Load Settlement Business Advisory Committee Meeting - PowerPoint PPT Presentation

Loading...

PPT – Load Settlement Business Advisory Committee Meeting PowerPoint presentation | free to download - id: 1a6ff6-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Load Settlement Business Advisory Committee Meeting

Description:

... individually address the top ten risks identified (see sub-recommendations) ... Delay, Script Execution, DropChute Files, Error Dialogs and Database Size. ... – PowerPoint PPT presentation

Number of Views:46
Avg rating:3.0/5.0
Slides: 44
Provided by: kmo84
Learn more at: http://www.aeso.ca
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Load Settlement Business Advisory Committee Meeting


1
Load Settlement Business Advisory
CommitteeMeeting 8
  • October 5th, 2006
  • AESO Boardroom

2
LSBAC Agenda (DRAFT)October 5th, 2006, 900 am
1130 am
  • Welcome and introductions
  • Administrative matters
  • Settlement Zone Accuracy Working Group (Bob
    Deyl)
  • File Transfer Mechanism Risk Assessment (Blair
    Morton)
  • File Transfer Mechanism Backup Plan (Blair
    Morton)
  • Roles and Mandates (DOE)
  • Other (all)

3
Settlement Zone Accuracy Working
Group(Presenter Bob Deyl)
4
File Transfer Mechanism (FTM) WorkgroupRisk
Assessment (Presenter Blair Morton)
  • Blair Morton, ATCO Electric Kathryn Wood, DOE
  • David Strayer, EPCOR Kathy McCollum, ATCO Gas
  • Doug Coreman, ENMAX Peter Graham, ENMAX
  • Fino Tiberi, EUB Peter Wong, AESO
  • Ilgi Sultanoglu, ENMAX

5
Introduction
  • The File Transfer Risk Assessment Workgroup was
    charged with reviewing the independent assessment
    done by CGI.
  • The following slides summarize the workgroups
    recommendations based on CGIs final report.

6
Recommendation 1
  • The workgroup and the independent consultant do
    not support replacing DC at this time. From the
    risk perspective, the workgroup believes that DC
    can be made acceptable through additional
    operational monitoring, controls, and processes.
    This can be achieved through manual intervention,
    awareness, and avoidance of problematic features.
    The workgroup does expect that a replacement
    will be required in 2-3 years.
  • Should new risks emerge from anticipated new
    requirements or changes in use that cannot be
    mitigated, seeking a replacement solution should
    be accelerated. An example may be where
    automated meter reading volumes are anticipated
    to exceed capabilities of Dropchute, or a
    significant number of market participants
    experiencing data transfer problems.
  • From the operational perspective, the workgroup
    recognizes that there are limitations in the
    product that do not fulfill some business needs
    and operational challenges that impact
    reliability that the industry is being asked to
    accept. These are issues that must be considered
    in defining future requirements for a replacement
    solution.
  • Report Recommendation
  • Maintain current DropChute environment, but
    invest in a second FTM option. Keeping the
    DropChute environment, allows stakeholders to
    keep costs low and provides fair access for
    smaller organizations. Investing in another FTM
    option provides choice for larger organizations
    but keeps complexity to a minimum and solves the
    orphan product problem for DropChute.

7
Recommendation 2
  • The workgroup recommends that market participants
    individually address the top ten risks identified
    (see sub-recommendations). By being more aware
    of the weaker areas and features in DC, market
    participants can tailor their processes and add
    controls to avoid or minimize risks related to
    those areas.
  • Report Recommendation
  • Mitigation plans should continue to be
    implemented at the individual stakeholder level.
    Based on the overall industry risk being
    acceptable and that mitigations are currently
    being deployed for most of the top ten risks, CGI
    recommends a continuation of the current
    DropChute mitigation approach.

8
Recommendation 2a
  • Provide detailed clarity in enforcement for data
    non-compliance. Addressing this issue allows
    market participants to have a more comprehensive
    understanding of the penalties (financial risks)
    related to non-compliance. Currently the
    enforcement penalties are broadly defined.

9
Recommendation 2b
  • There are a number of limitations in the DC
    application, which do not address some
    requirements related to CSOX. The workgroup
    acknowledges these limitations and recommends
    that market participants accept the product
    limitations. The lack of functionality can be
    addressed by developing additional functionality
    outside of the DC product. The workgroup
    recommends that these limitations be addressed in
    the specifications for a future replacement
    mechanism.

