Common use of Non Functional Requirements Clause in Contracts

Non Functional Requirements. This section covers the mandatory non-functional requirements for the NDR. Any tender should reflect an understanding and demonstrate wherever appropriate how any proposed solutions will fulfil these requirements. Ref Requirement type Requirements Outline N01 Integrity The consumer must be able to trust the Register and have confidence in its integrity & authenticity. The Register will be the Database of Record for all Energy Assessments and in the event of dispute provides the definitive statement regarding the actual Energy Document that was produced and lodged along with the Model Data that was used to produce that Energy Document. Therefore the Operator must ensure that the Register: • maintains its internal integrity • be safeguarded from any unauthorised tampering. • protected from both internal and external threats. • reduce any risks of fraud and abuse that may take place across the end to end process. N02 Data Consistency Due to the highly distributed nature of the marketplace there is a significant issue with enforcing consistency across the entire marketplace. A particular area where consistency is essential is in the identification and addressing of each Property being reported on. A shared central database of Property & Address details is the most obvious way of achieving consistency both cost effectively and in the required timescales. Some scenarios where consistency is required are: • A Property may have a number of different addresses associated with it in addition to the primary or “official” address for example the street may have more than one name or the owner decided to give the house a name or a building has been sublet by units or floors. In order to maintain consistency it is essential that all Energy Documents relating to a property consistently have the same correct address shown • Over time the identifying characteristics of a Property can change e.g. a Royal Mail Postcode reorganization may result in a postcode change for the Property therefore the address of the Property is not sufficient • A Property in Wales has both an English and a Welsh Address and when producing Energy Documents in one of those languages the EA should consistently use the correct address in the relevant language. It is the up to NDR Operator to select appropriate data-sets or service providers – such as Ordnance Survey Addresspoint, Royal Mail Postal Address File (PAF), National Land & Property Gazetteer (NLPG) or National Land Information Service (NLIS) – that could be used either to directly satisfy these requirements or form a significant foundation to meeting the requirements. The primary data requirements are: • Provision of a Unique Property Reference Number (UPRN) that uniquely identifies every assessed non-dwelling property in England & Wales. This includes units, floors within buildings etc. • The minimum data requirements for each Property are as per the common 5 line address format which includes Unique Property Reference Number, Primary Address, Secondary and Alternative Addresses e.g. English / Welsh equivalents of same property, local aliases etc. However an optional Address line 0 will be required to describe the Building-Part within the building. The primary functional requirements are: • Address Searching - to be able to find a Property and its Unique Property Reference Number based on an address or partial address or postcode. Fuzzy and Soundex searching should be used where appropriate. • Get Primary Address for the Property referenced by the Unique Property Reference Number. Other key requirements: • The "master" copy of the data is to be maintained by the NDR Operator to enforce consistency in the NDR and can ensure uniqueness of Unique Property Reference Number over the life of the Energy Documents. This may require daily maintenance updates. N03 Usability The process of using the NDR should not unnecessarily delay or obstruct the process of energy assessing a building. The NDR and its processes should be available in a way that any organisation or individual that relies upon it for their own processes to take place is able to conduct their business without delay or obstruction. N04 Transactional Volumes These Transaction Volumes are indicative of expected activity for the full operational system and are provided to assist prospective Operators in their calculations. The key transaction volumes are: • 216,000 NDEPCs and associated reports per annum (2.08 million over 13 years). Growth rates dependant on external market activity. • 42,000 Display Energy Certificates annually with associated Advisory Reports which are updated every seven years • Active EAs able to produce DECs : 1,500 • Active EAs able to produce NDEPCs: 2,500 • Size of each PDF certificate / report: DEC or NDEPC (up to 300k). AR or RR: 2-5 pages of text with no high-quality figures • Size of XML data: • DEC & AR (up to 0.5Mb) and NDEPC & RR (up to 2Mb): the files include: XML of input data to software, XML of output data and appropriate headers. • Lifetime access to Energy Documents: Approximately 7 to 10 accesses will be performed per NDEPC, RR during the course of its lifetime. • Number of Non