UK Government Updates ESOS Guidelines

Britain?s Environment Agency has produced an update to the ESOS guidelines previously published by the Department of Energy and Climate Change. Fortunately for businesses much of it has remained the same. Hence it is only necessary to highlight the changes here.

  1. Participants in joint ventures without a clear majority must assess themselves individually against criteria for participation, and run their own ESOS programs if they comply.
  2. If a party supplying energy to assets held in trust qualifies for ESOS then these assets must be included in its program.
  3. Total energy consumption applies only to assets held on both the 31 December 2014 and 5 December 2015 peg points. This is relevant to the construction industry where sites may exchange hands between the two dates. The definition of ?held? includes borrowed, leased, rented and used.
  4. Energy consumption while travelling by plane or ship is only relevant if either (or both) start and end-points are in the UK. Foreign travel may be voluntarily included at company discretion. The guidelines are silent regarding double counting when travelling to fellow EU states.
  5. The choice of sites to sample is at the discretion of the company and lead assessor. The findings of these audits must be applied across the board, and ?robust explanations? provided in the evidence pack for selection of specific sites. This is a departure from traditional emphasis on random.

The Environment Agency has provided the following checklist of what to keep in the evidence pack

  1. Contact details of participating and responsible undertakings
  2. Details of directors or equivalents who reviewed the assessment
  3. Written confirmation of this by these persons
  4. Contact details of lead assessor and the register they appear on
  5. Written confirmation by the assessor they signed the ESOS off
  6. Calculation of total energy consumption
  7. List of identified areas of significant consumption
  8. Details of audits and methodologies used
  9. Details of energy saving opportunities identified
  10. Details of methods used to address these opportunities / certificates
  11. Contracts covering aggregation or release of group members
  12. If less than twelve months of data used why this was so
  13. Justification for using this lesser time frame
  14. Reasons for including unverifiable data in assessments
  15. Methodology used for arriving at estimates applied
  16. If applicable, why the lead assessor overlooked a consumption profile

Check out: Ecovaro ? energy data analytics specialist 

Check our similar posts

The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Is the GDPR Good or Bad News for Business

The European Union?s General Data Protection Act (GDPR) is a new data authority coming into force on 25 May 2018. It replaces the current Data Protection Directive 95/46/EC, while extending the remit to include the export of personal data outside the EU. It aims to give EU citizens and residents living there more control over their personal information. It also hopes to make regulatory compliance simpler for participating businesses.

The Broad Implications for Business
The GDPR puts another layer of accountability on businesses falling within its remit. It requires them to implement ?comprehensive but proportionate governance measures? including recording how they make decisions. The long-term goal is to reduce privacy infringements. In the short run, businesses without good governance may find themselves writing new policies and procedures.

Article 5 of the European Union?s General Data Protection Act lays down the following guidelines for managing personal data. This shall be ?
? Processed transparently, fairly, and lawfully
? Acquired for specific, legitimate purposes only
? Adequate, relevant and limited to essentials
? Not used for any other, incompatible purpose
? However it may be archived in the public interest
? Kept up to date with all inaccuracies corrected
? Ring-fenced when the information becomes irrelevant
? Adequately protected against unauthorised access
? Stored in a way that prevents accidental loss
Furthermore, affected businesses shall appoint a ?controller responsible for, and able to demonstrate, compliance with the principles.?

Implementing Accountability and Governance
The UK Information Commissioner?s Office has issued guidelines regarding provisions to assure governance and accountability. These are along the lines of the ?don’t tell me, show me? management approach the office has generally been following. In summary form, a business, and its controller must:
? Implement measures that assist it to ensure demonstrated compliance
? Maintain suitable, relevant records of personal data processing activities
? Appoint a dedicated data protection officer if scale makes this appropriate
? Implement technologies that ensure data protection by design
? Conduct data protection assessments and respond to results timeously

Implementing the General Data Protection Act in Ireland
The Irish Data Protection Commissioner has decided it is unnecessary to incorporate the GDPR into Irish law, since EU regulations have direct effect. The office of the Commissioner is working in tandem with data practitioners, and industry and professional bodies to raise awareness in business through 2017. It has produced a document detailing what it considers the essentials for business compliance. Briefly, these pre-requisites are:
? Ensure awareness among key personnel, and make sure they incorporate the GDPR into their planning
? Conduct an early assessment of quality management gaps, and budget for additional resources needed
? Do an audit of personal data held, to determine the origin, the necessity to hold it, and with whom shared
? Inform internal and external stakeholders of the current status, and your future plans to implement the GDPR
? Examine current procedures in the light of the new directive. Could you ?survive? a challenge from a data subject?
? Determine how you will process requests for access to the data in the future from within and outside your organization
? Assess how you currently obtain customer consent to store their data. Is this “freely given, specific, informed and unambiguous”?
? Find how you handle information from underage people. Do you have systems to verify ages and obtain guardian consent?
? Implement procedures to detect, investigate, and report data breaches to the Data Protection Commissioner within 72 hours
? Implement a culture of always assessing the effect on individual privacy before starting new initiatives

So Is the GDPR Good or Bad for Business
The GDPR should be good news for business customers. Their personal data will be more secure, and they should see their rate of spam marketing come down. The GDPR is also good news for businesses currently investing resources to protect their clients? interests. It could however, be bad news for businesses that have not been focussing on these matters. They may have a high mountain to climb to come in line with the GDPR.
Disclaimer: This article is for information only and not intended as a comprehensive guide.

