Smart Energy, Smart Compliance: Long-Term Information Security and Data Protection Support for an Energy Supplier
Sector: Energy | Scope: Smart Energy Code audit, data protection, information security, staff training | Outcome: Smart meter data access achieved, ongoing compliance support, referral to second client
Not every client relationship begins in straightforward circumstances. This one started in 2017 with a specific and time-critical challenge: gaining access to smart meter data under the Smart Energy Code — something the client, an independent energy supplier, needed to continue operating competitively in a rapidly changing market.
It has continued ever since.
The Smart Energy Code Challenge
Access to smart meter data is not automatic for energy suppliers. The Smart Energy Code sets out the information security requirements that organisations must satisfy before they can access that data — and demonstrating compliance requires documented systems, policies, and evidence that information is being handled appropriately.
Cambridge Risk Solutions worked with the client to develop the materials needed to satisfy the audit requirements, drawing on information security expertise to ensure that what was produced was both technically sound and practically workable for a business of this size. The audit was passed, and access to smart meter data secured.
A Relationship Built on Breadth
What followed was not a single strand of support but a genuinely varied relationship, shaped by the client’s needs as they evolved. Cambridge Risk Solutions has since provided annual data protection and information security training for all staff, including induction training for new starters — ensuring that compliance is not a one-off event but an ongoing part of how the organisation operates.
Outsourced data protection advice has been provided on an ongoing basis, including guidance on subject access requests, complaints handling, and the practical interpretation of UK GDPR requirements as they apply to an energy business.
Information security support was provided during a significant IT infrastructure change, including review of data sharing agreements and assessment of information security requirements to ensure that the transition did not introduce new risks or compliance gaps.
Cambridge Risk Solutions also represented the client on a government-led green energy project, acting as the liaison between the client and the wider project team — and contributing data protection input at points where the project direction risked creating compliance problems.
The Covid Period
The relationship deepened during the pandemic, when the client needed a substantial programme of policy writing to ensure compliance with the conditions of supply for gas and electricity. It was not work that sits at the core of Cambridge Risk Solutions’ usual scope — but the client knew the capability was there, the need was genuine, and the work got done. That flexibility, and the willingness to go beyond a narrow brief when a long-standing client needs support, is part of what a genuine partnership looks like.
A Referral That Speaks for Itself
The clearest measure of a client’s confidence in the work is what they do when a peer organisation faces a similar challenge. When a new energy company was establishing itself ahead of launch — needing the same Smart Energy Code compliance, the same information security foundations, the same readiness for smart meter access — the client recommended Cambridge Risk Solutions without hesitation.
That referral led to a second successful engagement: helping the new entrant build the systems and documentation it needed before opening its doors, and supporting it through the same audit process that had brought the original client to Cambridge Risk Solutions nearly a decade earlier.