Domestic & Public Properties in England & Wales: 1,526,877 Transitional Lodgement volumes over the year should be calculated from the Regulatory Impact Assessment (RIA) figures on the CLG website. Regarding initial volumes expected volumes of approximately 1000/month on the non-discretionary buildings (EPC’s for construction, sale or rent > 10000 m2). There are expected to be discretionary volumes, anecdotally from large building portfolio managers. N05 Backup, Recovery Operating as a “no-loss” data environment it is essential to ensure that all the Certificate & Reports in the NDR are regularly backed-up to secondary storage to protect the data from loss or corruption. There are no special considerations for backup & recoverability of the NDR database over and above the normally expected requirements for protecting the data. It is expected that the NDR Operator will define reasonable procedures for agreement by CLG. It is essential that the backup process does not unnecessarily impact NDR service connectivity, availability or responsiveness. Recoverability of the application in the event of a system failure should be minimised as much as is feasible within the economic constraints. Standard Operating Procedures (SOPs) should be in place clearly stating the step-by-step procedures to follow should the recovery operation be invoked. Risk assessments should take place periodically especially when there has been changes affected to the register or the system environment. Operational training is an often-ignored aspect that should receive a high priority. The recovery operation should not be jeopardised due to a lack of properly trained alternative staff members being available when a recovery is required. This backup procedure should be synchronised with other affected parties. Recovering data from the backup copies should be regularly tested to ensure integrity of the recovered data. The Accreditation Scheme is able to monitor and audit work of their members but may be a source of data too in case of the partial or full failure of the Register. However this should not be relied upon as a critical part of the recovery process. N06 Disaster Recovery & Business Continuity In the event of a wholesale system outage a mirror/standby site should be available and should capable of being operational within one working day from the point the primary system outage has occurred. The Operator must be able to provide the same functionality at a different site with alternative communications, with as close a replication of the system data as possible to the point in time of failure. The scope of any Recovery plan should include personnel and location as well as functionality. It is the responsibility of the NDR Operator to develop and agree acceptable and cost effective procedures for disaster recovery that minimises the impact of any major system outage on the market. N07 Archiving Maintain archive of Energy Documents and Model Data used to collect it for at least 20 years. Historical Degree and CIBSE date will be archived indefinitely subject to any licencing constraints. N08 Security This is closely related to the Integrity & network requirements in this document. To ensure unauthorised tampering of stored data the supplier must consider at least the following set of security access controls: • Limit access to valid users and protect integrity of data. • Data must have appropriate protection and access control so to avoid unlawful disclosure of info from any artefact. • Any data maintenance activity must take place in a secure environment • All user transactional service and user requests to the register can only be carried out by registered users and any operations are authenticated when the service is invoked. • Ensure any message that purports to be from a particular registered user or source is in fact from that registered user or source. • A User (either Registered or Unregistered) may only invoke services according to their role. They must be restricted from invoking unauthorised services. The nature of the data and infrastructure that makes up the NDR would, on an initial assessment, accord it a level 2 – PROTECT classification. A standard password and log on would be sufficient from an authentication security view - there is no need for encrypted data. The NDR Operator must adhere to the security guidelines laid down by CLG IT Security. ISO 27001 would go a long way in meeting CLG security standards. A ‘Good Practice Guide’ for telecommunications resilience and ‘Fast Track Accreditation for Standalone & Networked IT Systems’ should be considered by any prospective supplier during their design. There are also recommendations from the e-Government Unit surroundings web-site accessibility that should be applied. In considering authentication methods there must be an allowance for mass deployment of client applications such as SBEM, DSM energy software models approved by CLG for EAs. As an example the NDR Operator may want to consider a certificate or token based approach rather than just username / password. Procedures for registering and managing Authorised Users will need to be defined by the NDR and made available as a set of standard interfaces to industry stakeholders. N09 