10
Recommendation 2c
  • The workgroup recommends that the industry
    support development of confirmation transactions,
    and include requirements for confirmation
    transactions in any future replacement solution.
    For the short term, the workgroup agrees that the
    mitigation is to increase awareness of problem
    areas, avoid those operational features, increase
    monitoring, and put processes in place to correct
    situations where those problems emerge. Note
    that some market participants have already
    addressed some or all of these problem areas.

11
Recommendation 2d
  • For the short term, accept that the current DC
    platform provides an outdated level of security
    that poses a risk to the data. Migration to a
    newer platform may appear to resolve the problem,
    but may not as the DC product being unsupported
    on the newer platform may not utilize any of the
    newer security features.
  • The workgroup recommends that the industry
    specifically monitor and assess the severity
    of security risks resulting from remaining on an
    unsupported platform where new patches cannot be
    installed. If a market participant identifies an
    unacceptable risk (i.e. unable to install a
    security patch), they are asked to report this
    situation to the EUB. (See Recommendation 5 for
    EUB follow up)

12
Recommendation 3
  • The workgroup proposes that all market
    participants review the findings in the report
    and be aware of the issues pertaining to the DC
    product and features refine their own processes
    to avoid features that result in identified
    problems continue to monitor areas where these
    problems have been identified and report those
    problems to the EUB. The workgroup recommends
    that this action be carried out immediately.
  • Report Recommendation
  • Inform Stakeholders of DropChute behaviors
    identified in Lab and evaluate fine tuning
    recommendations. Awareness of specific behavior
    areas are the Data Persistence Delay, Script
    Execution, DropChute Files, Error Dialogs and
    Database Size. Please refer to the Fine tunings
    list in the Appendix.

13
Recommendation 4
  • Proceed with developing a backup plan for
    disaster situations. Currently the industry does
    not have a comprehensive or well coordinated plan
    for handling failures in the data communications
    infrastructure. The FTM workgroup is currently
    developing a plan for industry. The workgroup
    recommends that the plan be ready for use by the
    end of 1Q 2007.

14
Recommendation 5
  • The workgroup recommends that the industry should
    continue to monitor for any new risks (or
    problems) or increases in the known risks with
    Dropchute every 4 months. The monitoring should
    be established under the EUB, who is currently
    collecting data on Dropchute problems related to
    TBC.
  • Report Recommendation
  • Continue to Monitor and Report - Use this risk
    assessment as a baseline. It is important to
    monitor the effectiveness of the risk mitigation
    plans and the factors that may affect
    probabilities or impact.

15
Recommendation 6
  • The report recommends an overall Privacy Impact
    Assessment be done. The workgroup agrees that
    this assessment should be completed and
    coordinated between the EUB and DOE.
  • Report Recommendation
  • The only other next step to consider, based on
    R6, unless already completed, is the
    recommendation for an overall Privacy Impact
    Assessment (PIA). The probability and impact of
    personal information being disclosed to another
    party without consent or being used for other
    purposes should be reviewed. The Alberta PIPA
    (Personal Information Protection Act) and Federal
    PIPEDA (Personal Information Protection and
    Electronic Documents Act) are the relevant acts.
    Although information is encrypted enroute,
    between DropChute boxes, there is the risk a
    wrong destination organization could receive and
    interpret personal information like addresses. A
    PIA was out of scope for this report but should
    be considered as a next step.

16
Additional Workgroup Comments
  • The workgroup agrees with the report
    recommendations that there are no immediate risks
    that require urgent mitigation. The industry was
    concerned that with additional TBC volumes
    commencing in July 2006, that there was a risk of
    DC failure. Testing conducted in the review has
    shown there is capacity in DC to handle
    additional volumes from the TBC. No further
    mitigating actions are required.

17
Additional Workgroup Comments
  • The report recommended that a second FTM solution
    be selected and offered concurrently to DC, to
    reduce transition for smaller market
    participants. The workgroup believes that this
    would introduce complexities for the industry and
    did not support that direction.

18
Additional Workgroup Comments
  • The workgroup determined that recommendations
    pertaining to the top 10 identified risks would
    be the area of focus in this review. The
    industry should proceed to looking at mitigation
    of the lesser priority risks after the top 10
    recommendations have been addressed.

