Security Expert Group (SEG) May 2015 Update

The Security Expert Group has been tasked with reviewing and
developing potential system and process enhancements to ensure
security of the data held within the MRASCo systems is maintained.
SEG last met on 5th May 2015 and carried out an in depth review
of the Information Security Risk Assessment report. The report detailed
23 risks, the associated mitigating actions and the required
next steps. The outputs of the report shaped a number of drafting
proposals in relation to Information Security measures contained
within the MRA and its subsidiary documents.
The ECOES Consolidated Monthly Report Request For Information
(RFI) responses were reviewed, which resulted in SEG agreeing a
number of principles, such as one user per company group should
have access to the data and that a two factor user authentication
approach should be adopted. As a result, a further RFI was issued
to seek the industries views on what the two factor user
authentication approach should be. Responses to the RFI were
due by 2nd June 2015.
SEG agreed that the audit approach should be expanded to
detail that parties are required to provide evidence to support their
responses and that the audit scope should be clearly defined.
Finally, SEG agreed that the project team should carry out the
required analysis, and provide the Group with their resultant
findings and proposals. In line with this suggestion, SEG will next
convene on 3rd July 2015, but ahead of this meeting date, are
expected to be reviewing and providing feedback on a number of
workstreams. For further details please contact the MRA helpdesk.