| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| playground:techspec [2025/11/13 15:26] – rahul | playground:techspec [2025/11/13 15:29] (current) – rahul |
|---|
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Here is a detailed playbook and analysis for developing a technical reference design for an open Advanced Metering Infrastructure (AMI) stack using COTS hardware in Nigeria.</font> | Here is a detailed playbook and analysis for developing a technical reference design for an open Advanced Metering Infrastructure (AMI) stack using COTS hardware in Nigeria. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>This playbook is structured as a phased approach, from identifying the regulatory landscape to the final system audit and certification.</font> | This playbook is structured as a phased approach, from identifying the regulatory landscape to the final system audit and certification. |
| |
| ==== Phase 1: Define the Ecosystem (Key Players) ==== | == Phase 1: Define the Ecosystem (Key Players) == |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Success in Nigeria requires engaging a specific set of regulatory and commercial stakeholders. Your reference design must meet the requirements of each.</font> | Success in Nigeria requires engaging a specific set of regulatory and commercial stakeholders. Your reference design must meet the requirements of each. |
| |
| | \\ | ^ **Category** ^ **Key Player** ^ **Role & Mandate in Your Project** ^ |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Category**</font> \\ | | **Primary Regulator** | **NERC** (Nigerian Electricity Regulatory Commission) | **The Rule Maker.** NERC issues all guidelines for the sector. Your entire AMI solution must comply with the **Nigerian Metering Code** and the **Meter Asset Provider (MAP) Regulations, 2018**. They are the ultimate approver of the system design. | |
| | \\ | | **Technical Enforcement** | **NEMSA** (Nigerian Electricity Management Services Agency) | **The Hardware Inspector.** NEMSA is responsible for the hands-on testing and certification of all hardware. They enforce technical standards for all meters and electrical equipment. Your COTS hardware must pass their certification. | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Key Player**</font> \\ | | **Standards & Imports** | **SON** (Standards Organisation of Nigeria) | **The Gatekeeper.** SON sets general standards and manages the **SONCAP** (Standards Organisation of Nigeria Conformity Assessment Programme) for all imported goods. Your imported COTS hardware (meters, DCUs, comms modules) must have SONCAP certification. | |
| | \\ | | **Cybersecurity & Data** | **ONSA** (Office of the National Security Adviser) | **The National Security Guardian.** ONSA designates "Critical National Information Infrastructure" (CNII). A national AMI system is CNII. You must comply with the **Cybercrimes Act, 2015** and have an incident response plan linked to **ngCERT** (Nigeria's CERT). | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Role & Mandate in Your Project**</font> \\ | | **Cybersecurity & Data** | **NITDA** (National Information Technology Development Agency) | **The Data Privacy Guardian.** NITDA enforces the **Nigeria Data Protection Regulation (NDPR)**. Your reference design must have robust controls for handling customer data, ensuring privacy and compliance. | |
| | | | **The "Customers"** | **DisCos** (Distribution Companies) | The 11 DisCos (e.g., Ikeja Electric, Eko Electric) are the primary adopters and operators of the AMI stack. The reference design must solve their commercial and technical challenges (e.g., ATC&C loss reduction). | |
| | \\ | | | **MAPs** (Meter Asset Providers) | NERC-licensed companies that finance, procure, and install meters. They are your primary commercial channel. Your reference design will likely be procured by a MAP (or a DisCo acting as one) to service a DisCo's needs. | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Primary Regulator**</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**NERC** (Nigerian Electricity Regulatory Commission)</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The Rule Maker.** NERC issues all guidelines for the sector. Your entire AMI solution must comply with the **Nigerian Metering Code** and the **Meter Asset Provider (MAP) Regulations, 2018**. They are the ultimate approver of the CKGE_TMP_i system CKGE_TMP_i design.</font> \\ | |
| | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Technical Enforcement**</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**NEMSA** (Nigerian Electricity Management Services Agency)</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The Hardware Inspector.** NEMSA is responsible for the hands-on testing and certification of all hardware. They enforce technical standards for all meters and electrical equipment. Your COTS hardware CKGE_TMP_i must CKGE_TMP_i pass their certification.</font> \\ | |
| | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Standards & Imports**</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**SON** (Standards Organisation of Nigeria)</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The Gatekeeper.** SON sets general standards and manages the **SONCAP** (Standards Organisation of Nigeria Conformity Assessment Programme) for all imported goods. Your imported COTS hardware (meters, DCUs, comms modules) must have SONCAP certification.</font> \\ | |
| | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Cybersecurity & Data**</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**ONSA** (Office of the National Security Adviser)</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The National Security Guardian.** ONSA designates "Critical National Information Infrastructure" (CNII). A national AMI system is CNII. You must comply with the **Cybercrimes Act, 2015** and have an incident response plan linked to **ngCERT** (Nigeria's CERT).</font> \\ | |
| | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Cybersecurity & Data**</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**NITDA** (National Information Technology Development Agency)</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The Data Privacy Guardian.** NITDA enforces the **Nigeria Data Protection Regulation (NDPR)**. Your reference design CKGE_TMP_i must CKGE_TMP_i have robust controls for handling customer data, ensuring privacy and compliance.</font> \\ | |
| | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The "Customers"**</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**DisCos** (Distribution Companies)</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>The 11 DisCos (e.g., Ikeja Electric, Eko Electric) are the primary adopters and operators of the AMI stack. The reference design must solve their commercial and technical challenges (e.g., ATC&C loss reduction).</font> \\ | |
| | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>** **</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**MAPs** (Meter Asset Providers)</font> \\ | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>NERC-licensed companies that finance, procure, and install meters. They are your primary commercial channel. Your reference design will likely be CKGE_TMP_i procured by a MAP CKGE_TMP_i (or a DisCo acting as one) to service a DisCo's needs.</font> \\ | |
| | | |
| |
| ==== Phase 2: Playbook for a COTS-Based Open AMI Stack ==== | == Phase 2: Playbook for a COTS-Based Open AMI Stack == |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>This is the step-by-step process for developing the reference design.</font> | This is the step-by-step process for developing the reference design. |
| |
| === Step 1: Define the "Open" Architecture === | === Step 1: Define the "Open" Architecture === |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>The core of your reference design is an "open" stack. In the AMI context, "open" does not mean "open source" software. It means **vendor interoperability through open standards**.</font> | The core of your reference design is an "open" stack. In the AMI context, "open" does not mean "open source" software. It means **vendor interoperability through open standards**. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Your reference design must be built on these components:</font> | Your reference design must be built on these components: |
| |
| - | * **Smart Meters (COTS):** The endpoint devices. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Smart Meters (COTS):** The endpoint devices.</font> * | * **COTS Principle:** Sourced from any vendor (e.g., MOJEC, Landis+Gyr, Itron) whose meter is NEMSA-certified. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**COTS Principle:** Sourced from any vendor (e.g., MOJEC, Landis+Gyr, Itron) whose meter is NEMSA-certified.</font> | * **Open Principle:** The meter must be fully compliant with the **DLMS/COSEM (IEC 62056)** standard. This is non-negotiable. It ensures any DLMS-compliant Head-End System can read the meter, regardless of the vendor. |
| * | * **Communication Network (COTS):** This has two parts. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Open Principle:** The meter CKGE_TMP_i must CKGE_TMP_i be fully compliant with the **DLMS/COSEM (IEC 62056)** standard. This is non-negotiable. It ensures any DLMS-compliant Head-End System can read the meter, regardless of the vendor.</font> | * **Neighborhood Area Network (NAN):** Connects meters to a data concentrator. |
| - | * **COTS Principle:** Use off-the-shelf, standards-based communication modules. Common COTS options are **Power Line Communication (PLC)** (e.g., G3-PLC, PRIME) or **RF Mesh** (e.g., Wi-SUN). |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Communication Network (COTS):** This has two parts.</font> * | * **Wide Area Network (WAN):** Connects data concentrators to the central HES. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Neighborhood Area Network (NAN):** Connects meters to a data concentrator.</font> * | * **COTS Principle:** Use standard public or private telecom infrastructure. The most common COTS solution in Nigeria is **GPRS/3G/4G/LTE** via COTS-enabled SIM cards in the concentrator. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**COTS Principle:** Use off-the-shelf, standards-based communication modules. Common COTS options are **Power Line Communication (PLC)** (e.g., G3-PLC, PRIME) or **RF Mesh** (e.g., Wi-SUN).</font> | * **Data Concentrator Unit (DCU) (COTS):** |
| * | * **COTS Principle:** A ruggedized, off-the-shelf industrial gateway/computer. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Wide Area Network (WAN):** Connects data concentrators to the central HES.</font> * | * **Open Principle:** The DCU must act as a DLMS/COSEM client to talk to the meters and a DLMS/COSEM server to talk to the HES. It aggregates data and manages the NAN. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**COTS Principle:** Use standard public or private telecom infrastructure. The most common COTS solution in Nigeria is **GPRS/3G/4G/LTE** via COTS-enabled SIM cards in the concentrator.</font> | * **Head-End System (HES) (Software):** |
| - | * **COTS Principle:** This is typically commercial software (e.g., from vendors like Siemens, Oracle, or AMI specialists) that runs on standard COTS servers (e.g., Intel-based, running Linux/Windows). |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Data Concentrator Unit (DCU) (COTS):**</font> * | * **Open Principle:** The HES must be "meter agnostic." It must use DLMS/COSEM to communicate with any certified COTS meter and DCU. It manages data collection, remote disconnect/connect, and tariff updates. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**COTS Principle:** A ruggedized, off-the-shelf industrial gateway/computer.</font> | * **Meter Data Management System (MDMS) (Software):** |