19
Questions?
20
File Transfer Mechanism (FTM) WorkgroupBackup
Plan (Presenter Blair Morton)
  • Blair Morton, ATCO Electric Kathryn Wood, DOE
  • David Strayer, EPCOR Kathy McCollum, ATCO Gas
  • Doug Coreman, ENMAX Peter Graham, ENMAX
  • Fino Tiberi, EUB Peter Wong, AESO
  • Ilgi Sultanoglu, ENMAX

21
Introduction
  • Industry raised concern that if TBC volume risks
    were uncovered in risk assessment, there would
    not be sufficient time to mitigate them
  • Workgroup proceeded to develop a backup plan,
    using DVDs as the preferred data transport
    method
  • Risk assessment review identified that TBC volume
    risks are not as significant a concern as first
    thought. Additional concerns around congestion
    were also dismissed through industry tests.
  • Workgroup continued to develop plan, but with
    less urgency. Need for an industry backup plan
    is a recommendation from the independent review
  • Recommendations of the workgroup on a backup plan
    are presented here. Further design is required
    before implementation

22
Workgroup Process
  • Defined applicable scenarios
  • Validated preferred DVD alternative with other
    alternatives
  • Investigated factors that need to be considered
  • Made recommendations where appropriate
  • Present recommendations to industry

23
What is being backed up?
  • Two scenarios are considered
  • Failure of communications system infrastructure
    (internet)
  • Failure of Dropchute application
  • Other more disastrous situations (eg. epidemics)
    can occur, but are not considered, as data
    transfer would be pretty unimportant relative to
    other services and functions
  • Scenarios assume failure of other mitigation
    plans
  • Some industry parties have other risk mitigation
    plan in place (service providers have backup
    systems, alternative providers in place, etc)
  • Impact of failures may be mitigated by business
    continuity plans in some organizations

24
Communications System Failure Scenario
  • Internet is not available to industry may be
    due to viruses or physical problems. Industry
    impact - Market participants cannot transfer data
    through the internet infrastructure.
  • Invoked when failure is expected to be for days,
    not hours
  • Not designed for long term failures, over 3 weeks
  • Assumes all other support (non-communications)
    infrastructure is in place (eg. resources
    available, settlement systems working, power
    available, etc)
  • What backup should industry have in place?

25
R1 Validate Use of DVDs
  • Supported as an industry preference as a backup.
    Some organizations have adopted this as their own
    solution
  • Workgroup validated the DVD option with
  • Dedicated services should be used as primary, not
    a backup. Also quite costly to have as a backup,
    especially for smaller market participants
  • Dialup solutions do not have the capacity and may
    not be available if the internet is down
  • Redundant service providers are viable for larger
    organizations, but may also not be available in
    an internet outage
  • The workgroup recommended that DVDs be looked at
    as the primary backup solution for this scenario
    and pursued the option further.

26
R2 Industry Wide Implementation
  • The backup plan is intended to address industry
    wide problems and not for single part problems
    with internet infrastructure
  • Partial use would create concurrent data paths
    for industry, leading to confusion and complexity
  • Single party is responsible for localized issues
    through corporate business continuity plans

27
R3 Develop Business Standards and Requirements
  • Business standards are required to reduce
    confusion in this manual process. The simpler
    the rules and process, the less likelihood errors
    will occur. The workgroup recommends that,
  • All data (of one type) for the day to be burned
    onto a single DVD
  • DVDs be sent only once per day to parties where
    data exchange is required
  • DVD labeling standards be developed (type, to,
    from, date, etc)
  • Files naming rules be followed file naming
    rules are defined in the code, and should apply
    in the backup situation to allow integration with
    downstream processes and applications
  • Process to maintain contact information who to
    send DVD to, address, etc.
  • Review need for delivery standards difficult to
    impose, if courier services are impacted

28
R4 Develop Technical Standards and Requirements
  • Workgroup identified areas that require further
    work by technical experts
  • Technical standards
  • Standardize on the type/format of DVDs to be used
  • Hardware standards commercial requirements?
  • Encryption standards
  • Validation standards to check that DVD contains
    the data expected

29
R5 Decision Criteria
  • Workgroup concluded that the EUB is in the best
    position to decide when to invoke a backup plan
  • Communications failures will impact 3 areas (load
    settlement, tariff, gas settlement) under
    oversight by the EUB
  • Single party needs to be making decisions to
    invoke the plan
  • A simple prescriptive criteria for invoking a
    backup plan is difficult to define
  • Decision to invoke depends upon the circumstances
  • Judgment on the deciding party is needed is
    needed to account for the situation
  • EUB may have other similar processes as
    regulators for the energy industry. This process
    may tie into an already established one.

