Advanced Search

Party Service Line 100: Generic Requirements for BSC Parties and Party Agents

v 3.0
Download

Balancing and Settlement Code

Party Service Line

Generic NON Functional Requirements for Licensed distribution system operators and Party Agents

PSL100

Version 3.0

Date: 1 September 2021

Party Service Line 100

1. Reference is made to the Balancing and Settlement Code (the BSC) for the Electricity Industry in Great Britain and, in particular, to the definition of "Party Service Line".

2. This is Party Service Line PSL100, Version 3.0 relating to generic requirements for the following:

    • Licensed Distribution System Operators (LDSOs);

    • Unmetered Supplies Operators (UMSOs);

    • Supplier Meter Registration Services (SMRSs)

    • Data Aggregators (Half Hourly and Non-Half Hourly) (HHDAs and NHHDAs);

    • Data Collectors (Half Hourly and Non-Half Hourly) (HHDCs and NHHDCs);

    • Central Volume Allocation Meter Operator Agents (CVA MOAs); and

    • Meter Administrators (MAs).

3. This PSL is effective from 1 September 2021.

4. This PSL has been approved by the Panel.

Intellectual Property Rights, Copyright and Disclaimer

The copyright and other intellectual property rights in this document are vested in Elexon or appear with the consent of the copyright owner. These materials are made available for you for the purposes of your participation in the electricity industry. If you have an interest in the electricity industry, you may view, download, copy, distribute, modify, transmit, publish, sell or create derivative works (in whatever format) from this document or in other cases use for personal academic or other non-commercial purposes. All copyright and other proprietary notices contained in the document must be retained on any copy you make.

All other rights of the copyright owner not expressly dealt with above are reserved.

No representation, warranty or guarantee is made that the information in this document is accurate or complete. While care is taken in the collection and provision of this information, Elexon Limited shall not be liable for any errors, omissions, misstatements or mistakes in any information or damages resulting from the use of this information or action taken in reliance on it.

Amendment Record

Date

Version

Description of Changes

Changes included

Panel ref

12/07/2007

1.0

Approved for use by the BSC Panel

CP1182 v3.0

129/05

26/02/2009

2.0

February 2009 Release

CP1254

ISG93/02

SVG93/02

01/09/2021

3.0

1 September 2021 Non-Standard Release

P420

P316/05

1 Introduction

1.1 Purpose and Scope of this PSL

1.1.1 This PSL defines the non-functional requirements that Supplier Agents (excluding SVA MOAs), LDSOs and CVA MOAs shall comply with to fulfil their functions under the BSC. In this PSL certain common responsibilities and obligations are expressed to be undertaken by all of the following Market Participants (except where stated otherwise):

    • NHHDCs;

    • HHDCs;

    • NHHDAs;

    • HHDAs;

    • MAs;

    • LDSOs;

    • SMRSs;

    • UMSOs; and

    • CVA MOAs;

1.1.2 The Supplier which appointed the relevant Supplier Agent (in this PSL, the “Associated Supplier”) shall be responsible for every act, breach, omission, neglect and failure of such Supplier Agent (in relation to that Supplier) and shall procure compliance by such Supplier Agent, with the relevant provisions of the BSC and Code Subsidiary Documents (CSDs); and may, if permitted to do so by the terms of the BSC, itself perform such responsibilities and obligations instead.1

1.1.3 The Registrant which appointed the CVA MOA (in this PSL, the “Associated Registrant”) shall be responsible for every act, breach, omission, neglect and failure of such Party Agent (in relation to that Registrant) and shall procure compliance by such Party Agent, with the relevant provisions of the BSC and CSDs; and may, if permitted to do so by the terms of the BSC, itself perform such responsibilities and obligations instead.

1.1.4 In this PSL, a reference to a person appointed by an Associated Supplier includes a reference to a person appointed by someone other than the Associated Supplier to perform the relevant functions in relation to a SVA Metering System for which the Associated Supplier is responsible.1

1.1.5 For the purposes of this PSL, Supplier Agents, LDSOs, (including when acting in their capacity as UMSO) and CVA MOAs will be referred to as “Market Participants”.

