The Business Handover Plan

Transcription

1 The Business Handover Plan Version 2.0 February 2016 DCC PUBLIC DCC PUBLIC 1

2 Version Control Version Date Description Author/Reviewer /09/2014 Year 1 release to Ofgem. Published on SharePoint. DCC /07/2014 Internal draft incorporating Ofgem feedback. GH /07/2015 Internal draft incorporating review comments GH /07/2015 Year 1 updated release to Ofgem. GH /12/2015 Updated for RY 2015/16 HF DCC PUBLIC 2

3 Contents The Business Handover Plan Introduction and overview Background Purpose and structure of the Business Handover Plan Preparation and Maintenance of the BHP Preparation Ongoing Review Update Triggers Register of Relevant Business Assets Preparation for, and Initiation of, a Handover Period Assumptions Enabling activities throughout the Term Document Management Upon Initiation of a Handover Period Governance Structure Roles & Responsibilities Joint Handover Steering Group (JHSG) Business Handover Programme Team (BHPT) Functional workstream teams Scenario 1: Expiry Assumptions common to all workstreams Handover Requirements By Workstream General Management Workstream Finance Workstream Commercial Workstream Design and Assurance Workstream DCC PUBLIC 3

4 3.2.5 Operations Workstream Resourcing/people Workstream Alternative Expiry Scenarios Alternative Successor Licensee solutions DCC appointment as Successor Licensee Maintaining the Existing Services throughout the Handover Period Decision Making at the end of the Licence Period In Progress Activities Regulatory Compliance Directions Received Budgeting for Handover Assistance during a Handover Period Assumptions Forecasting Indicative Charging Statements and budgets Price Control through to expiry Indicative estimates of costs for Handover Assistance Scenario 2 - Revocation BHP Assumptions common to all workstreams General Processes Revocation prior to the commencement of live services Document Management General Management Workstream Finance Workstream Commercial Workstream Design and Assurance Workstream Operations Workstream Resourcing Workstream DCC PUBLIC 4

5 4.9 Programme Workstream Price Control Post-Transfer support Activities Annex A: Licence requirements cross-reference Table Annex B DCC Business Handover Plan Gantt Chart Annex C Glossary Annex D Types of Revocation Event DCC PUBLIC 5

6 1 Introduction and Overview 1.1 Background Smart DCC Ltd (DCC) provides the shared smart metering communications infrastructure that allows energy suppliers, network operators and other authorised users to communicate with smart meters. The smart meter communication service will enable consumers to manage their energy usage with near to real-time information of their energy consumption. Consumers will benefit from energy savings and reduced emissions as a result of more accurate information, bringing an end to estimated billing. DCC is a wholly owned subsidiary of Capita plc, and was granted the Smart Meter Communication Licence (the Licence) by the Department of Energy and Climate Change (DECC) on 23 September 2013, pursuant to sections 7AB(2) and (4) of the Gas Act 1986 and sections 6(1A) and (1C) of the Electricity Act The Licence sets out the conditions under which DCC will implement and manage a data and communications service that enables smart meters within domestic and non-domestic premises to communicate with the business systems of Users. The Licence will remain in force until 22 September 2025 or up until 22 September 2031 should the Licence be extended. 1.2 Purpose and structure of the Business Handover Plan Business handover is defined in the Licence as the activity of transferring Authorised Business, without disruption and in an orderly manner to a Successor Licensee in the event of the revocation or expiry of the Licence. This Business Handover Plan (BHP) is designed to meet this obligation. by setting out the roles, responsibilities, planning assumptions and dependencies on all parties in accordance with the general duty under Part A of Condition This condition recognises that different provisions may vary depending on the scenario under which business handover takes place. There are two scenarios for business handover that are considered in this plan: Scenario 1 - Expiry On expiry of the Licence and handover to Successor Licensee (September 2025, or after Additional Licence Term). Scenario 2 - Revocation In response to a Revocation Event during the term of the Licence, which may be an Emergency, Grant, or Other Revocation Event 2 The BHP is structured in accordance with the two scenarios. Section 2 describes working practices which DCC has adopted to enable an efficient and effective Business Handover under both scenarios. Section 3 is specific to expiry and section 1 A full list of the relevant Licence Obligations is included as Annex A 2 As defined Section 2 of the Licence DCC PUBLIC 6

7 4 relates to the three types of Revocation Event that could occur during the Licence term. The BHP starts with the expiry scenario to explain all of the actions that are required in a planned event with known timeframes. The revocation scenarios demonstrate how the reduced timescales impact this. For clarity, this BHP: Focuses on handover of the DCC s Licence, and not External Service Provider exit planning (except where this directly relates to DCC handover) Is not a Successor Licensee mobilisation plan, therefore, the support required from DCC may vary according to the particular proposals of the Successor Licensee Relates to Handover to a Successor Licensee, and not discontinuation of the Authorised Business. A glossary of terminology commonly used in this document is contained at Annex C. Capitalisation is primarily used to indicate definitions in the Licence and SEC, or where introducing a title e.g. Business Handover Programme Director. 1.3 Preparation and Maintenance of the BHP Preparation The views of External Service Providers and SEC Parties have been sought in preparing this BHP, and taken account of in the following ways: Introductory bilateral meetings were offered to all External Service Providers and an invitation to comment on the first full draft of the BHP during the consultation during July Views were considered for inclusion/amendment, and the BHP published to all SEC Parties on the DCC SharePoint site with an invitation to comment to both External Service Providers and SEC Parties in August The External Service Providers consulted were: o CSP Contract North - Arqiva o CSP Contract Central & South - Telefonica o DSP CGI o SMKI BT o Parse & Correlate Critical Software For this update, bilateral meetings were offered to Service Providers and they were provided an opportunity to comment on the changes during January In addition to the Service Providers previously consulted, Capita was added to the consultation. A consultation has been run by DCC from 2 February 2016 to 3 March [XX} responses from SEC Parties were received. TO BE COMPLETED FOLLOWING CONSULTATION Ongoing Review This second version of the BHP reflects the current status and developing nature of the Authorised Business. DCC PUBLIC 7

