The Security Expert Group (SEG) has been tasked with reviewing and developing potential system, process and governance enhancements to ensure security of the data held within the MRASCo systems is maintained.
SEG last met on 4th August 2015 and reviewed the recently introduced quoracy arrangements for the Group, which will require four Supplier and two Distribution Business representatives in order for a decision to be made. In addition, the remit of SEG as an enduring MRASCo Board sub-committee was agreed and will be developed into a set of Terms of Reference.
SEG also reviewed the proposed scope of the GDCC user audit, which consisted of three categories of users that would be required to undertaken varying depths of audits:
- A full GDCC User Audit;
- A partial GDCC User Audit that assumes certain elements have already been assessed as compliant; and
- A compliance review (rather than audit) for organisations with very limited access that is determined to be very low risk.
Due to the recent announcements regarding the Green Deal, SEG agreed for the Category 1 audit questions to be developed.
Finally, the secure distribution of ECOES and GDCC data was considered. A proposal to securely and flexibly distribute data with the appropriate security and access controls was reviewed and will be further developed ahead of the next meeting.
If you have any questions, or if you would like to attend the next SEG meeting, please contact MRAHelpdesk@Gemserv.com