UK Government Updates ESOS Guidelines

Britain?s Environment Agency has produced an update to the ESOS guidelines previously published by the Department of Energy and Climate Change. Fortunately for businesses much of it has remained the same. Hence it is only necessary to highlight the changes here.

  1. Participants in joint ventures without a clear majority must assess themselves individually against criteria for participation, and run their own ESOS programs if they comply.
  2. If a party supplying energy to assets held in trust qualifies for ESOS then these assets must be included in its program.
  3. Total energy consumption applies only to assets held on both the 31 December 2014 and 5 December 2015 peg points. This is relevant to the construction industry where sites may exchange hands between the two dates. The definition of ?held? includes borrowed, leased, rented and used.
  4. Energy consumption while travelling by plane or ship is only relevant if either (or both) start and end-points are in the UK. Foreign travel may be voluntarily included at company discretion. The guidelines are silent regarding double counting when travelling to fellow EU states.
  5. The choice of sites to sample is at the discretion of the company and lead assessor. The findings of these audits must be applied across the board, and ?robust explanations? provided in the evidence pack for selection of specific sites. This is a departure from traditional emphasis on random.

The Environment Agency has provided the following checklist of what to keep in the evidence pack

  1. Contact details of participating and responsible undertakings
  2. Details of directors or equivalents who reviewed the assessment
  3. Written confirmation of this by these persons
  4. Contact details of lead assessor and the register they appear on
  5. Written confirmation by the assessor they signed the ESOS off
  6. Calculation of total energy consumption
  7. List of identified areas of significant consumption
  8. Details of audits and methodologies used
  9. Details of energy saving opportunities identified
  10. Details of methods used to address these opportunities / certificates
  11. Contracts covering aggregation or release of group members
  12. If less than twelve months of data used why this was so
  13. Justification for using this lesser time frame
  14. Reasons for including unverifiable data in assessments
  15. Methodology used for arriving at estimates applied
  16. If applicable, why the lead assessor overlooked a consumption profile

Check out: Ecovaro ? energy data analytics specialist 

Check our similar posts

The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Failure Mode and Effects Analysis

 

Any business in the manufacturing industry would know that anything can happen in the development stages of the product. And while you can certainly learn from each of these failures and improve the process the next time around, doing so would entail a lot of time and money.
A widely-used procedure in operations management utilised to identify and analyse potential reliability problems while still in the early stages of production is the Failure Mode and Effects Analysis (FMEA).

FMEAs help us focus on and understand the impact of possible process or product risks.

The FMEA method for quality is based largely on the traditional practice of achieving product reliability through comprehensive testing and using techniques such as probabilistic reliability modelling. To give us a better understanding of the process, let’s break it down to its two basic components ? the failure mode and the effects analysis.

Failure mode is defined as the means by which something may fail. It essentially answers the question “What could go wrong?” Failure modes are the potential flaws in a process or product that could have an impact on the end user – the customer.

Effects analysis, on the other hand, is the process by which the consequences of these failures are studied.

With the two aspects taken together, the FMEA can help:

  • Discover the possible risks that can come with a product or process;
  • Plan out courses of action to counter these risks, particularly, those with the highest potential impact; and
  • Monitor the action plan results, with emphasis on how risk was reduced.

Find out more about our Quality Assurance services in the following pages:

Systems Integration as a means to cost reduction

System integration in an organisation refers to a process whereby two or more separate systems are brought together for the purpose of pooling the value in the separate systems into one main system. A key component of process consolidation within any organisation is the utilisation of IT as a means to achieve this end. As such, system integration as a means to cost reduction offers organisations the opportunity to adopt and implement lean principles with the attendant benefits. The implementation of lean techniques requires an adherence to stated methods to facilitate the elimination of wastage in the production of goods and services. In summary, the lean philosophy seeks to optimise the speed of good and service production, through the elimination of waste.

While analysing some of the traditional sources of waste in organisational activities, things like overproduction, inventory, underutilised ideas, transmission of information and ideas, transportation of people and material, time wastage and over-processing stand out. The fact is that companies can eliminate a significant portion of waste through the utilisation of IT to consolidate processes within their organisation.

Adopting lean principles calls for the identification of all of the steps in the company value stream for each product family for the purpose of the eliminating the steps that do not create any value. In other words, this step calls for the elimination of redundant steps in the process flow. This is exactly what the utilisation of IT to consolidate processes offers a company. For instance, the adoption of a central cloud system across a large organisation with several facilities could increase efficiencies in that company. Such a company would drastically reduce the redundancies that used to exist in the different facilities, eliminate the instances of hardware and software purchase, maintenance and upgrade, modernise quality assurances processes and identify further opportunities for improvement.

Perhaps, from the company’s point of view, and from the perspective of lean process implementation, the most important factor is?the effect it has?on the bottom line.’reducing the number of hardware, eliminating the need for maintaining and upgrading hardware, removing the necessity for software purchase and upgrade across facilities also contributes to a significant reduction in operational costs.?This reduction in the cost of operations leads to a corresponding increase in the profit margin of the company.

Applying system integration as a means to cost reduction can also lead to the reduction in the number of people needed to operate the previous systems that have been integrated into one primary unit. Usually, companies must hire people with specialised knowledge to operate and maintain the various systems. Such employees must also receive special training and frequent ongoing education to constantly stay informed of the latest trends in process management. With the integration of the system, the number of people needed to maintain the central system will be significantly reduced, also improving the security of information and other company trade secrets.

Based on an analysis of the specific needs that exist in a particular company environment, a system integration method that is peculiar to the needs of that organisation will be worked out. Some companies may find it more cost-effective to use the services of independent cloud service providers. Others with more resources and facilities may decide to set up their own cloud service systems. Often, private cloud service system capabilities far exceed the requirements of the initiating company, meaning that they could decide to “sell” the extra “space” on their cloud network to other interested parties.

A company that fully applies the lean principles towards the integration of its systems will be able to take on additional tasks as a result of the system consolidation. This leads to an increase in performance, and more efficiency due to the seamless syncing of information in a timely and uniform manner.

Companies have to combine a top-down and a bottom-up approach towards their system integration methods. A top-down approach simply utilises the overall system structure that is already in place as a starting point, or as a foundation. The bottom-up approach seeks to design new systems for integration into the system. Other methods of system integration include the vertical, star and horizontal integration methods. In the horizontal method, a specified subsystem is used as an interface for communication between other subsystems. For the star system integration method, the subsystems are connected to the system in a manner that resembles the depiction of a star; hence, the name. Vertical integration refers to the method of the integration of subsystems based on an analysis of their functionality.

The key to successful system integration for the purpose of cost reduction is to take a manual approach towards identifying the various applicable lean principles, with respect to the system integration process. For instance, when value has been specified, it becomes easier to identify value streams. The other process of removing unnecessary or redundant steps will be easier to follow when the whole project is viewed from the whole, rather than’the part. Creating an integrated system needs some?patience?in order to work out kinks and achieve the desired perfect value that creates no waste.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today