Availability There must be controlled access to system 24/7 and is met at least 80 percent of the time unless indicated specifically in each transaction. The overall availability requirements for the NDR and related services are dependent on the operational requirements of the significant user groups. The following are the expected availability profiles for each of our significant groups of Registered Users: EAs will produce Energy Documents during the normal professional working day over a 6-day working week with possibly occasional access – e.g. to meet a heavy work load - later in the evening. Accreditation Schemes would only require access to modify details of EAs as part of their standard business operations. It is expected that the Energy Document lodgements will be submitted as a mixture of overnight bulk submission files and single ad-hoc registrations taking place during the day. Hence estimated minimum availability required for both sets of users is 06:00 🡪 24:00; Monday 🡪 Saturday. However the suggested method of updating the NDR by Accreditation Schemes would require overnight access to bulk process the changes made during the day. The supplier must also demonstrate how they intend to minimise the impact of a failure in the Register across all the transactional services. N10 Scalability The NDR must be scaleable to accommodate any fluctuations in the transactional and volumes stated and increase in demand. N11 Extensibility There is a requirement to be able to extend the NDR Business Information Model. For example the solution may be improved during contract lifetime to • Expand register to include other elements of Energy Performance of Building Regulations e.g. air-conditioning or boiler inspection reports. • Extend to incorporate additional data that can be lodged The data model will be extended to integrate new information and it should be assumed that all Business Entities may be extended at any time and that the optional extensions may or may not be pre-notified to support staff. Hence a significant design criterion is that the data model must be easily extensible without incurring significant impact or unnecessary changes to any existing software. N12 Data Protection The NDR holds commercial data. The data that is considered of a personal nature is that of the EA and building owner which includes name & contact details. It is expected that the NDR Operator will investigate and adhere to any data protection legislation as required. N13 IT Governance It will be the NDR Operators’ responsibility to govern the published NDR Technical Standards on behalf of CLG and monitor industry adherence to them. The EA accreditation requirements are the responsibility of the Accreditation Scheme to enforce. As part of the IT Governance responsibility the NDR Operator will: • Publish, circulate and manage the implementation of the Technical Standards on behalf of CLG. • Provide advice on the correct implementation or interpretation of the published Technical Standards. • Monitor activity against the NDR to ensure adherence to the published standards and consistency of use across the industry. This is separate to any EA Quality Assurance activity carried out on behalf of an Accreditation Scheme. All changes to the standards will be drafted by the NDR Operator. CLG remains the owner and final Design Authority on changes to all standards, specifications and service requirements and will have ultimate responsibility for sign-off and publication.

Non Functional Requirements. This section covers the mandatory non-functional requirements for the NDR. Any tender should reflect an understanding and demonstrate wherever appropriate how any proposed solutions will fulfil these requirements. Ref Requirement type Requirements Outline N01 Integrity The consumer must be able to trust the Register and have confidence in its integrity & authenticity. The Register will be the Database of Record for all Energy Assessments and in the event of dispute provides the definitive statement regarding the actual Energy Document that was produced and lodged along with the Model Data that was used to produce that Energy Document. Therefore the Operator must ensure that the Register: • maintains its internal integrity • be safeguarded from any unauthorised tampering. • protected from both internal and external threats. • reduce any risks of fraud and abuse that may take place across the end to end process. N02 Data Consistency Due to the highly distributed nature of the marketplace there is a significant issue with enforcing consistency across the entire marketplace. A particular area where consistency is essential is in the identification and addressing of each Property being reported on. A shared central database of Property & Address details is the most obvious way of achieving consistency both cost effectively and in the required timescales. Some scenarios where consistency is required are: • A Property may have a number of different addresses associated with it in addition to the primary or “official” address for example the street may have more than one name or the owner decided to give the house a name or a building has been sublet by units or floors. In order to maintain consistency it is essential that