8 1.3.3 Update Triggers DCC will review and update the BHP in order to ensure that it remains accurate and current, through working with the business and other stakeholders: at least once in each Regulatory Year throughout the term of the Licence, or in response to any significant change to: o the scope of Authorised Business (e.g. inclusion of the Next Switching Programme), o the regulatory environment (in particular the Smart Energy Code or the Licence) o changes to legislation e.g. Transfer of Undertakings Protection of Employment (TUPE) during the term of the Licence. As and when Permitted Business is introduced (e.g. utilisation of the infrastructure for non-energy services). 3 It will be updated in light of operational experience with additional detail as further knowledge becomes available to ensure it best complies with the requirements of Condition 43. Within the next Regulatory Year, DCC plans to update the Plan in response to: Go-live of the full service Introduction of any Special Administration Regime Views will be sought from Service Providers and SEC Parties and taken account of at each review of the BHP. During a Handover Period, the BHP may be varied through mutual agreement of the Licensee, Successor Licensee and the Authority provided that the variations support the general requirements of a smooth transition and do not place either party in breach of the Licence or Successor Licence. 1.4 Register of Relevant Business Assets Most of the documents identified in this BHP for handover are Relevant Business Assets 4. There is therefore a close relationship between the Register of Relevant Business Assets (RRBA), which is a list of the assets and their location, and the BHP. In light of this close relationship between the two, DCC intends to manage their update and maintenance as related products, aligning their update and submission to the Authority as appropriate. 3 There is currently no Permitted Business provided by DCC 4 Extract of Condition 28.4 (a) every External Service Provider Contract to which the Licensee is, or is likely to become, a party in accordance with Condition 16 (Procurement of Relevant Service Capability); (b) any other asset (however described and in whatever form, whether tangible or intangible) that is considered to be essential to the Licensee s ability to carry on the Authorised Business in accordance with this Licence; and (c) any contractual right to receive any sum or sums or any other financial asset from another person. DCC PUBLIC 8

9 The categories of Assets covered by the Register are: Financial: includes funds in bank accounts, promises to pay under certain conditions, e.g. credit cover or parent company guarantees provided by Users. Contract/Licences: includes External Service Provider contracts, all other contracts for goods and services, licences for software (including website design) and leases for photocopiers and printers. Physical: includes licences or leases to occupy office buildings, computer equipment, vehicles, stationery, etc. (Please note that DCC does not have any physical assets of this nature on its Register of Relevant Business Assets at the present time as these are provided under contract). Information: includes data collated or generated as part of DCC s business activities, e.g. minutes of meetings, pre design documentation (consultations and responses), and certain deliverables under its Licence Conditions. Intellectual Property: includes programme design documentation, and identification of IPR origin (created by Licensee, or assigned to it through new external contracting arrangements, and transition arrangements). DCC PUBLIC 9

10 2 Preparation for, and Initiation of, a Handover Period 2.1 Assumptions If the following assumptions are not correct when initiating the BHP then the impact will need to be considered by the Joint Handover Steering Group. Ref Assumption 2.1A DCC will have some advance notice of a handover period occurring. This will be because either in the case of expiry: A procurement process for a Successor Licensee has been underway prior to the expiry date; Or, for a revocation event: A revocation event (whether 24 hour, 7 day or 30 day) will involve some kind of identifiable build up. E.g. insolvency would be anticipated by cash flow projections 2.1B The Programme workstream would be handed over only in the event of a revocation event, as the expiry scenario assumes the programme is complete. 2.1C In the first instance, existing DCC staff will continue to provide the Authorised Business. This will certainly happen in the event of a revocation given the timeframes involved. 2.2 Enabling Activities throughout the Term Throughout the Term of the Licence, DCC will ensure that the following enabling activities are maintained: Ensuring that the Register of Relevant Business Assets is up to date Maintaining a good practice document management system (currently SharePoint) Ensuring that contracts provide for novation (where appropriate) of Relevant Service Capability 1 and management of IPR in accordance with Condition 44. DCC will also take into account the timing of expiry of the Licence in determining the contract duration of any contracts for provision of Relevant Service Capability, where 1 Conditions (c), and Schedule 2 DCC PUBLIC 10

11 possible separating dates to support continuity of service throughout handover of the Licence. This is illustrated in Figure 1 below. Licence Expiry Date Sep 2025 Licence Expiry Date if extended up to a maximum of 6 years from Document Management Figure 1 - Licence and Contract Timelines DCC recognises information as an asset, and manages it accordingly, with a dedicated Programme Management Office (PMO) resource. DCC has an Information Security policy which governs the maintenance of such information as part of its normal business processes, and is in line with industry good practice. This includes document classification as DCC Confidential, DCC Controlled or DCC Public. SharePoint is the system used to manage information. DCC PMO facilitates internal document management control as well as external access and use by Service Providers, service desk and Users. In addition DCC also uses a solution called Huddle for documentation that is classified as UK Only, which is accessed by Service Providers. 2.3 Upon Initiation of a Handover Period Upon initiation of a Handover Period, DCC will appoint a Programme Director to manage the Business Handover Programme, comprising the main workstreams and activities set out in figure 2 below. DCC PUBLIC 11

12 Business Handover General Management Finance Commercial Design and Assurance Operations Programme Figure 2 - Business Handover Workstreams Workstreams will primarily cover the following responsibilities. Workstream Role LC covered General Management Manages the Business Handover Programme, ensuring there is an effective governance framework in place in line with section 2.4 below. It will also coordinate communication and manage relationships with: a) b) and c), and SEC Parties DCC Employees and contractors SECAS the Authority DECC External Service Providers Capita Group and Divisional Functions Nominated Lead: Policy Director Finance Provides information and support to hand over the financial obligations and processes to the Successor Licensee, and any continuing obligations on DCC under Price Control and regulatory reporting. Nominated Lead: Finance Director and 43.17, and content set out in Condition (e) 1 2 Please see Annex A for the Licence Conditions in force at the time of this BHP version. DCC PUBLIC 12

