Back

Who We Are

Meet The Team

Awards And Certificates

Annual Reports

Responsible Business

Blogs

UK issues new laws to enhance cyber resilience

View All

Case Studies

Powering Alt HAN Co.'s Smart Meter Rollout

View All

Upcoming Events

World Hydrogen 2024 Summit & Exhibition

View All

Webinars

Private & blended finance retrofit: lessons from a pioneering partnership

View All

Opportunities

View All

Close

Press enter to search

Compliance Management Partner

Gemserv’s Compliance Management support is a one-stop shop for advice and solutions to complex regulatory, legislative and standards issues in the energy sector.

Gemserv’s Compliance Management support streamlines and simplifies these regulatory challenges, enabling the industry to innovate with confidence and security.

Cyber Security and Data Protection Compliance Programme

Organisations operating within the energy sector are facing increasing regulatory challenges, particularly those applicable to security and data management. Amidst the data-driven pursuit of Net Zero, the energy industry increasingly faces a web of regulations, ranging from privacy obligations included within supplier and network operator licences, to security controls required to access Data Communications Company (DCC) and smart metering systems.

Changes in digital systems and infrastructure needed to realise the benefits of decarbonised, smart and flexible energy technologies pose both cyber and privacy threats to organisations and consumers. For example, operating critical networks and systems make energy suppliers and network operators a prime target. Additionally, smart meters, electric vehicles and other connected technologies collect and share increasingly large volumes of data on individuals and homes, raising privacy concerns.

To stay on top of these challenges requires a Compliance Management function to understand this web of risks and regulations and transpose it into ensuring a robust security and privacy posture.

The Cyber Security and Data Protection Compliance Programme supports the energy industry through an integrated service approach, including:

Icon of Smart Meter
Icon of tick to demonstrate testing
Icon of credit card
Icon of paper and shield to demonstrate regulations
Icon of speech bubbles

User CIO Audits

To join the Data Communications Company (DCC) network, smart metering companies must prove that their own systems are secure.

Gemserv’s User Competent Independent Organisation (CIO) support capability assists companies in identifying gaps in their Information Security Management System (ISMS) documentation and identifies how best to close them, making your systems safe and secure before they are audited by the User CIO. Gemserv have the capabilities to support clients in aligning their ISMS to the requirements of SEC Section G and to prepare for their required User CIO Security Assessments on an annual basis.

Gemserv have an array of industry expertise in preparing and supporting clients through Full User Security Assessments, Verification User Security Assessments and Security Self Assessments.

ISO Standards

Gemserv are supporting clients across the energy industry with managing their International Organisation for Standardisation (ISO) certifications (including 27001, 22301, 27701, 9001, 14001, 27005, 27017)) and upholding high standards across the business for addressing internal audits. Gemserv have aligned many UK energy companies to the ISO 27001 standard, as implementing an Information Security Management System (ISMS) is recommended by SEC Section G.

Gemserv support companies to identify gaps in their Information Security Management System (ISMS) documentation and seamlessly uplift policies and improve best practices.

PCI DSS

Gemserv are supporting Energy companies with preparing for and managing their Payment Card Industry (PCI) DSS audits, likely to be required for handling energy consumers’ card details. Gemserv’s experienced QSAs are able to identify and scope out the clients PCI DSS assessment requirements and confirm the clients card data environment (CDE), following a well-established methodology that has been used with clients for over ten years.

Gemserv’s QSA supports and manages the assessment from start to finish, and identifies areas of remediation if needed, and culminating in completion of the formal Report on Compliance (RoC) and Attestation of Compliance (AoC) which the energy companies who are required to share with their acquirers and contracted business clients.

GDPR Compliance

General Data Protection Regulation (GDPR) compliance is a particular concern for the energy industry, as information about energy consumers – and smart metering data – can be highly sensitive.

Gemserv can support with:

  • Conducting an independent accountability framework assessment to help you identify your gaps
  • Implementation of policies needed to comply with regulatory, legislative and standards obligations in the energy industry
  • Maintaining GDPR documentation, such as records of processing activities, privacy notices, data protection impact assessments and legitimate interest assessments

Data Privacy Adviser

For organisations in the energy space in need of ongoing support, our Data Privacy Adviser can help with:

  • Advice on reviewing third party due diligence or Data Protection Impact Assessments
  • Support on responding to data subject requests, e.g. Data Subject Access Requests (DSARs)
  • Ongoing queries on data protection regulatory or policy developments

Gemserv’s Compliance Management support is a one-stop shop for advice and solutions to complex regulatory, legislative and standards in the energy sector.

Depending on your organisation’s risk profile and compliance needs, the regulatory support can be tailored to your requirements and industry needs.​ Our programme simplifies the compliance process by supporting workflows for implementing cybersecurity & privacy obligations under legislation, standards and codes, as well as support with wider ISO standards.

Key compliance components

  • A women's face is overlaid with computer graphics ti represent data privacy for the CPO CFO HR Engage Summit
  • Someone on a laptop with graphs being projected

  • International Law

    GDPR, NIS Directive

  • UK/Federal Legislation (Parliament)

    Data Protection Act 2018

  • Subnational Legislation (National/State/Local Government)

    Statutory Instruments

  • Secondary Legislation

    Energy Licence Obligations

  • Mandatory Industry Codes (Independent Sectoral Regulators, Co-Regulatory Bodies)

    SEC Section G and I, REC and Other Codes.

  • Voluntary Industry Initiatives, Standards (Industry Bodies)

    ISO 27001, Cyber Essentials

    Gemserv, Your Trusted Risk and Compliance Partner

    We maintain a strong presence in the UK energy market through consultancy expertise by proactively guiding clients through regulatory changes. We were initially set up by the Big 6 Energy Companies over 20 years ago, when the UK energy market became privatised.

    Later, as competition laws came into force, more energy companies started entering the market and looked to Gemserv for support as advice was needed on how to become profitable while adhering to regulations.

    This allowed Gemserv to become an expert advisor and leader in the energy industry, where we now have over 50 consultants who are deeply experienced in understanding energy services.

    We have achieved organic growth by maintaining a practical approach with all energy companies and having a vested interest in their success.

    Image of two business people shaking hands while sitting at the working place

    Our Experts

    Get in touch

    If you would like to know more about how we can help you with compliance management support and would like to discuss your company’s needs, please complete this short form and one of our experts will get in touch.

    Contact Us