all Energy Documents and Energy Model Input Data relating to a property consistently have the same correct address shown • Over time the identifying characteristics of a Property can change e.g. a Royal Mail Postcode reorganization may result in a postcode change for the Property therefore the address of the Property is not sufficient • A Property in Wales has both an English and a Welsh Address and when producing Energy Documents or Energy Model Input Data in one of those languages the EA should consistently use the correct address in the relevant language. It is the up to NDR Operator to select appropriate data-sets or service providers – such as Ordnance Survey Addresspoint, Royal Mail Postal Address File (PAF), National Land & Property Gazetteer (NLPG) or National Land Information Service (NLIS) – that could be used either to directly satisfy these requirements or form a significant foundation to meeting the requirements. The primary data requirements are: • Provision of a Unique Property Reference Number (UPRN) that uniquely identifies every assessed non-dwelling property in England & Wales. This includes units, floors within buildings etc. • The minimum data requirements for each Property are as per the common 5 line address format which includes Unique Property Reference Number, Primary Address, Secondary and Alternative Addresses e.g. English / Welsh equivalents of same property, local aliases etc. However an optional Address line 0 will be required to describe the Building-Part within the building. The primary functional requirements are: • Address Searching - to be able to find a Property and its Unique Property Reference Number based on an address or partial address or postcode. Fuzzy and Soundex searching should be used where appropriate. • Get Primary Address for the Property referenced by the Unique Property Reference Number. Other key requirements: • The "master" copy of the data is to be maintained by the NDR Operator to enforce consistency in the NDR and can ensure uniqueness of Unique Property Reference Number over the life of the Energy Documents. This may require daily maintenance updates. N03 Usability The process of using the NDR should not unnecessarily delay or obstruct the process of energy assessing a building. The NDR and its processes should be available in a way that any organisation or individual that relies upon it for their own processes to take place is able to conduct their business without delay or obstruction. N04 Transactional Volumes These Transaction Volumes are indicative of expected activity for the full operational system and are provided to assist prospective Operators in their calculations. The key transaction volumes are: • 216,000 NDEPCs and associated reports per annum (2.08 million over 13 years). Growth rates dependant on external market activity. • 42,000 Display Energy Certificates annually with associated Advisory Reports which are updated every seven years • Active EAs able to produce DECs : 1,500 • Active EAs able to produce NDEPCs: 2,500 • Size of each PDF certificate / report: DEC or NDEPC (up to 300k). AR or RR: 2-5 pages of text with no high-quality figures • Size of XML data: • DEC & AR RR (up to 0.5Mb) and NDEPC & RR (up to 2Mb): the files include: XML of input data to software, XML of output data and appropriate headers. • Lifetime access to Energy Documents: Approximately 7 to 10 accesses will be performed per NDEPC, RR during the course of its lifetime. • Number of Non Domestic & Public Properties in England & Wales: 1,526,877 Transitional Lodgement volumes over the year should be calculated from the Regulatory Impact Assessment (RIA) figures on the CLG DCLG website. Regarding initial volumes expected volumes of approximately 1000/month on the non-discretionary buildings (EPC’s for construction, sale or rent > 10000 m2). There are expected to be discretionary volumes, anecdotally from large building portfolio managers. N05 Backup, Recovery Operating as a “no-loss” data environment it is essential to ensure that all the Certificate & Reports in the NDR are regularly backed-up to secondary storage to protect the data from loss or corruption. There are no special considerations for backup & recoverability of the NDR database over and above the normally expected requirements for protecting the data. It is expected that the NDR Operator will define reasonable procedures for agreement by CLGDCLG. It is essential that the backup process does not unnecessarily impact NDR service connectivity, availability or responsiveness. Recoverability of the application in the event of a system failure should be minimised as much as is feasible within the economic constraints. Standard Operating Procedures (SOPs) should be in place clearly stating the step-by-step procedures to follow should the recovery operation be invoked. Risk assessments should take place periodically especially when there has been changes affected to the register or the system environment. Operational training is an often-ignored aspect that should receive a high priority. The recovery operation should not be jeopardised due to a lack of properly trained alternative staff members being available when a recovery is required. This backup procedure should be