13 Workstream Role LC covered Commercial Provides information and support to hand over the contractual obligations to the Successor Licensee. Nominated Lead: Commercial Director and 43.15, content set out in Conditions (e), and IPR provisions in Design and Assurance Provides information and support to hand over the Design and Assurance obligations (e.g. system architecture) to the Successor Licensee. Nominated Lead: Design and Assurance Director (d), and IPR provisions in Operations Provides information and support to hand over the operational obligations to the Successor Licensee. Nominated Lead: Chief Operating Officer Resourcing Will liaise as appropriate on TUPE transition of inscope resources to the Successor Licensee. Nominated Lead: Chief Operating Officer Programme (revocation only) Will liaise as appropriate on PMO and Delivery requirements, including change and risk management. Programme will be considered part of Operations once SMETs 2 solution is live and stable DCC will procure Handover Assistance from External Service Providers as a project using elements of the catalogue services and change control as appropriate, up to the Transfer Date. The Successor Licensee will subsequently procure its own services as required. DCC PUBLIC 13

14 2.4 Governance Structure A three tier governance structure is proposed for the duration of the Handover Period which includes the following: Group/Team Who? When? Expiry Revocation Joint Handover Steering Group (JHSG) DCC DEB Members DCC Programme Directors Relationship managers from Ofgem and DECC. 3 SECAS and/ or SEC Panel representatives 4 Successor Licensee (once appointed) BHPD? (once appointed) Meet fortnightly unless agreed otherwise Meet daily unless otherwise agreed Business Handover Programme Team (BHPT) Business Handover Programme Director (BHPD) Workstream leads appointed by the BHPD Heads of all functional areas Security Lead Meet weekly unless agreed otherwise Meet daily Functional workstream teams Subject matter experts as nominated by workstream leads Heads of all functional areas Meet weekly unless agreed otherwise. Meet daily Table 1 - Governance Structure DCC will consult the Authority on the appointment of the chair of the JHSG. After the Transfer Date, a revised governance structure will be maintained to facilitate post transfer queries defined and led by the Successor Licensee. 3 The DCC Policy Director will request membership from Ofgem and DECC on receipt of the revocation notice or prior to this where a potential revocation event is anticipated 4 The DCC Regulation Director will liaise with SECAS DCC PUBLIC 14

15 2.5 Roles & Responsibilities Joint Handover Steering Group (JHSG) The objective of the JHSG is to ensure that the business handover is governed appropriately in a manner that achieves successful transfer of the Authorised Business. It will achieve this by undertaking the following activities: Review the assumptions currently included in the BHP and determine whether any changes to the validity of these will impact the overall plan Appoint the BHPD and brief him/her on the requirements (will depend on the handover scenario) Review, approval and sign-off on the scope of the Handover Assistance to be provided by DCC (expiry only). Review, approve and sign off the timetable in the BHP and authorise proposed key changes to it and / or its key milestones (expiry only) Agree and sign-off the charges associated with the provision of Handover Assistance (expiry only) Ensure that the BHPT is updated on regular activity in progress, or changes, including modification to the SEC Resolve any issues escalated by the Business Handover Programme or Successor Licensee Mobilisation Director arising from the BHPT To discuss and agree appropriate action for any disruptions to the business of SEC Parties arising as a result of the Business Handover Programme Collectively to coordinate all communications (internal and external, including stakeholders, regulators and media) from all parties concerning the transfer of the Authorised Business on behalf of the General Management workstream Ensure that prior to the Transfer Date the Licensee s interests are fully and appropriately represented in any dispute between the Successor Licensee, current Licensee and/or an External Service Provider, a SEC Party, or any other person in accordance with conditions and Business Handover Programme Team (BHPT) The core objective of the BHPT is to ensure that all the required activities are planned, managed, coordinated and delivered in an effective manner to ensure a successful and timely delivery of the Business Handover. The key responsibilities of this team are as follows: Convene the BHPT initiation meeting and confirm the individuals from all parties who are appointed to each role within the team (following nomination by the BHPD) Review any assumptions or assumed timescales in the BHP once the specific scenario of the handover is understood and ensure any conflicts are escalated to the JHSG Manage the deployment and assignment of workstream resources to support the on time and quality delivery of the BHP DCC PUBLIC 15

16 Provide direction to the workstreams resources as required and coordinate activities that span multiple workstreams Manage and track the progress of the work being performed against the milestones, deliverables and activities set out in the BHP Agree any change(s) to the BHP, unless the change varies the scope or nature of the Handover Assistance or change to a key milestone, in which case approval from the JHSG needs to be sought Review, discuss and agree appropriate action for any issues which arise from the day to day management of the Business Handover Programme Create and manage a RAID (Risk, Assumptions, Issues, and Dependencies) log to ensure, mitigation, effective redesign and assurance and/or escalation of identified risks and issues related to Business Handover as required Report jointly to relevant and appropriate stakeholders Monitor the actual and forecasted spend on a month by month basis for the Business Handover Programme (expiry only) Functional Workstream Teams Functional workstream teams will undertake the activities that are set out in sections 3 and 4 under the direction of the Business Handover Programme Director. DCC PUBLIC 16

17 3 Scenario 1: Expiry This scenario refers to expiry either after the Initial Term ending in September 2025 or after an Additional Licence Term which may be up to six additional years i.e. up to September Where relevant, a distinction has been made between: activities that would support the Authority s preparation for a competitive tendering process, those that might be undertaken with all applicants during such a process, and more detailed planning with a preferred applicant, and the actual handover of the Authorised Business following Award of the Successor Licence The timeline below provides a high-level overview of the phases during the Business Handover period for scenario 1 Expiry. The assumptions for this are included in Assumption 2.1C Figure 3 - Scenario 1 Expiry Should DCC (or another part of Capita plc) wish to participate in a competitive Licence application process, appropriate arrangements will be agreed with the Authority, such as establishing ethical walls for the tendering team. 3.1 Assumptions Common to all Workstreams This scenario is based on the following assumptions. If these assumptions are not correct when initiating the BHP then the impact will need to be considered by the JHSG. DCC PUBLIC 17