1.1.6 The Market Participant shall perform the responsibilities and obligations set out in this PSL in relation to each SVA and CVA Metering System to which it is appointed or responsible for.

1.2 BSC Provision

1.2.1 If the provisions of this PSL are inconsistent with the provisions of the BSC, the provisions of the BSC shall prevail to the extent of such inconsistency.

1.3 Acronyms and Definitions

Acronym / Term

Definition

BSC

Balancing and Settlement Code

BSCCo

Balancing and Settlement Code Company

BSCP

Balancing and Settlement Code Procedure

CP

Change Proposal

CSD

Code Subsidiary Document

CVA

Central Volume Allocation

CVA MOA

Central Volume Allocation Meter Operator Agent

HHDA

Half Hourly Data Aggregator

HHDC

Half Hourly Data Collector

LDSO

Licensed Distribution System Operator

MA

Meter Administrator

NHHDA

Non-Half Hourly Data Aggregator

NHHDC

Non-Half Hourly Data Collector

PSL

Party Service Line

SMRS

Supplier Meter Registration System

SVA

Supplier Volume Allocation

SVAA

Supplier Volume Allocation Agent

SVA MOA

SVA Meter Operator Agent

UMSO

Unmetered Supplies Operator

1.3.1 Other acronyms and defined terms used in this PSL which are not defined shall have the meaning given to them in Section X of the BSC.

2 Service and System Availability

2.1 System Availability

2.1.1 The Market Participant shall ensure that its systems availability is such that data is capable of being delivered within the timescales specified in the BSC and other CSDs, without detriment to the quality of the data delivered.

2.2 Service Availability

2.2.1 The Market Participant shall ensure that all the services described in the BSC and CSDs are performed by it in accordance with Good Industry Practice. In particular services shall be performed in a manner and within suitable time periods to allow other Market Participants to fulfil their obligations under the BSC in accordance with the Settlement Calendar.

2.3 Backup and Disaster Recovery

2.3.1 The Market Participant shall develop and maintain plans and procedures for providing backup and recovery facilities in the event of a disaster. This will include plans and procedures for dealing with a disaster which affects its activities as a Market Participant. Such plans and procedures shall enable the Market Participant to continue to provide the service as a Market Participant for all of the roles it is Qualified to provide following a disaster, and to resume normal working practices as soon as reasonably practicable.

2.3.2 Without prejudice to any of the provisions of this PSL, the Market Participant shall take reasonable steps to avoid any disaster which might affect their services. If this is not possible they shall minimise the disruption and impact of the disaster by implementing plans and procedures as described in 2.3.1 for backup and recovery should the need arise to ensure that the Market Participant is able to continue to provide services as set out under the BSC and CSDs.

3 Security/Access

3.1 Physical and Logical Security

3.1.1 The Market Participant shall use reasonable endeavours to maintain the physical and logical security of all hardware and software used by it and all data and other information acquired or held by it in the performance of its duties under the BSC and CSDs in order to prevent data loss or corruption.

3.2 Security of Hardware Access

3.2.1 The Market Participant will ensure that, for computerised systems, access to hardware shall be restricted appropriately (this includes restricting access to terminals, disk drives and cables).

3.2.2 The security of hardware shall be monitored by the Market Participant, using appropriate controls. It is expected that controls would include the following:

    • locked computer rooms;

    • restrictions on access to buildings containing computer equipment;

    • restricted access to asset moving documents relating to the computer hardware; and

    • fire protection and safety equipment to protect hardware.

3.3 Security of Software Access

3.3.1 The Market Participant will ensure that, for computerised systems access to software shall be restricted appropriately. This includes restricting systems level access (both locally and/or remotely), application level access and access to particular programs using effective passwords.