synchronised with other affected parties. Recovering data from the backup copies should be regularly tested to ensure integrity of the recovered data. The Accreditation Scheme is able to monitor and audit work of their members but may be a source of data too in case of the partial or full failure of the Register. However this should not be relied upon as a critical part of the recovery process. N06 Disaster Recovery & Business Continuity In the event of a wholesale system outage a mirror/standby site should be available and should capable of being operational within one working day from the point the primary system outage has occurred. The Operator must be able to provide the same functionality at a different site with alternative communications, with as close a replication of the system data as possible to the point in time of failure. The scope of any Recovery plan should include personnel and location as well as functionality. It is the responsibility of the NDR Operator to develop and agree acceptable and cost effective procedures for disaster recovery that minimises the impact of any major system outage on the market. N07 Archiving Maintain archive of Energy Documents and Model Data used to collect it for at least 20 years. Historical Degree and CIBSE date will be archived indefinitely subject to any licencing licensing constraints. N08 Security This is closely related to the Integrity & network requirements in this document. To ensure unauthorised tampering of stored data the supplier must consider at least the following set of security access controls: • Limit access to valid users and protect integrity of data. • Data must have appropriate protection and access control so to avoid unlawful disclosure of info from any artefact. • Any data maintenance activity must take place in a secure environment • All user transactional service and user requests to the register can only be carried out by registered users and any operations are authenticated when the service is invoked. • Ensure any message that purports to be from a particular registered user or source is in fact from that registered user or source. • A User (either Registered or Unregistered) may only invoke services according to their role. They must be restricted from invoking unauthorised services. The nature of the data and infrastructure that makes up the NDR would, on an initial assessment, accord it a level 2 – PROTECT classification. A standard password and log on would be sufficient from an authentication security view - there is no need for encrypted data. The NDR Operator must adhere to the security guidelines laid down by CLG DCLG IT Security. ISO 27001 would go a long way in meeting CLG DCLG security standards. A ‘Good Practice Guide’ for telecommunications resilience and ‘Fast Track Accreditation for Standalone & Networked IT Systems’ should be considered by any prospective supplier during their design. There are also recommendations from the e-Government Unit surroundings web-site accessibility that should be applied. In considering authentication methods there must be an allowance for mass deployment of client applications such as SBEM, DSM energy software models approved by CLG DCLG for EAs. As an example the NDR Operator may want to consider a certificate or token based approach rather than just username / password. Procedures for registering and managing Authorised Users will need to be defined by the NDR and made available as a set of standard interfaces to industry stakeholders. N09 Availability There must be controlled access to system 24/7 and is met at least 80 percent of the time unless indicated specifically in each transaction. The overall availability requirements for the NDR and related services are dependent on the operational requirements of the significant user groups. The following are the expected availability profiles for each of our significant groups of Registered Users: EAs will produce Energy Documents and Energy Model Input Data during the normal professional working day over a 6-day working week with possibly occasional access – e.g. to meet a heavy work load - later in the evening. Accreditation Schemes would only require access to modify details of EAs as part of their standard business operations. It is expected that the Energy Document and Energy Model IInput Data lodgements will be submitted as a mixture of overnight bulk submission files and single ad-hoc registrations taking place during the day. Hence estimated minimum availability required for both sets of users is 06:00 🡪 24:00; Monday � � Saturday. However the suggested method of updating the NDR by Accreditation Schemes would require overnight access to bulk process the changes made during the day. The supplier must also demonstrate how they intend to minimise the impact of a failure in the Register across all the transactional services. N10 Scalability The NDR must be scaleable to accommodate any fluctuations in the transactional and volumes stated and increase in demand. N11 Extensibility There is a requirement to be able to extend the NDR Business Information Model. For example the solution may be improved during contract lifetime to • Expand register to include other elements of Energy Performance of Building