18 Ref Assumption 2.1A Prior to Licence expiry, DCC will support the Authority in their competitive Licence application process for a Successor Licensee. Once a Successor Licence award has been made, DCC will continue to conduct the Authorised Business in parallel with providing Handover Assistance to the Successor Licensee s mobilisation, until the Transfer Date. 2.1B From the Transfer Date, DCC would cease to provide the Authorised Business we have introduced a new defined term, Former Licensee to refer to DCC at this point. A constrained set of obligations are likely to continue on DCC should the Transfer Date precede the Expiry Date, however, the Successor Licensee will have full responsibility for the provision of Authorised Business under the Successor Licence. 2.1C We have assumed a period of a minimum of 18 months from initiation of a Handover Period by the Authority to full handover to Successor Licensee, i.e. the Transfer Date. This assumes that the Authority will run a competitive tendering process in line with public services procurement regulations within a 12 month period 9. DCC consider that this represents a realistic assumption for a retender of the Licence, however the timing of initiation of a Handover Period is entirely within the Authority s control and may start more than 18 months in advance of the Licence Expiry on the Authority s direction. The six month period estimated for Successor Licensee mobilisation assumes that the service and solution would be broadly similar to the current DCC service, and that Service Provider contracts would novate to the Successor Licensee with only minor amendments to the overall solution. 2.1D The Authority will share its plans for the Successor Licence application process and agree any due diligence requirements or requests for access in good time e.g. four weeks in advance. We have also assumed that all requests for access or information (including in relation to External Service Providers) will be channelled through the BHPD (or delegated nominee) as its central point of contact. 2.1E The Authority will put in place measures in the Successor Licence to ensure that no activity is undertaken which would place DCC in breach of its Licence, and the cooperation of the Successor Licensee including compliance with the current DCC information security policies up to the Transfer Date. There is an assumption that management accountability for the Authorised Business will formally transfer at the Transfer Date. 9 Estimate based on experience of similar tendering processes. Whilst this is shorter than the original Licence application process, it will benefit from the precedents set by the current Licence DCC PUBLIC 18

19 Ref Assumption 2.1F The Successor Licensee mobilisation and services will be subject to appropriate testing and assurance prior to cut-over on the Transfer Date similar to the current DCC process for introduction of the live service. Should the Successor Licensee fail to meet such assurances (e.g. in relation to protection of critical national infrastructure) the Transfer Date may be deferred and DCC may be directed by the Authority to continue to provide operational services until such times as the Authority is satisfied. 2.1G The BHP is not an exit plan for External Service Providers, and all SP contracts are assumed to be novated to the Successor Licensee, therefore, no material changes or impacts to the services to Users are expected during this time. 2.1H All documentation and access to the relevant document management systems during this phase will be managed and protected in accordance with the current DCC Information Security policy, (which is in line with the Licence Conditions relating to Confidential Information) and guidance provided by the Information Security Team. All applicants will need to sign a Non-Disclosure Agreement (NDA) prior to accessing any documentation. External Service Providers consent that they are content for such documentation to be shared. 3.2 Handover Requirements by Workstream The following sections outline the steps that will be performed by each workstream General Management Workstream Preparing for the Appointment of a Successor Licensee Prior to the start of a competitive tendering exercise DCC will: Appoint a BHPD and initial BHPT as set out in Section 2, to ensure appropriate management and controls are in place throughout the Handover Period Agree a communications strategy with the JHSG in relation to communications with key stakeholders during any Handover Period, including the staged release of documents in line with the tendering process Manage relationships with SEC Panel and SEC Parties, and provide internal and external communications support to the Authority, to ensure that all relevant parties are aware of the current situation Meet with the Authority and relevant regulators where appropriate to review what is in progress/under development and agree appropriate handling on a case by case basis DCC PUBLIC 19

20 Engage DCC s information security team to establish an information security plan that will detail the information security actions required during the Successor Licence application process and handover to the Successor Licensee. During the competitive tendering exercise DCC will: Provide content and access for all applicants to a Virtual Data Room via existing document management solutions. Establish and communicate the information security plan as described above Ensure that the information made available to the Virtual Data Room and all applicants have the correct classifications applied and that there is an information handling model in place which considers what information or documentation is released at which stage of the procurement process Answer questions and arrange appropriate site visits from the Authority/applicants/preferred applicant Engage with External Service Providers in accordance with the communications strategy to ensure that key messages are communicated as to how the handover will impact on the External Service Providers, and to arrange access to Handover Assistance from External Service Providers as appropriate. The Handover Assistance will be limited to primarily providing any additional data not already held by DCC for the Virtual Data Room. During the detailed planning process with the preferred applicant DCC will: Meet with the preferred applicant to align the BHP to the Successor Licensee solution/mobilisation plan. DCC will develop and agree a joint plan within four weeks of the preferred applicant having been appointed Provide due diligence support by co-ordinating DCC staff to provide information required by the preferred applicant and host the preferred applicant s due diligence team to demonstrate the Authorised Business Facilitate access to the External Service Providers to enable the preferred applicant to undertake due diligence and prepare its detailed mobilisation plan from Successor Licence Award On provision of the preferred applicant s proposed solution, request a Preliminary Assessment of the impact from External Service Providers. Managing Transition to the Successor Licensee This section sets out the Handover Assistance to be provided from award of the Successor Licence to full transfer of operational responsibility at the Transfer Date and how these will be managed. The General Management workstream will continue to manage the formal Business Handover Programme, and expand the programme governance to include the Successor Licensee. An initial joint Business Handover Plan will be developed with the preferred applicant within four weeks of a preferred applicant being appointed. Good practice project management principles will be applied, e.g. phasing of the DCC PUBLIC 20