3.3.2 The security of software shall be monitored by the Market Participant, using appropriate controls. It is expected that controls would include the following:

    • password protection at system, application and program level, and if appropriate, at a more detailed level;

    • preventing users from accessing the operating system prompt;

    • monitoring of reports showing attempted and/or actual access violations;

    • tighter controls than those already stated over access to special system privileges;

    • authentication of remote access attempts;

    • controls to safeguard the confidentiality and integrity of data passing over public networks;

    • restricted access to documents/systems forming part of the security system;

    • hardware/software mechanisms that can be independently evaluated to provide assurance that the system enforces the requirements of the security policy; and

    • audit trails kept and protected so that actions affecting security can be traced and attributed to the responsible party.

3.4 Access Controls

3.4.1 The Market Participant will ensure that, controls shall exist to ensure that risk of intentional errors/fraud is minimised. Such controls should include mechanisms which ensure that access to data and documentary evidence is restricted to the appropriate individuals. Basic steps that would normally be expected to achieve adequate control in this area include:

    • a security policy communicated to all employees at the Market Participant’s organisation and strongly endorsed by management;

    • procedures in place to ensure periodic reviews of security policy;

    • clear data ownership and ownership of all significant information assets including information, software, and physical assets; and

    • compliance with legal, contractual and Qualification requirements.

3.4.1.1 If computer systems are used by the Market Participant, controls should, in addition, include:

    • restricting access to computer hardware, being tangible computer equipment such as terminals, cables, disk drives, servers, disks and magnetic media (e.g. tapes);

    • restricting access to software, being and computer programs and all user documentation in respect of such programmes, as well as systems level access, application level access and access to particular programs; and

    • restricting access to hard copy reports produced by the computer systems.

3.4.1.2 For computerised systems, controls need to cover the period during which the Market Participant’s system is being developed and implemented, and the period of its operation. These controls must extend to system developers and system users.

3.4.1.3 An organisation that complies with BS7799-3 on Information Security Management Systems will normally achieve the required minimum level of security for computerised systems.

4 Data Confidentiality

4.1 General

4.1.1 Apart from the data flows to third parties required or permitted under the BSC or any CSD, access to data held by the Market Participant relating to the discharge of its duties under this PSL should only be permitted for people employed by the Market Participant. Controls should ensure that confidentiality requirements are also compliant with applicable statutory requirements.

4.2 Access to Non-Computerised Records

4.2.1 For records which are not computerised access shall be restricted and controlled appropriately by the Market Participant. This includes ensuring that:

    • data is only made available to those parties legitimately entitled to receive it;

    • data is kept physically secure; and

    • data is adequately protected against risk of data loss against fire, water damage and theft.

5 Processing

5.1 Operational Controls

5.1.1 Where the Market Participant uses computerised systems there shall be controls over such systems to ensure that processing operates efficiently and effectively. Such controls would be expected to include:

    • ensuring that the correct versions of the application files are available at the appropriate time to allow efficient processing;

    • scheduling of processes to ensure that processing is performed in the correct sequence;

    • procedures to allow recovery in the event of a processing failure;

    • procedures to “back out” erroneous changes to data caused by rogue programs;

    • operational maintenance of the computer system to ensure that it is kept secure; and

    • scheduling of data processing to ensure that timetables are met and output data is available on-time.

5.2 Retention of Records

5.2.1 The Market Participant must ensure that they have processes in place that are capable of maintaining data records together with the user ids of the persons creating or making changes to these records.

5.2.2 These records must contain such cross references as are necessary to allow verification by tracing data through processing, forwards and backwards, conveniently and old software programs and hardware must, where necessary, be retained to enable these records to be accessed.

5.3 Processing Continuity - Risk

5.3.1 The Market Participant shall ensure that there are controls in place to minimise risks to processing continuity (this will in part be met by adequate access restriction as described in section 3). Basic controls that would be expected include:

    • a documented security policy, communicated throughout the Market Participant’s organisation to all employees;

    • procedures to ensure periodic reviews of security policy;

    • monitoring of the performance of data processing systems with procedures available to deal with problems;

    • formal employment policy, including adequate documentation of the employment procedure, formal terms and conditions of employment and disciplinary procedures;

    • adequate training of all staff; and

    • adequate documentation of procedures, processes and, where appropriate, systems.