Regulations e.g. air-conditioning or boiler inspection reports. • Extend to incorporate additional data that can be lodged The data model will be extended to integrate new information and it should be assumed that all Business Entities may be extended at any time and that the optional extensions may or may not be pre-notified to support staff. Hence a significant design criterion is that the data model must be easily extensible without incurring significant impact or unnecessary changes to any existing software. N12 Data Protection The NDR holds commercial data. The data that is considered of a personal nature is that of the EA and building owner which includes name & contact details. It is expected that the NDR Operator will investigate and adhere to any data protection legislation as required. N13 IT Governance It will be the NDR Operators’ responsibility to govern the published NDR Technical Standards on behalf of CLDCLG G and monitor industry adherence to them. The EA accreditation requirements are the responsibility of the Accreditation Scheme to enforce. As part of the IT Governance responsibility the NDR Operator will: • Publish, circulate and manage the implementation of the Technical Standards on behalf of CDCLGLG. • Provide advice on the correct implementation or interpretation of the published Technical Standards. • Monitor activity against the NDR to ensure adherence to the published standards and consistency of use across the industry. This is separate to any EA Quality Assurance activity carried out on behalf of an Accreditation Scheme. All changes to the standards will be drafted by the NDR Operator. CLDCLG G remains the owner and final Design Authority on changes to all standards, specifications and service requirements and will have ultimate responsibility for sign-off and publication.

Non Functional Requirements. This section covers the mandatory non-functional requirements for the NDR. Any tender should reflect an understanding and demonstrate wherever appropriate how any proposed solutions will fulfil these requirements. Ref Requirement type Requirements Outline N01 Integrity The consumer must be able to trust the Register and have confidence in its integrity & authenticity. The Register will be the Database of Record for all Energy Assessments and in the event of dispute provides the definitive statement regarding the actual Energy Document that was produced and lodged along with the Model Data that was used to produce that Energy Document. Therefore the Operator must ensure that the Register: • maintains its internal integrity • be safeguarded from any unauthorised tampering. • protected from both internal and external threats. • reduce any risks of fraud and abuse that may take place across the end to end process. N02 Data Consistency Due to the highly distributed nature of the marketplace there is a significant issue with enforcing consistency across the entire marketplace. A particular area where consistency is essential is in the identification and addressing of each Property being reported on. A shared central database of Property & Address details is the most obvious way of achieving consistency both cost effectively and in the required timescales. Some scenarios where consistency is required are: • A Property may have a number of different addresses associated with it in addition to the primary or “official” address for example the street may have more than one name or the owner decided to give the house a name or a building has been sublet by units or floors. In order to maintain consistency it is essential that all Energy Documents relating to a property consistently have the same correct address shown • Over time the identifying characteristics of a Property can change e.g. a Royal Mail Postcode reorganization may result in a postcode change for the Property therefore the address of the Property is not sufficient • A Property in Wales has both an English and a Welsh Address and when producing Energy Documents in one of those languages the EA should consistently use the correct address in the relevant language. It is the up to NDR Operator to select appropriate data-sets or service providers – such as Ordnance Survey Addresspoint, Royal Mail Postal Address File (PAF), National Land & Property Gazetteer (NLPG) or National Land Information Service (NLIS) – that could be used either to directly satisfy these requirements or form a significant foundation to meeting the requirements. The primary data requirements are: • Provision of a Unique Property Reference Number (UPRN) that uniquely identifies every assessed non-dwelling property in England & Wales. This includes units, floors within buildings etc. • The minimum data requirements for each Property are as per the common 5 line address format which includes Unique Property Reference Number, Primary Address, Secondary and Alternative Addresses e.g. English / Welsh equivalents of same property, local aliases etc. However an optional Address line 0 will be required to describe the Building-Part within the building. The primary functional requirements are: • Address Searching - to be able to find a Property and its Unique Property Reference Number based on an address or partial address or postcode. Fuzzy