21 approach or parallel running to manage resources and the impact of changes, as well as the early planning of any activities that may involve or impact Users. The Handover Assistance to be provided by DCC will be as follows: Handover of the key management activities which DCC has in place to manage the Authorised Business Permanent deletion of records, documents, databases, information and data subject to DCC s data retention/statutory audit requirements, or as the Authority directs Handover of security obligations, including progressive removal of access rights and security privileges in a timely manner as handover progresses, whilst maintaining compliance with DPA and associated data privacy and access obligations A series of workshops in order to provide knowledge transfer to the Successor Licensee on the various security processes and procedures which DCC has in place to manage risks to the security of the Authorised Business Handover of the relationships with SECAS Regular communication with the SEC Panel and engagement during the Handover Period, including awareness of multiple attendees from DCC and Successor Licensee attending SEC Panel meetings Facilitate, where possible, face to face introductions between the Successor Licensee, Service Providers and key stakeholders such as SECAS 10 Transfer compliance management activities to the Successor Licensee. Documentation In preparation for, and during, the Successor Licence application process DCC will provide a range of documentation as required by the Authority to enable it to prepare for a competitive tendering process, and for release to applicants through the Authority s Virtual Data Room. The timing of documentation release will be planned in line with the Authority s procurement processes. This will include but not be limited to: 10 Any individuals who are members of the SEC Panel, Change Board or other Sub-Committees, Working Groups or other governance bodies, or hold Directorships, under the SEC will resign effective at the Transfer Date DCC PUBLIC 21

22 The BHPD will request that External Service Providers appoint a single point of contact (SPoC) for preparation of documentation to support the Successor Licence application process. DCC may disclose External Service Provider Confidential Information, subject to commercial sensitivities, to a Successor Licensee in accordance with the applicable clauses of the External Service Provider contracts. Full disclosure of Confidential Information will only apply to the successful applicant; limited disclosure will apply to all applicants. Business Handover Plan High level stakeholder map Relevant process documentation Key management information Risk Management Strategy and Risk Register (excluding DCC corporate risks) Key plans, such as the development plan and the business continuity and disaster recovery plan Internal Control Document and status reporting (where applicable) Other documentation from workstreams as set out below DCC will not be providing access to the SEC or the SEC subsidiary documents; these can be accessed online via the SECAS website. During the Transition Phase documentation will be provided which covers the duration of the Licence, including, but not limited to: Formal letters Meeting minutes Development Portfolio and Account Plans Business cases Impact assessments Programme and Operational RAID logs Legacy project management data, including governance board minutes, reporting, RAID logs etc. Design documents specific to DCC Terms of Reference for meetings and roles Directions received from the Secretary of State and the Authority Any consultations that have been run by DCC and supporting documents. Any other Collateral material created by or participated in by the DCC as part of the establishment of the infrastructure services, or potential future services. Ensure that permission is sought when sharing information marked as CONFIDENTIAL that has been provided by Service Providers Security policies and artefacts. DCC PUBLIC 22

23 3.2.2 Finance Workstream Workstream Specific Assumptions The release of sensitive financial information is to be managed as a controlled process. The release of credit cover information will need to adhere to the Information Security Information Handling Model. Where disputes are not resolved by Transfer Date, then resolution becomes responsibility of Successor Licensee, but support will be provided by DCC. Any members of the Finance team, who are primarily focussed on the statutory reporting requirements of DCC, rather than its operational duties as the Licensee, will not transfer to the Successor Licensee and will continue with their duties after the Transfer Date. Preparing for the Appointment of a Successor Licensee In preparation for and during the competitive tendering process, DCC will provide the following finance process maps to enable the Authority to prepare for a competitive tendering process, and for release to applicants through inclusion in the Authority s Virtual Data Room: Fixed Charges Communications Hub Charges Explicit Charges Manual Adjustments Indicative Budgets Users credit cover arrangements. Communications Hub Finance Charges New SEC Party Process for credit cover Non-client Master Data Month-end Process Future State End-to-End Process Policy Information Charging Statements In addition, DCC finance staff will be made available to answer questions on the processes. Managing Transition to the Successor Licensee During the transition phase DCC will: Ensure all DCC outstanding receipts are applied and any disputes resolved as far as possible (43.17). DCC PUBLIC 23

24 If the Authority review of Price Control Information is taking place prior to the Transfer Date, DCC will ensure that any costs envisaged prior to the Transfer Date are clearly identified Inform the Successor Licensee if an annual audit is in motion and provide information on the status of the audit. Ensure the Successor Licensee is made aware if any input is required from the Successor Licensee If the Authority review of Price Control information is in progress DCC will be required to remain involved to provide the required historical financial information Minimise accruals in the final period of the handover process prior to the Transfer Date so that the reconciliation of charges post-transfer is minimised At least five working days in advance of the Transfer Date, make arrangements for credit cover to be returned to Users on the Transfer Date and assist the Successor Licensee in making new credit cover arrangements. A five working day period will provide sufficient time to allow for the creation of the legal document that will be re-drawn to name the Successor Licensee as the new legal entity of the Credit Cover. Documentation Relevant DCC financial documentation, billing data, charging policy processes, pricing models and ledgers are to be handed over to the Successor Licensee. The accounting ledger system will not be transferred, but ledger information e.g. debtors and creditors will be made available as at the Transfer Date Commercial Workstream Workstream Specific Assumptions The Authority may mandate acceptance of External Service Provider contracts as part of the Licence Award (in line with the original DCC application process) or that the Successor Licensee will agree to novation of all External Service Provider contracts, and that there will be no residual liabilities on the Former Licensee in accordance with Schedule 2 of the Licence. Preparing for the Appointment of a Successor Licensee In preparation for a tendering process, and subsequent Licence award, this workstream will ensure that all contracts and any other commercial agreements have been examined and any obligations/liabilities identified and addressed. Preparations will be made for: Novation to the Successor Licensee of all External Service Provider contracts, (including services procured from Capita plc) Novation of Framework Agreements, Accession Agreements and Bilateral Agreements in accordance with SEC M9 Transfer of the Licence Transferring the shareholding in SECCo to the Successor Licensee (see SEC Schedule 4) Novation of Intellectual Property Rights in accordance with Condition 44. DCC PUBLIC 24