| * | * **COTS Principle:** Commercial software running on COTS servers. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Open Principle:** The DCU must act as a DLMS/COSEM client to talk to the meters and a DLMS/COSEM server to talk to the HES. It aggregates data and manages the NAN.</font> | * **Open Principle:** The MDMS must have standard-based Application Programming Interfaces (APIs), often based on **IEC 61968/61970 (Common Information Model)**, to integrate with other utility systems (billing, ERP, GIS). It receives validated data from the HES for storage, analysis, and billing. |
| - | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Head-End System (HES) (Software):**</font> * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**COTS Principle:** This is typically commercial software (e.g., from vendors like Siemens, Oracle, or AMI specialists) that runs on standard COTS servers (e.g., Intel-based, running Linux/Windows).</font> | |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Open Principle:** The HES must be "meter agnostic." It must use DLMS/COSEM to communicate with CKGE_TMP_i any CKGE_TMP_i certified COTS meter and DCU. It manages data collection, remote disconnect/connect, and tariff updates.</font> | |
| - | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Meter Data Management System (MDMS) (Software):**</font> * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**COTS Principle:** Commercial software running on COTS servers.</font> | |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Open Principle:** The MDMS must have standard-based Application Programming Interfaces (APIs), often based on **IEC 61968/61970 (Common Information Model)**, to integrate with other utility systems (billing, ERP, GIS). It receives validated data from the HES for storage, analysis, and billing.</font> | |
| |
| === Step 2: Select Hardware & Meet NEMSA/SON Certification === | === Step 2: Select Hardware & Meet NEMSA/SON Certification === |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>This phase focuses on the physical hardware (meters, DCUs).</font> | This phase focuses on the physical hardware (meters, DCUs). |
| |
| - | * **Source COTS Hardware:** Identify manufacturers of meters, DCUs, and communication modules that are DLMS-compliant. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Source COTS Hardware:** Identify manufacturers of meters, DCUs, and communication modules that are DLMS-compliant.</font> | * **Achieve SONCAP (Imported Goods):** For any hardware imported, you must go through the SON-accredited conformity assessment process in the country of origin to get a SONCAP certificate. This is required for customs clearance. |
| - | * **Achieve NEMSA Certification (The Critical Test):** Your hardware cannot be deployed without NEMSA certification. The process involves: |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Achieve SONCAP (Imported Goods):** For any hardware imported, you must go through the SON-accredited conformity assessment process in the country of origin to get a SONCAP certificate. This is required for customs clearance.</font> | * **Type Test Certification:** You submit samples of your new meter model to a **National Meter Test Station (NMTS)**. NEMSA tests the meter's design, accuracy, and anti-tamper features against the Nigerian Metering Code and IEC standards. This is the main certification for your COTS hardware model. |
| - | * **Acceptance Test:** When a DisCo or MAP receives a batch (e.g., 1,000 meters), NEMSA may test a random sample from that batch before they can be installed. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Achieve NEMSA Certification (The Critical Test):** Your hardware CKGE_TMP_i cannot CKGE_TMP_i be deployed without NEMSA certification. The process involves:</font> * | * **Routine Test:** In some cases, every single unit may be tested for accuracy. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Type Test Certification:** You submit samples of your new meter model to a **National Meter Test Station (NMTS)**. NEMSA tests the meter's design, accuracy, and anti-tamper features against the Nigerian Metering Code and IEC standards. This is the main certification for your COTS hardware model.</font> | **Playbook Action:** Your reference design must specify COTS hardware that is already on NEMSA's list of "Type Test Certified" meters or budget for the time and cost of an 18-month Type Test process for any new hardware. |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Acceptance Test:** When a DisCo or MAP receives a CKGE_TMP_i batch CKGE_TMP_i (e.g., 1,000 meters), NEMSA may test a random sample from that batch before they can be installed.</font> | |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Routine Test:** In some cases, CKGE_TMP_i every single unit CKGE_TMP_i may be tested for accuracy.</font> | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Playbook Action:** Your reference design CKGE_TMP_i must CKGE_TMP_i specify COTS hardware that is already on NEMSA's list of "Type Test Certified" meters or budget for the time and cost of an CKGE_TMP_i 18-month CKGE_TMP_i Type Test process for any new hardware.</font> | |
| |
| === Step 3: Meet NERC System-Level Audit === | === Step 3: Meet NERC System-Level Audit === |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>NERC audits the CKGE_TMP_i entire solution CKGE_TMP_i , not just the hardware. This "audit" is part of the **MAP/DisCo procurement and approval process**.</font> | NERC audits the entire solution, not just the hardware. This "audit" is part of the **MAP/DisCo procurement and approval process**. |