Contact Us

  • (+353)(0)1-443-3807 (IRL)
  • (+44)(0)20-7193-9751 (UK)
What is Business Intelligence?

How well do you know your customers? That is, can you actually pinpoint which among them are you most profitable with and which are making you spend more? Are you content with the accuracy of your forecasts and market predictions? Do you feel you’re spending more on legal costs and regulatory compliance than you should?

Your IT department may be handling these concerns pretty well but perhaps you’d like to know how you can further improve things.

What we’ve got is an IT solution wrapped in a fancy name called ‘Business Intelligence’ or BI. If you think that’s too strong a term, we invite you to read more below, then you be the judge.

Dashboards – Determine the health of your business at a glance

Most drivers rarely make use of their car’s dashboard. After all, you can still reach your destination by just using the steering wheel, pedals, gear stick and so on. But that’s not exactly the most efficient way to drive, right?

If you want to save on fuel, you’ll want to glance on the RPM and speedometer from time to time. You might also want to utilise the trip meter to determine which route is the shortest to a given destination. Other dashboard components like the fuel gauge, tire pressure gauge, engine temperature indicator, and volt meter can likewise provide information about your car’s health.

The same concept applies to business management. If you want to run your business intelligently, you can make use of BI dashboards. These are tools in a typical business intelligence package that will allow you to determine the health of your business via a set of smartly configured gauges and other intuitive graphical representations.

So that, literally, at a mere glance, you’ll already know whether various units in your company are working efficiently. A dashboard will also give you instant feedback of the strategies you’ve recently implemented; to let you know if things are working as planned.

If you want more information than a dashboard can provide, our BI packages also include highly customised reports.

Reports that help you decide faster

Dashboards are great for getting valuable information at a glance but they won’t tell you everything. For more details, you’ll need to view highly customised reports. Our reports are tailor made for each user. We see to it that, by default, each person gets the information he needs the most.

If you belong to the sales department, you normally won’t need a presentation of the data that is appropriate for people in accounting. That way, you don’t spend time filtering. Instead, you and your people can move on to making well-informed decisions.

Our BI systems make use of your vast collection of data to provide reports that will organise your regulatory requirements and call your attention to approaching deadlines. The same system will provide the right information for your people on the field. If your team members are equipped with smart phones and Pocket PCs, they can retrieve whatever it is they need to know to close deals, make sales, and serve clients faster than the competition.

Generating logical information from disparate sources of data scattered over an enterprise-wide organisation is no easy task. But we’ll make it look simple. That’s because we’ve got the expertise to bring it all together into a robust data warehouse and to extract them in the form of reports and dashboards through OLAP.

OLAP and Data Warehousing – Powering the generation of actionable information

Want to know how to generate reports with the highest degree of accuracy and reliability? In theory, what you need is a single repository or a data warehouse. That is, order receipts, sales invoices, as well as customer & supplier data is integrated with regulatory details, personnel data, and others. These are all specially organised for future reporting and analysis.

However, data, no matter how all-embracing, is useless until it is processed into actionable information. Through OLAP or Online Analytical Processing, you can seamlessly collect all relevant data from your vast repository to answer queries like “What is our company’s profitability for the 2nd quarter in all identified key cities for our top-of-the-line products?”.

The strength of OLAP lies in its inherent ability to perform data analysis and very complex calculations, thus enabling it to return complex queries much faster than other database technologies. It is therefore suitable for very large data sources, i.e., data warehouses.

Dashboards and reports will only give your organisation the edge if the information retrieved is reliable, fast, and accurate – exactly the kind OLAP is so good at.

Mobile BI – Step back and see the big picture anytime, anywhere

Spreadsheets are great for displaying detailed information. However, in today’s highly competitive market, retrieving information that matters the most in the shortest possible time is vital in maintaining a sizeable lead over the competition. To step back and see the big picture, you’ll need insightful tools like dashboards and automatically generated reports.

Reports can be beamed to mobile devices such as smart phones and Pocket PCs. They can also be viewed on eBook readers as well. You can also do the same tasks with spreadsheets. But imagine how you’d need to scroll over a large spreadsheet on any of these mobile devices just to know which customer in your current location has performed well over the last month.

If you really want to make quick, well-informed decisions, BI dashboards for mobile devices is the way to go. You can make use of various business objects such as drill-able charts, performance metrics, and metric trend graphs to make crucial decisions even when on you’re in the field.

Ready to work with Denizon?

Contact Us Today