5.3.1.1 Where a computerised system is used by the Market Participant the following basic controls would also be expected:

    • virus detection and prevention measures, communicated to all users;

    • controls over computer operations to ensure that processing is executed in the correct sequence and that any dependencies between processes (e.g. waiting for a file to be available before starting a batch program) are correctly taken into consideration;

    • formal change control procedures;

    • appropriate maintenance arrangements for hardware and software;

    • system housekeeping procedures to maintain the integrity and availability of services;

    • support facilities, such as help desks; and

    • clear responsibilities and procedures for systems operation and maintenance.

5.4 Processing Continuity - Impact

5.4.1 The Market Participant will ensure that sufficient controls shall exist to minimise the impact of unwanted cessation of processing including:

    • ensuring that data is correctly recovered and processing correctly resumed; and

    • ensuring that processing is resumed as soon as possible.

5.4.2 The Market Participant shall ensure that there are controls to ensure adequate recovery procedures for both short and long term interruptions of processing in any or all of the systems. In particular this will prevent, where possible, or detect and correct any loss of transmitted data. In the case of computerised systems this would include all software and data, including archived data.

5.4.3 The service shall be capable of performing whatever retrospective processing may be needed to catch up with processing requirements after an interruption to processing. Controls that would be expected include:

    • a fully documented and tested disaster recovery plan in place (as described in Section 2.3); and

    • procedures for the periodic review and testing of disaster recovery plans, which should be performed at least annually.

5.4.3.1 Where a computerised system is used by the Market Participant additional controls which would be expected include:

    • backups of programs and data to ensure essential data and software can be restored in the event of a disaster;

    • periodic testing of restoration of backed up data;

    • features within the database management system software to safeguard data integrity in the event of a system failure (such as transaction logging); and

    • insurance policies to cover hardware and communications.

5.5 Interface Controls

5.5.1 The Market Participant will put controls in place to ensure input, processing, output and communications to other Market Participants are valid and may include the use of software validation checks and exception reporting to identify problems. Controls should include procedures to ensure that data is:

    • complete;

    • accurate; and

    • authorised.

5.5.2 The Market Participant shall (where relevant) put adequate controls in place, relating to their methods of communication with Metering Systems, in order to ensure that data relating to Settlement is not changed accidentally or through malicious activity.

6 Change Control

6.1 Change Control – Qualified Systems2

6.1.1 The Market Participant shall ensure that any changes to its Qualified systems and processes are made and implemented only in accordance with its Qualified change management control process.

6.2 Change Control – All Systems

6.2.1 Where the Market Participant develops computerised systems there shall be controls over the development of such systems to ensure that the system is correctly constructed and that the risk of unintentional errors arising from poor software, clerical procedures or for other reasons is minimised.

6.2.2 The Market Participant shall prepare, maintain and update a change management document setting out its change management control procedures.

6.2.3 Where the Market Participant utilises computerised systems there shall be controls over systems to ensure that the risk of unintentional errors arising from incorrect implementation is minimised.

7 Communications

7.1 Data Transfer Network3

7.1.1 Where directed by the relevant BSC Procedure Market Participants shall send and receive data and other information relating to its activities as a Market Participant in accordance with the SVA Data Catalogue.

7.1.2 Except to the extent otherwise specified by the BSC and relevant BSC Procedure, the Market Participant shall use the Managed Data Network for data transfers defined in this PSL and other CSDs to any third party unless an alternative method for data transfer is agreed with that third party for data transfer to that third party.

7.1.3 The Market Participant shall ensure that it acknowledges receipt of data received by it as Market Participant from a third party, on receipt of that data. The Market Participant shall ensure that any intended recipient receives the data despatched by the Market Participant.

