The client is two start-ups, operating in the energy sector. The Directors all had experience in the sector, but were now setting up two new businesses, one to develop the software to be able to access metering data, and the other as a gas and electricity supplier for the SME sector.
The energy sector is a highly regulated sector, with additional restrictions for access to smart metering data, and the clients had to satisfy the requirements of the Smart Energy Code as well as ISO 27001. A Cambridge Risk Solutions client, who operates in the same environment, had recommended our services following their own successful compliance with the requirements.
Cambridge Risk Solutions worked closely with the client, developing a Management System that ensured compliance with both the Smart Energy Code and ISO 27001. This was a complex piece of work as the Smart Energy code appears to have been written from a large company perspective and was, in places, difficult to apply in a small, cloud-based business environment, not least as the Smart Energy Code requirements were much more prescriptive, and the auditing against the requirement significantly more demanding. We were keen to ensure that the Management System remained user-friendly, whilst still meeting the requirements of the code. Moreover, as the software was still in development, and there were no clients in place, it was difficult to demonstrate that the systems were compliant, particularly as the auditors decided that the business developing the software did not need to be audited. However, given we were working with the client from an early stage, this did mean that the entire system could be developed on the principle of ‘Privacy By Design’.
After a very tense week, we were delighted when the clients were approved for operation.