and Soundex searching should be used where appropriate. • Get Primary Address for the Property referenced by the Unique Property Reference Number. Other key requirements: • The "master" copy of the data is to be maintained by the NDR Operator to enforce consistency in the NDR and can ensure uniqueness of Unique Property Reference Number over the life of the Energy Documents. This may require daily maintenance updates. N03 Usability The process of using the NDR should not unnecessarily delay or obstruct the process of energy assessing a building. The NDR and its processes should be available in a way that any organisation or individual that relies upon it for their own processes to take place is able to conduct their business without delay or obstruction. N04 Transactional Volumes These Transaction Volumes are indicative of expected activity for the full operational system and are provided to assist prospective Operators in their calculations. The key transaction volumes are: • 216,000 NDEPCs and associated reports per annum (2.08 million over 13 years). Growth rates dependant on external market activity. • 42,000 Display Energy Certificates annually with associated Advisory Reports which are updated every seven years • Active EAs able to produce DECs : 1,500 • Active EAs able to produce NDEPCs: 2,500 • Size of each PDF certificate / report: DEC or NDEPC (up to 300k). AR or RR: 2-5 pages of text with no high-quality figures • Size of XML data: • DEC & AR (up to 0.5Mb) and NDEPC & RR (up to 2Mb): the files include: XML of input data to software, XML of output data and appropriate headers. • Lifetime access to Energy Documents: Approximately 7 to 10 accesses will be performed per NDEPC, RR during the course of its lifetime. • Number of Non Domestic & Public Properties in England & Wales: 1,526,877 Transitional Lodgement volumes over the year should be calculated from the Regulatory Impact Assessment (RIA) figures on the CLG website. Regarding initial volumes expected volumes of approximately 1000/month on the non-discretionary buildings (EPC’s for construction, sale or rent > 10000 m2). There are expected to be discretionary volumes, anecdotally from large building portfolio managers. N05 Backup, Recovery Operating as a “no-loss” data environment it is essential to ensure that all the Certificate & Reports in the NDR are regularly backed-up to secondary storage to protect the data from loss or corruption. There are no special considerations for backup & recoverability of the NDR database over and above the normally expected requirements for protecting the data. It is expected that the NDR Operator will define reasonable procedures for agreement by CLG. It is essential that the backup process does not unnecessarily impact NDR service connectivity, availability or responsiveness. Recoverability of the application in the event of a system failure should be minimised as much as is feasible within the economic constraints. Standard Operating Procedures (SOPs) should be in place clearly stating the step-by-step procedures to follow should the recovery operation be invoked. Risk assessments should take place periodically especially when there has been changes affected to the register or the system environment. Operational training is an often-ignored aspect that should receive a high priority. The recovery operation should not be jeopardised due to a lack of properly trained alternative staff members being available when a recovery is required. This backup procedure should be synchronised with other affected parties. Recovering data from the backup copies should be regularly tested to ensure integrity of the recovered data. The Accreditation Scheme is able to monitor and audit work of their members but may be a source of data too in case of the partial or full failure of the Register. However this should not be relied upon as a critical part of the recovery process. N06 Disaster Recovery & Business Continuity In the event of a wholesale system outage a mirror/standby site should be available and should capable of being operational within one working day from the point the primary system outage has occurred. The Operator must be able to provide the same functionality at a different site with alternative communications, with as close a replication of the system data as possible to the point in time of failure. The scope of any Recovery plan should include personnel and location as well as functionality. It is the responsibility of the NDR Operator to develop and agree acceptable and cost effective procedures for disaster recovery that minimises the impact of any major system outage on the market. N07 Archiving Maintain archive of Energy Documents and Model Data used to collect it for at least 20 years. Historical Degree and CIBSE date will be archived indefinitely subject to any licencing constraints. N08 Security This is closely related to the Integrity & network requirements in this document. To ensure unauthorised tampering of stored data the supplier must consider at least the following set of security access controls: • Limit access to valid users and protect integrity of data. • Data must have appropriate protection and access control so to avoid unlawful disclosure of info from