7.1.4 If the Market Participant uses the Managed Data Network to receive or despatch data, its obligation to acknowledge receipt and to ensure receipt by the recipient shall be discharged when the Market Participant sends or receives an automatic acknowledgement generated by the Market Participant’s or the recipient’s Managed Data Network gateway.

7.2 Communication and Transmission Controls

7.2.1 Where the Market Participant uses computerised systems there shall be controls over the transmission of data to ensure that the files are transmitted completely and accurately to the correct authorised recipient. Such controls would be expected to include:

    • checking that the file has been completely transmitted and received;

    • ensuring that the file transmitted has not had errors introduced by the transmission process;

    • checking that the correct authorised party has received the file; and

    • ensuring that if more than one authorised party receives data from the Market Participant, then each recipient obtains an exact copy of the data submitted.

8 Requirements for Controls

8.1 General

8.1.1 All controls devised to meet the BSC requirements should:

    • effectively meet the relevant control objective(s);

    • be operated effectively throughout the relevant period;

    • be verifiable;

    • have documented procedure; and

    • have this operation recorded.

8.1.1.1 For example, if a particular control requires that a check is performed then there should be a record made whenever that check is performed so that the correct operation of the control can be verified.

9 Processing Auditability

9.1 General

9.1.1 The Market Participant shall ensure that all processes which affect Settlement shall be verifiable. This means that:

    • processes must be documented so that anyone wishing to verify the processing has a description of what it should be;

    • all processing must be recorded and these records must contain such cross references as are necessary to allow verification by tracing data through processing, forwards and backwards, conveniently; and

    • audit trails must be maintained as described in the BSC and relevant CSDs.

10 Provision of Data

10.1 Provision of Data to BSCCo and Associated Suppliers

10.1.1 The Market Participant shall provide other Market Participants and BSCCo with data and other information derived from its systems and processes within the timescales defined in the BSC and any relevant CSDs in order to enable the other Market Participant and/or BSCCo to satisfy its related obligations under the BSC and any relevant CSDs including this PSL. All such communications shall be date-time stamped by the Market Participant who is sending the data.

10.1.2 Supplier Agents4 shall provide their Associated Supplier with all the information necessary to enable the Associated Supplier to report at any time.

10.2 Provision of Data for resolution of Trading Disputes

10.2.1 The Market Participant shall retain the Settlement data acquired or held by it for a minimum period of 40 months after the Settlement Day, the first 28 months of Settlement data being retained in a form capable of supporting a Volume Allocation Run and the remaining 12 months of Settlement data being retained in a form which can be supplied in 10 Business Days, if requested by the Panel, for input into an Extra-Settlement Determination.

10.2.2 In the event that Settlement data beyond 40 months after the Settlement Day is required to be retained in support of an Extra-Settlement Determination, the Market Participant shall retain the Settlement data relating to the Settlement Days as requested by the Panel.

10.3 Provision of Data - General

10.3.1 The Market Participant shall ensure that all data and other information acquired or held by it as a Market Participant is made available at all reasonable times upon request for inspection and copying by the BSC Auditor and the Panel or any person nominated by it and any other person authorised for the purpose under the terms of the BSC and any relevant CSD. The data shall be retained in such a format which will allow items of information retained to be subsequently searched, located and checked for validation purposes.

10.3.2 The Market Participant shall ensure that all data and other information acquired or held by it as Market Participant is kept confidential and is disclosed only to those persons authorised or required to receive it under the terms of the BSC and any relevant CSD and, where relevant, to those persons authorised by its Associated Supplier.

10.3.3 Party Agents’ obligations under this section shall survive termination of its appointment under any of the roles which it is qualified to perform as a Market Participant for whatever reason.

1 This paragraph is not applicable to CVA MOAs.

2 This section is not applicable to LDSOs, except when operating as a SMRA or UMSO

3 This section is not applicable to CVA MOAs

4 Suppliers must ensure that they can obtain any data as required by BSCCo from their SVA MOA agents in accordance with this PSL and the Retail Energy Code.