Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions


0800 035 1231 (Mon to Fri 9am – 5pm)

Suite 3, The Cotton Mill, Torr Vale Mills, New Mills, Derbyshire, SK22 4HS, UK

Information Security and the Smart Energy Code

BS 25999The Client

The client is two start-ups, operating in the energy sector.  The Directors all had experience in the sector, but were now setting up two new businesses, one to develop the software to be able to access metering data, and the other as a gas and electricity supplier for the SME sector.

The Problem

The energy sector is a highly regulated sector, with additional restrictions for access to smart metering data, and the clients had to satisfy the requirements of the Smart Energy Code as well as ISO 27001.  A Cambridge Risk Solutions client, who operates in the same environment, had recommended our services following their own successful compliance with the requirements.

The Solution

Cambridge Risk Solutions worked closely with the client, developing a Management System that ensured compliance with both the Smart Energy Code and ISO 27001.  This was a complex piece of work as the Smart Energy code appears to have been written from a large company perspective and was, in places, difficult to apply in a small, cloud-based business environment, not least as the Smart Energy Code requirements were much more prescriptive, and the auditing against the requirement significantly more demanding.  We were keen to ensure that the Management System remained user-friendly, whilst still meeting the requirements of the code.  Moreover, as the software was still in development, and there were no clients in place, it was difficult to demonstrate that the systems were compliant, particularly as the auditors decided that the business developing the software did not need to be audited.  However, given we were working with the client from an early stage, this did mean that the entire system could be developed on the principle of ‘Privacy By Design’.

After a very tense week, we were delighted when the clients were approved for operation.


Get In Touch

We are always happy to answer any questions you may have, please either contact us by telephone, or by filling in the form below.

Please ensure that you do not divulge any sensitive data as this webpage is not secure.

Cambridge Risk Solutions offered us a first class service that you might expect from a much larger organisation. They combined this knowledge and professional approach with a real personal touch that made the process of developing our plan actually enjoyable.

more testimonials

  • Business Continuity Planning

    Effective planning that takes into account risk evaluation and business impact analysis, supported by clear and concise crisis management. We work with you to develop user-friendly plans.

  • Business Impact Analysis

    The Business Impact Analysis (BIA) is one of the most important, and least well understood, stages of the Business Continuity Management Lifecycle; we can assist with your BIA.

  • Training and Exercising

    No Business Continuity Management programme is effective without a significant element of training. Moreover, ongoing Crisis Management training and exercising is key. We can provide objective training and exercising.

  • Risk Evaluation and Control

    Risk evaluation and treatment provide a process to identify, prioritise and managing your risks. Cambridge Risk Solutions can assist with risk management for business operational and information security risks.

  • Statement of Applicability

    Which controls do you need to have in place? How do you link your risk assessment process into your SoA? How do you ensure that you have effective controls in place? We can assist with your SoA.

  • Integrated Management Systems

    Management Systems assist with your on-going management, maintenance and continual improvement. We work with you to develop a fully integrated management system, enabling certification to ISO 22301 and ISO 27001.