| |
| - | * **The "Audit" Event:** When a MAP or DisCo wants to deploy your reference design, they submit a technical and commercial proposal to NERC. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The "Audit" Event:** When a MAP or DisCo wants to deploy your reference design, they submit a technical and commercial proposal to NERC.</font> | * **NERC's Checklist:** NERC will evaluate your design's documentation against: |
| - | * **The Nigerian Metering Code:** Does your stack meet all technical specifications for AMI? |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**NERC's Checklist:** NERC will evaluate your design's documentation against:</font> * | * **MAP Regulations:** Does the solution enable the functions required by MAPs (e.g., remote reading, remote disconnection, load management, tariff updates)? |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The Nigerian Metering Code:** Does your stack meet all technical specifications for AMI?</font> | * **Interoperability:** Is it truly open? You must prove DLMS/COSEM compliance for all relevant components. A **DLMS User Association certification** for your components is the strongest proof. |
| * | * **Data & Security:** Has a cybersecurity audit been planned or completed? (See Step 4). |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**MAP Regulations:** Does the solution enable the functions required by MAPs (e.g., remote reading, remote disconnection, load management, tariff updates)?</font> | * **Scalability:** Can the HES/MDMS architecture handle the number of meters (e.g., 100,000 or 1,000,000+)? |
| * | **Playbook Action:** The technical reference design document itself is the primary tool for passing this audit. It must be exceptionally detailed, with clear compliance matrices mapping your design features to NERC's regulations. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Interoperability:** Is it truly open? You must CKGE_TMP_i prove CKGE_TMP_i DLMS/COSEM compliance for all relevant components. A **DLMS User Association certification** for your components is the strongest proof.</font> | |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Data & Security:** Has a cybersecurity audit been planned or completed? (See Step 4).</font> | |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Scalability:** Can the HES/MDMS architecture handle the number of meters (e.g., 100,000 or 1,000,000+)?</font> | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Playbook Action:** The technical reference design document itself CKGE_TMP_i is CKGE_TMP_i the primary tool for passing this audit. It must be exceptionally detailed, with clear compliance matrices mapping your design features to NERC's regulations.</font> | |
| |
| === Step 4: Meet Cybersecurity & Data Privacy Audits === | === Step 4: Meet Cybersecurity & Data Privacy Audits === |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>This is a system-level audit that runs parallel to the NERC approval. It is critical and often overlooked.</font> | This is a system-level audit that runs parallel to the NERC approval. It is critical and often overlooked. |
| |
| - | * **Legal Framework:** |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Legal Framework:**</font> * | * **Cybercrimes Act, 2015:** Your system will be **CNII**. You must protect it from breaches. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Cybercrimes Act, 2015:** Your system will be **CNII**. You must protect it from breaches.</font> | * **Nigeria Data Protection Regulation (NDPR):** Your MDMS will hold personal data (name, address, consumption). You must protect it. |
| * | * **The Audit Process:** |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Nigeria Data Protection Regulation (NDPR):** Your MDMS will hold personal data (name, address, consumption). You CKGE_TMP_i must CKGE_TMP_i protect it.</font> | * An independent auditor (or a regulator like NITDA) will audit your system. |
| - | * The audit will be based on international standards: **ISO 27001** (for the Information Security Management System) and the **NIST Cybersecurity Framework** (for technical controls). |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**The Audit Process:**</font> * | * **Reference Design Requirements:** Your design must include: |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>An independent auditor (or a regulator like NITDA) will audit your system.</font> | * **Technical Controls:** End-to-end encryption, role-based access control, network firewalls, and system hardening. |
| * | * **Data Privacy:** Proof of how customer data is anonymized, encrypted at rest, and protected from unauthorized access, per NDPR. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>The audit will be based on international standards: **ISO 27001** (for the Information Security Management System) and the **NIST Cybersecurity Framework** (for technical controls).</font> | * **Incident Response Plan:** A formal plan that details how you will detect and respond to a breach, including the mandatory step of **reporting the incident to ngCERT**. |
| - | **Playbook Action:** Your reference design must have a dedicated "Cybersecurity & Data Privacy" volume, detailing the controls and compliance with ISO 27001, NIST, and the NDPR. |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Reference Design Requirements:** Your design CKGE_TMP_i must CKGE_TMP_i include:</font> * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Technical Controls:** End-to-end encryption, role-based access control, network firewalls, and system hardening.</font> | |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Data Privacy:** Proof of how customer data is anonymized, encrypted at rest, and protected from unauthorized access, per NDPR.</font> | |
| * | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Incident Response Plan:** A formal plan that details how you will detect and respond to a breach, including the mandatory step of **reporting the incident to ngCERT**.</font> | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Playbook Action:** Your reference design must have a dedicated "Cybersecurity & Data Privacy" volume, detailing the controls and compliance with ISO 27001, NIST, and the NDPR.</font> | |
| |
| ==== summary: Certification & Audit Checklists ==== | == Summary: Certification & Audit Checklists == |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Use these checklists as a guide for your reference design.</font> | Use these checklists as a guide for your reference design. |
| | |
| === Hardware (Meter/DCU) Certification Checklist === | |
| | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Item**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Certifying Body**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**What It Is**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Why It's Needed**</font> \\ | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Type Test Certificate**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**NEMSA**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Lab test of a sample meter model.</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Mandatory.** No meter model can be deployed without this.</font> \\ | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**SONCAP Certificate**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**SON**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Conformity assessment for imports.</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Mandatory** for clearing customs with imported hardware.</font> \\ | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**DLMS/COSEM Certificate**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**DLMS User Assoc.**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Proof of interoperability.</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Not legally mandatory, but essential.** This is your CKGE_TMP_i only CKGE_TMP_i proof that your stack is "open." NERC will demand this.</font> \\ | | |
| | |
| === System (Solution) Audit Checklist === | |
| | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Audit Type**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Governing Body**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Key Document/Standard**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**What is Audited?**</font> \\ | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Technical Solution Audit**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**NERC**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Nigerian Metering Code, MAP Regulations</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>The entire AMI stack's functionality (remote read, disconnect, etc.), scalability, and compliance with regulations.</font> \\ | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Cybersecurity Audit**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**ONSA / NITDA**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Cybercrimes Act, 2015, NIST/ISO 27001</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Protection of the system (CNII) from cyberattacks.</font> \\ | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Data Privacy Audit**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**NITDA**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Nigeria Data Protection Regulation (NDPR)</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Protection of customer personal data (PII) within the MDMS.</font> \\ | | |
| | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**Incident Reporting**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>**ONSA / ngCERT**</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>Cybercrimes Act, 2015</font> \\ | \\ | |
| <font 11pt/Arial,sans-serif;;inherit;;inherit>The CKGE_TMP_i existence CKGE_TMP_i of a formal plan to report all security incidents to the national CERT.</font> \\ | | |
| |
| | === Hardware (Meter/DCU) Certification Checklist === |
| | ^ **Item** ^ **Certifying Body** ^ **What It Is** ^ **Why It's Needed** ^ |
| | | **Type Test Certificate** | **NEMSA** | Lab test of a sample meter model. | **Mandatory.** No meter model can be deployed without this. | |
| | | **SONCAP Certificate** | **SON** | Conformity assessment for imports. | **Mandatory** for clearing customs with imported hardware. | |
| | | **DLMS/COSEM Certificate** | **DLMS User Assoc.** | Proof of interoperability. | **Not legally mandatory, but essential.** This is your only proof that your stack is "open." NERC will demand this. | |
| |
| | === System (Solution) Audit Checklist === |
| | ^ **Audit Type** ^ **Governing Body** ^ **Key Document/Standard** ^ **What is Audited?** ^ |
| | | **Technical Solution Audit** | **NERC** | Nigerian Metering Code, MAP Regulations | The entire AMI stack's functionality (remote read, disconnect, etc.), scalability, and compliance with regulations. | |
| | | **Cybersecurity Audit** | **ONSA / NITDA** | Cybercrimes Act, 2015, NIST/ISO 27001 | Protection of the system (CNII) from cyberattacks. | |
| | | **Data Privacy Audit** | **NITDA** | Nigeria Data Protection Regulation (NDPR) | Protection of customer personal data (PII) within the MDMS. | |
| | | **Incident Reporting** | **ONSA / ngCERT** | Cybercrimes Act, 2015 | The existence of a formal plan to report all security incidents to the national CERT. | |