25 Managing Transition to the Successor Licensee In conjunction with the Successor Licensee and External Service Providers, DCC will: Execute the deeds of novation of all External Service Provider contracts in the form set out in Schedule 2 of the Licence Novate or assign any SEC Materials which have been developed specifically for the purposes of supporting the DCC Service as appropriate in accordance with Licence Condition 44 where these are not already incorporated in the novation of the Service Provider Agreements Execute novation agreements in accordance with SEC M9 Transfer of the Licence covering Framework Agreements, Accession Agreements and Bilateral Agreements Transfer the shareholding in SECCo to the Successor Licensee (see SEC Schedule 4) Transfer of Chair for governance boards Transfer Relevant Business Assets to the Successor Licensee in line with the Licence Conditions and the Register of Relevant Business Assets (see section 1.4). Documentation The following documentation will be made available as Confidential Information at the appropriate stages of the procurement process: Unredacted copies of contracts with External Service Providers, once there is a shortlist for the Final Stage of the Tender process Information on all services to DCC Users, including elective and value added services are being provided, to whom, and under what forms of agreement The Register of Relevant Business Assets. The following documentation will be made available during the transition: External Service Provider contracts Framework Agreements, Accession Agreements and Bilateral Agreements Any current Modification Proposals and associated DCC evaluation Transfer of all contractual documents and their history of change Design and Assurance Workstream Design and Assurance refers to the team that is assuring development of an integrated solution and service design between the Communications Hub and DCC User Gateway. The overall DCC end-to-end solution is summarised in Figure 4 DCC PUBLIC 25

26 Figure 4 - Overall Solution In preparation for the competitive tendering process DCC will ensure all core and back-up systems are identified, including the services that are provided and the details of the system owners. The presentation of this information will be driven through the DCC Enterprise Architecture tool ABACUS, which is managed by Design and Assurance. The table below provides information on the current services and applications provided by DCC that are assured by DCC Design and Assurance. All standard documentation can be found in the documentation section below. DCC PUBLIC 26

27 SPs providing the service / DCC Customer Services that DCC design and assure Data Service Provider (DSP) User Gateway Services Smart Meter Inventory Call-off Services Smart Metering Ancillary Services Anomaly Detection Parse & Correlate SMKI Repository Transitional IT Hosting Service Application Management Service Systems Integration Service Performance Monitoring and Reporting Self Service Interface Remedy Communication Service Provider (CSP) SMWAN Service Performance Monitoring and Reporting Comms Hub Ordering, Delivery and Maintenance Power Outage Management Service Trusted Service Provider (TSP) Smart Metering Key Infrastructure (SMKI) Services Critical Software Parse and Correlate Capita IT Services Business Information / Management Information (Cognos) Collaboration Tools (Huddle, MS Lync, SharePoint) Document Management (SharePoint) Architecture (Abacus) Enterprise Security Monitoring (LogRhythm) Security Tools (McAfee, IDS, PointSec, Sanctuary, IRAM) Innovation Digital Website DCC Operations Service Design Packages for the following high level services, which are made up of 115 sub-services: User Entry Services Core Communication Services Key Infrastructure Communication Hubs Optional Services Elective Services Service Management Business Services Testing Services Each Service Design Package is comprised of: Design Documents, Work Instructions, Workflows, templates and forms. Table 2 - DCC Services assured by DCC DCC PUBLIC 27

28 Preparing for the Appointment of a Successor Licensee During the detailed planning process with the preferred applicant DCC will: Support the preferred applicant/successor Licensee to conduct a requirements gathering exercise in order to determine the systems and data information that the Successor Licensee requires to support its proposed solution Agree the data handling requirements with the preferred applicant/successor Licensee in advance of any data migration Plan and prepare for the migration of the service desk solutions, in conjunction with the preferred bidder/successor Licensee. The migration process of the service desk solutions may take between three and six months to complete. Managing Transition to the Successor Licensee Please refer to Table 2 for detail of the individual services that are assured by Design and Assurance. The Handover Assistance to be provided by DCC is as follows: Knowledge transfer of all Design and Assurance architecture, guidance and service design artefacts, through providing presentations, and question and answer sessions to the Successor Licensee Grant and revoke permissions regarding logical and physical access to IT systems Configuration Management and Knowledge Management Databases to be transferred Secure transfer of Enterprise Architecture tools as required Design freezes/release management will ensure version management remains effective, and that governance and assurance can be maintained. Documentation The additional Design and Assurance documentation that is to be transferred to the Successor Licensee through controlled access to the DCC document management system during the transition phase is as follows: Design and Assurance Organisation chart, business plan, and task level plans Design and Assurance Risks and Issues Log Design and Assurance Staff Objectives, Performance Management and other staff management documents Enterprise Architecture Model (which includes: architecture overview, process diagrams, data model etc.) Design artefacts, including Service Design artefacts Industry guidance materials Design Assurance Board (DAB) terms of reference, process flows, minutes, schedule and reports DCC PUBLIC 28

29 Design Issues Board (DIB) terms of reference, process flows, minutes, schedule and reports Future Change Portfolio: Excel model, process flows, prioritisation criteria, working group terms of reference, working group outputs Industry Design Forums schedule, past and future forum materials Design and Assurance analysis of Change requests Meeting minutes Management Information/ Business Intelligence Product list Operations Workstream Workstream Specific Assumptions The activities assume that there would be a single cutover date (the Transfer Date) and training/testing would be provided on the test system, so there would not be two Licensees accessing the live system at any time. Preparing for the Appointment of a Successor Licensee Consumers Service Users Energy Suppliers Networks Others Handheld Device Automated Responses Web Portal Self-Service Telephone Strategy Design Architecture Innovation Service Desk (Incidents) Service Management ITIL v3 Governance Forums Partnerships Major Incidents Stand Alone Native Interface DSMS Remedy CSP CSP DSP SMKI P&C Service Providers Figure 5 - Operational Services Overview The role of operations after go-live is to provide the day-to-day service support to Users, co-ordinating all ITIL (Incident, Change, Problem, Demand etc. management) routines across the DCC Ecosystem. DCC PUBLIC 29

