserve locally. Reporting

• Reporting available

for companies to monitor number of messages sent, received, and assigned by each user and business process to monitor internal performance.

• Reporting available to

MRA Code Administrator to monitor availability and use of the system.

MRA and SPAA 9

Home Page / Menu

MRA and SPAA 10

Sending Communications

MRA and SPAA 11

Sending Communications

MRA and SPAA 12

Receiving Messages

MRA and SPAA 13

Receiving Messages

MRA and SPAA 14

Receiving Messages

MRA and SPAA 15

Receiving Messages

MRA and SPAA 16

Receiving Messages

MRA and SPAA 17

User Management

MRA and SPAA 18

SDEP Access Agreement

▪ All Suppliers and Electricity Distributions Businesses will be required to use the

SDEP from the MRA and SPAA releases in 25th June 2020 and 26th June 2020 respectively.

▪ Will be required to accede to the terms and conditions of the service set out in

the SDEP Access Agreement.

▪ The SDEP Access Agreement was issued to MRA and SPAA parties for consultation

between 11th November 2019 to 29th November 2019.

▪ The updates to the consultation were published in January 2020, with an

invitation for any additional comments prior to approval by MRASCo Board.

▪ MRASCo Board approved the SDEP Access Agreement on 30th January 2020. ▪ Parties are now invited to accede to the Access Agreement by 13th March 2020.

MRA and SPAA 19

Accession Process

1.

Review the terms and conditions of access set out in the SDEP Access Agreement

2.

Complete the relevant sections (Parts A-F) of the SDEP Application Form and submit this to Support.SDEP@Gemserv.com by Friday 13th March 2020.

3.

Gemserv will validate the Application Form and respond with any questions or clarifications (such as any potential omissions / inaccuracies in company group and market participant role data).

4.

Gemserv will send an updated copy of the SDEP Access Agreement, with company details and Schedule 1 updated.

5.

Submit a signed copy of the SDEP Access Agreement to Support.SDEP@Gemserv.com.

MRA and SPAA 20

Company Group and Market Participant Roles

Company Group Gas Supplier 1 Gas Supplier 2 Electricity Supplier 1 Electricity Supplier 2 Users*

Gemserv 21

*Users can only have email address associated with one Company Group

Company Group and Market Participant Roles

Parent Company Company Group (Original) Gas Supplier Electricity Supplier Users* Company Group (M&A) Gas Supplier Electricity Supplier Users*

MRA and SPAA 22

*Users can only have email address associated with one Company Group *Users can only have email address associated with one Company Group

User Acceptance Testing (UAT)

▪ Parties will be invited to participate in User Acceptance Testing (UAT) following

the testing of internal system testing, to confirm that the systems operates as described in the User Requirements Specification.

▪ Parties wishing to participate in UAT must have completed the accession process

first, and will be given access to the SDEP in a test environment.

▪ Invitations to participate in UAT will be sent in April 2020, with UAT expected to

commence at the beginning of May 2020, and run for approximately 2 weeks. Exact dates will be confirmed when invitations are issued.

▪ A webinar will be arranged, prior to the commencement of UAT, to provide

information on the process and requirements for those participating. This will include the approach to identifying, investigation and resolving defects identified.

▪ UAT is not intended to amend the scope or proposed functionality of the system,

and any issues identified that aren’t in the current specification will be parked as potential improvements for post-go live.

MRA and SPAA 23

Next steps

MRA and SPAA Change Proposals complete and SDEP Access Agreement finalised Supplier and Distribution Business accession to SDEP Access Agreement Preliminary training material available, and parties invited to complete User Acceptance Testing (UAT) UAT Sign Off, training material published and invitation to training events System go-live and MRA/SPAA product release

MRA and SPAA 24

February 2020 March 2020 April 2020 May-June 2020 June 2020

Frequently Asked Questions (FAQs)

▪ Does a Director need to sign the Application Form and Access Agreement?

▪ The Application Form can be signed by any duly authorised person on behalf of your

• rganisation. This will depend on the internal requirements of your organisation. The

Access Agreement should be signed by a Director of the company.

▪ I have more than one Supply Licence / Distribution Licence, do I need to

complete more than one Application Form?

▪ This depends on your operational set up. If your staff operate on behalf of all

associated companies, then these should be included within one Application Form. If you have multiple companies that employ staff independently (and those staff do should not have access to data regarding the other company) then you will likely require additional Company Groups to be created, and will need to submit multiple Application Forms. If you feel this impacts you, please contact us directly to discuss this.

MRA and SPAA 25

Frequently Asked Questions (FAQs)

▪ If I am a gas and electricity Supplier, do I include both my gas and electricity

details in the Application Form?

▪ Yes, all relevant Market Participant Roles operating under your Company Group

should be included within Part B of the Application Form

▪ I am a Managed Service Provider operating on behalf of multiple Suppliers /

Distribution Businesses. How do I access the SDEP?

▪ Access will need to be provided by the Master Administration User (MAU) of the

relevant organisation where you require access. Please note as an email address can

• nly be associated with one Company Group, where you require a user to operate on

behalf of multiple Company Groups, you will need to consider this requirement. This may be setting up email addresses with a valid email domain for that Company

• Group. If you require assistance with this please contact us to discuss your

requirements.

MRA and SPAA 26

Frequently Asked Questions (FAQs)

▪ Can I propose changes to the functionality of the SDEP?

▪ Both MRA and SPAA parties can raise an MRA Issue Form to discuss issues relating to

the SDEP. These issues will be discussed at the next available IREG meeting under the ‘SDEP Matters’ section of the agenda, which SPAA parties are invited to attend.

▪ The functionality for the initial release in June 2020 has been baselined, and any

proposed changes to the design will need to be considered as an improvement for a future release.

▪ Changes to the functionality will also need to be considered in the context of

Ofgem’s Retail Code Consolidation Significant Code Review (SCR), as this may impact the legal drafting for the Retail Energy Code (REC). Any proposed changes will need to be discussed with Ofgem to ensure they are comfortable that the changes will not adversely impact on the SCR.

MRA and SPAA 27

Any questions?

Support.SDEP@Gemserv.com