any artefact. • Any data maintenance activity must take place in a secure environment • All user transactional service and user requests to the register can only be carried out by registered users and any operations are authenticated when the service is invoked. • Ensure any message that purports to be from a particular registered user or source is in fact from that registered user or source. • A User (either Registered or Unregistered) may only invoke services according to their role. They must be restricted from invoking unauthorised services. The nature of the data and infrastructure that makes up the NDR would, on an initial assessment, accord it a level 2 – PROTECT classification. A standard password and log on would be sufficient from an authentication security view - there is no need for encrypted data. The NDR Operator must adhere to the security guidelines laid down by CLG IT Security. ISO 27001 would go a long way in meeting CLG security standards. A ‘Good Practice Guide’ for telecommunications resilience and ‘Fast Track Accreditation for Standalone & Networked IT Systems’ should be considered by any prospective supplier during their design. There are also recommendations from the e-Government Unit surroundings web-site accessibility that should be applied. In considering authentication methods there must be an allowance for mass deployment of client applications such as SBEM, DSM energy software models approved by CLG for EAs. As an example the NDR Operator may want to consider a certificate or token based approach rather than just username / password. Procedures for registering and managing Authorised Users will need to be defined by the NDR and made available as a set of standard interfaces to industry stakeholders. N09 Availability There must be controlled access to system 24/7 and is met at least 80 percent of the time unless indicated specifically in each transaction. The overall availability requirements for the NDR and related services are dependent on the operational requirements of the significant user groups. The following are the expected availability profiles for each of our significant groups of Registered Users: EAs will produce Energy Documents during the normal professional working day over a 6-day working week with possibly occasional access – e.g. to meet a heavy work load - later in the evening. Accreditation Schemes would only require access to modify details of EAs as part of their standard business operations. It is expected that the Energy Document lodgements will be submitted as a mixture of overnight bulk submission files and single ad-hoc registrations taking place during the day. Hence estimated minimum availability required for both sets of users is 06:00 🡪€ 24:00; Monday �€ � Saturday. However the suggested method of updating the NDR by Accreditation Schemes would require overnight access to bulk process the changes made during the day. The supplier must also demonstrate how they intend to minimise the impact of a failure in the Register across all the transactional services. N10 Scalability The NDR must be scaleable to accommodate any fluctuations in the transactional and volumes stated and increase in demand. N11 Extensibility There is a requirement to be able to extend the NDR Business Information Model. For example the solution may be improved during contract lifetime to • Expand register to include other elements of Energy Performance of Building Regulations e.g. air-conditioning or boiler inspection reports. • Extend to incorporate additional data that can be lodged The data model will be extended to integrate new information and it should be assumed that all Business Entities may be extended at any time and that the optional extensions may or may not be pre-notified to support staff. Hence a significant design criterion is that the data model must be easily extensible without incurring significant impact or unnecessary changes to any existing software. N12 Data Protection The NDR holds commercial data. The data that is considered of a personal nature is that of the EA and building owner which includes name & contact details. It is expected that the NDR Operator will investigate and adhere to any data protection legislation as required. N13 IT Governance It will be the NDR Operators’ responsibility to govern the published NDR Technical Standards on behalf of CLG and monitor industry adherence to them. The EA accreditation requirements are the responsibility of the Accreditation Scheme to enforce. As part of the IT Governance responsibility the NDR Operator will: • Publish, circulate and manage the implementation of the Technical Standards on behalf of CLG. • Provide advice on the correct implementation or interpretation of the published Technical Standards. • Monitor activity against the NDR to ensure adherence to the published standards and consistency of use across the industry. This is separate to any EA Quality Assurance activity carried out on behalf of an Accreditation Scheme. All changes to the standards will be drafted by the NDR Operator. CLG remains the owner and final Design Authority on changes to all standards, specifications and service requirements and will have ultimate responsibility for sign-off and publication.