30 In preparation for business handover activity, Operations will periodically (quarterly) refresh a briefing pack (Summary of DCC Operational Performance) to include as a minimum: DCC Operations and service desk organisation structure Historic or YTD FSP performance derived from 127 performance measures captured monthly Historic or YTD DCC Code performance measures, captured monthly Incident rates and trends Issues being addressed through problem management, plus a summary of other underlying issues Planned changes and activities underway to improve operational performance Summary of most recent BCDR test and findings If applicable, a list of service related SEC obligations that are not currently being met. The table below provides information on the services to be offered from July 2016 by DCC Operations (apart from Interim Services and SMKI which become operable prior to the R1.2 go-live date). Service Core Communication Services User Entry Process DCC User Gateway Message Request Parse and Correlate SMKI Forecasting & Ordering Communications hub handover, installation and maintenance Faults and decommissioning Training SMKI Chargeable communication Services Communication hub Installation and Maintenance services Communication hub Auxiliary Installation Assets SWAN Field Unit Assets Service Desk Support - CSP Service specific documents to be made available to applicant DCC User Gateway Interface Specification (DUGIS) Code of Connection (CoCo) Service Request and Comms Hub Forecasts User Gateway topology and any network audit report SMKI Interface Design Specification SMKI Code of Connection SMKI Recovery Procedures SMKI Registration Authority Policies and Procedures SMKI User Guide Relevant documentation pertaining to; Communication hub installation assets Operations Manual ESPs/other SPs the service providing DSP DCC User gateway, Message Request SMKI (provides mechanism to secure Core Communication Services) TSP DSP CSP and DSP DCC PUBLIC 30

31 Service Chargeable Data Services Self Service Interface Report Service Service Desk Support Services Integration Consultancy Service specific documents to be made available to applicant Relevant documentation pertaining to: Design documents Operations Plans Configuration items Process maps Architecture Installer Training Materials CIs Maps ESPs/other SPs the service DSP providing Service Desk DCC Service Desk Support Services DSP Service Desk Support Services CSP Service Desk Support Services Service Management Self Service Interface Service Self Service Management Interface Service Management System Services - Remedy Performance Reporting & Monitoring Service Management Processes Procedures and Working Instructions Service Catalogue Enrolment Services Smart Metering Inventory Services Decommissioning And Withdrawal Of Devices Enrolment feasibility Service Testing Services Communication hub Testing and Accreditation services Test Lab Service- CSP Communication hub Test Assets Testing Service DSP Test Lab Connection Service Business Services Billing Reporting Order Management System Relevant documentation pertaining to: Design documents Operations Plans Configuration items Process maps Architecture Relevant documentation pertaining to: Design documents Operations Plans Configuration items Process maps Architecture Business Continuity Management System Incident Management Policy Operating Manuals Relevant documentation pertaining to: Scope of subservices Processes and procedures Relevant documentation pertaining to: Scope of subservices Processes and procedures Relevant documentation pertaining to: Design documents Configuration items Process maps DCC, DSP, CSP DSP SSI and Service Management System DCC Service Management Processes DSP DCC DCC Table 3 - DCC Services from 2015 Managing Transition to the Successor Licensee The Handover Assistance to be provided by DCC for each service can be seen in the tables below: DCC PUBLIC 31

32 Core Communication Services Assistance to be provided by DCC during Business Handover Key Data Duration of Handover period User Entry Process DCC User Gateway Message Request Parse and Correlate SMKI Forecasting & Ordering Installation Operations & Maintenance Faults and Returns Training Chargeable communication Services Communication hub Installation and Maintenance services Communication hub Auxiliary Installation Assets SWAN Filed Unit Assets Service Desk Support - CSP Chargeable Data Services Share all relevant documentation on scope, support model, processes, procedures and operations manuals Provide knowledge transfer Provide personal introductions to key Service/Operations colleagues within the FSP community Demand Management Policy Table 4 - Core Communications Services Assistance to be provided by DCC during Business Handover Share all relevant documentation on scope, support model, processes, procedures and operations manuals Provide knowledge transfer Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical Service User forecast vs actuals across CH, SMKI and Message requests Key Data Table 5 - Chargeable Communication Services Assistance to be provided by DCC during Business Handover Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical Key Data The approximate period of handover is estimated to take between 3 and 6 months Duration of Handover period The approximate period of handover is estimated to take between 3 and 6 months Duration of Handover period Self Service Interface Report Service Service Desk Support Services Integration Consultancy Share all relevant documentation on scope, support model, processes, procedures and operations manuals Provide knowledge transfer Table 6 - Chargeable Data Services Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical The approximate period of handover is estimated to take between 3 and 6 months DCC PUBLIC 32

33 Service Desk Assistance to be provided by DCC during Business Handover Key Data Duration of Handover period DCC Service Desk Support Services DSP Service Desk Support Services CSP Service Desk Support Services Major incident management (handover of incidents etc.) to be transferred to the Successor Licensee Knowledge transfer and handover of the analytics function Account management transfer Knowledge transfer and access to the Admin Portal Transfer responsibility for open incidents, change requests and complaints Information regarding any unresolved faults, manual workarounds and work undertaken to resolve them Work with Management work stream to facilitate personal introductions/ handovers between the Successor Licensee and each of the Users (subject to Successor Licensee s mobilisation plan) Handover of outstanding issues identified by any recent BCDR exercise Continue with any on-going consultation exercises Provide access to the Self Service Management Information Portal Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical The approximate period of handover is estimated to take between 3 and 6 months Table 7 - Service Desk Service Management Assistance to be provided by DCC during Business Handover Key Data Duration of Handover period Self Service Interface Service Self Service Management Interface Service Management System Services - Remedy Performance Reporting & Monitoring Service Management Processes Procedures and Working Instructions Service Catalogue Share all relevant documentation on scope, support model, processes, procedures and operations manuals Provide knowledge transfer Carryout shadow support Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical The approximate period of handover is estimated to take between 3 and 6 months Table 8 - Service Management DCC PUBLIC 33