30
R6 Transaction Timing/Backdating
  • Using DVDs introduces a delay in receiving
    transactions and creates problems for processing
    transactions which are time sensitive
    (enrollments)
  • Some systems do not have backdating capabilities
    and cannot pre-date to when the transaction
    should have been processed
  • The workgroup supports relaxation of timing
    rules, suspension of enrolment timing rules, and
    the processing on enrolment transactions on a
    when received basis.
  • There will be a slight impact on accuracy of
    results
  • Enrolments may not occur on the expected date,
    which may impact retailers

31
R7 Communications Process
  • Where there is a communications infrastructure
    failure, it may also affect other types of
    communication that would make it difficult or
    impossible for the EUB to communicate that the
    backup plan is invoked
  • One solution supported by the workgroup is where
    there has a failure, and there is no
    communication with the EUB, the backup plan is
    assumed to be in effect after a period of time
    (24 hours).
  • The process and plan should be included in the
    codes or rules

32
Summary of Recommendations
  • Workgroup supports the DVD backup solution and
    does not see any major impediments to
    implementation at this time. More detailed work
    is required in various areas and will confirm
    this. The workgroup has provided its
    recommendations on the direction for these areas.
  • Use simple DVD process, and invoke on industry
    wide basis
  • Detail technical and business requirements, under
    the EUB
  • Develop decision criteria for invoking backup
    under EUB
  • Relax transaction timing rules to avoid
    backdating
  • The workgroup Target completion of the work by
    end 1Q 2007

33
Dropchute Application Failure Scenario
  • Dropchute application fails but the internet
    infrastructure remains in place may be due to
    limitations in the application,
    application/platform specific virus,
    platform/application incompatibility. Industry
    impact - Market participants cannot transfer data
    through the internet infrastructure.
  • Industry wide, this scenario is highly unlikely
  • Failure at one installation is more likely
  • DVD backup scenario may also work for this type
    of failure

34
Options Considered
  • Workgroup considered various options that
    continue to use the internet for data exchange.
  • Files via email, secure FTP pickup, redundant
    Dropchute, and managing transfers using
    Dropchute.
  • Industry has provided strong support for the
    secure FTP option
  • The workgroup concurs with the industry and
    proceeded to investigate the option further

35
Secure FTP Option
  • Pros
  • Uses existing communication infrastructure
  • Minimal disruption and cost to client sites
  • Similar transfer solution as Dropchute - mailbox
    setups
  • Volumes and capacity issues are easily addressed
  • More automated than DVD solutions
  • Cons
  • Requires infrastructure to be in place
  • Requires ongoing maintenance for infrastructure
    and process

36
Costs
  • Cost estimates for two types of secure FTP
    installations were obtained, to provide a sense
    of the magnitude of the costs.
  • Wire Owner/LSA Hosted sites (each site)
  • 62,400 for UNIX Server (Approx same for Windows
    w/Security)
  • 50,000 per year maintenance (1/2 man-year)
  • Based on typical server setups
  • Externally Hosted site (one site for industry)
  • 22,100 capital costs (UNIX)
  • 32,000 per year maintenance costs
  • Based on minimal specifications, costs will vary
    depending on arrangements and requirements

37
Issues to be Considered
  • Cost sharing arrangements need to be worked out
    for externally hosted site configuration
  • Wire Owner/LSA hosted sites can be used for
    localized backup situations and may be combined
    with other backup functions
  • Need a process to invoke this plan should be
    called by a regulating agency (EUB)

38
Summary of Recommendations
  • Workgroup summary
  • Secure FTP solutions are viable with little
    impediment to implementation, but require an
    initial investment of capital and continued
    maintenance costs.
  • A DVD solution is also viable to address this
    situation, but would be much more cumbersome and
    manual if called upon.
  • The workgroup sees both approaches fairly even,
    and seeks further feedback on industry
    preferences.

39
Questions?
40
Next Steps Working Groups
  • Request written comments on Workgroup Report
    recommendations
  • Agencies will consider recommendations in report
    and input from industry
  • Announce decision to proceed and next steps

41
Roles and MandatesTransition of Rule Making
Authority for SSC(DOE)
42
Other Topics
43
Closing Out
About PowerShow.com