34 Enrolment Services Assistance to be provided by DCC during Business Handover Key Data Duration of Handover period Smart Metering Inventory Services Decommissioning And Withdrawal Of Devices Enrolment feasibility Service Share all relevant documentation on scope, support model, processes, procedures and operations manuals Provide knowledge transfer Carryout shadow support Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical The approximate period of handover is estimated to take between 3 and 6 months Table 9 - Enrolment Services Testing Services Assistance to be provided by DCC during Business Handover Key Data Duration of Handover period Communication hub Testing and Accreditation services Test Lab Service- CSP Communication hub Test Assets Testing Service DSP Test Lab Connection Service Share all relevant documentation on scope, support model, processes, procedures and operations manuals Provide knowledge transfer Carryout shadow support Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical The approximate period of handover is estimated to take between 3 and 6 months Table 10 - Testing Services Billing Services Assistance to be provided by DCC during Business Handover Key Data Duration of Handover period Billing Reporting Order Management System In addition to the table above DCC will: Secure access to billing information Handover of FTP server Discuss with the Successor Licensee the risk threshold around change activities and decide whether to delay or continue with any pre-planned activities. Operational risks and decision points will need to be considered. Transfer IPR knowledge Table 11 - Billing Services Change requests Service User operational performance data Business Continuity and Disaster Recovery (BCDR) plans Entire data detail including historical The approximate period of handover is estimated to take between 3 and 6 months Transfer data securely (operational data, business processes), process information. Develop a joint approach with the Successor Licensee for data synchronisation and validation, to ensure that any activities that are in progress are aligned at the transfer point DCC PUBLIC 34

35 Work with the Successor Licensee to ensure that User processing remains uninterrupted throughout the transfer and that any potential adverse customer experience is minimised (as the FSP contracts will be transferred to the Successor Licensee it is not envisaged that customer experience will be adversely impacted) Provide information on physical and logical security processes and tools to the Successor Licensee Ensure data accessibility. Operational data is held by the FSPs. Contracts with the FSPs will be transferred to the Successor Licensee, and therefore the data will remain accessible. Access to historical data will be managed during business as usual. 11 Provide information to assist with the transfer of assets, including asset details, transferring service desk scripts and training materials Transfer the Information Risk Analysis Methodology (IRAM) system and associated data. Manage the transfer of test and production environments in association with Service Providers where required. External Service Providers The key activities to be undertaken by External Service Providers are set out in the table below. The primary operational impact of handover will be on the Smart Metering Key Infrastructure (SMKI) as this involves more change. Role & Service Provider Name Key activities SMKI Provide all systems architecture and operational documentation, as previously shared with DCC. Rebrand User facing portals The Policy Object Identifiers (OIDs) are the Policy Identifiers that are used to the reference the Organisation and Device Certificate Policies (CPs).These Policy OIDs contain the DCC s Company number and so will require the CPs, which are appendices to the SEC, to be revised to accommodate a new DCC. There is facility for this through the Policy Management Authority the governing body for SMKI. The trusted Root and Issuing Certificate Authorities have the 11 Users can retrieve a subset of their own data via the Self Service Interface for as long as it is not archived. Users can also request that certain audit reports be generated if required. DCC PUBLIC 35

36 Role & Service Provider Name Key activities Policy OIDs embedded in them and therefore would need to be rekeyed, and new certificates generated before the Business Handover date. This will require a key ceremony to be scheduled and can be undertaken within a four week window as a planned event. It is anticipated that other Business Handover activities would have a longer lead time, e.g. consulting with Users around the continuing validity of the estate, with which the four week lead-time for scheduling this will not be an issue. A key design principle is the need to ensure that the end-to-end security architecture is protected and not compromised by the handover, whilst avoiding Users having to re-issue device credentials and distribute them throughout their installed portfolios since this would have a large impact on Users (time and cost). The existing DCC Issuing CAs would be used to issue any certificates required up to the Business Handover date and the new Issuing CAs used to issue any certificates required after the Business Handover date (as shown below). There will be no requirement to re-issue any certificate issued by the DCC Issuing CAs prior to the expiry of that certificate as a consequence of Business Handover. CA Hierarchy prior to Business Handover DCC Infrastructure Root CA Above is an OID referenced DCC Organisation Root CA DCC Infrastructure Issuing CA DCC Organisation Issuing CA Individual Infrastructure Certificates Individual Organisation Certificates CA Hierarchy post- Business Handover DCC PUBLIC 36

37 Role & Service Provider Name Key activities The Certificate Policy and Certification Practice Statements will also need to be reviewed and the DCC Policy OIDs and any references to the DCC organisation replaced. The Registration Authority would change (although subscribers accessing it would not change), therefore, consideration will be given to a new process or replication of the Registration Authority, as required by the handover timetable CSPs and DSP Provide all systems architecture, operational documentation, and all contract deliverables that are live at the time to the Successor Licensee as previously shared with DCC Parse Correlate and Provide all systems architecture, operational documentation, and all contract deliverables that are live at the time to the Successor Licensee, as previously shared with DCC. Table 12 - External Service Providers Documentation In preparation for and during the Successor Licence application process DCC will provide the additional documentation to enable the Authority to prepare for a competitive tendering process, and for release to applicants through inclusion in the virtual data room: Change management schedule Crisis management plans Technical documents Business Continuity and Disaster Recovery (BCDR) plans Monthly BI/MI reports Portfolio of vital processes DCC PUBLIC 37