6/4/2018 6:50:42 PM -
On May 31, the New York Department of Public Service Staff hosted a meeting to discuss recently proposed Data Security Agreements (DSA) and Vendor Risk Assessments (VRA). All parties (ESCOs and 3rd parties) with direct or indirect access to Utility systems must meet the new requirements. These new regulations are a source of conflict in the industry, and all parties should decide where they stand on the topic and take immediate action as a result.
At this meeting, the Joint Utilities presented their case as to why these new measures were necessary and stressed the importance of moving forward quickly. The ESCO and EDI Provider community countered that this needed to be a collaborative effort between them and the Utilities to best address the risk. The NY DPS Staff supported the Utilities’ authority to implement these new requirements and also supported continued dialogue to implement in the best way. However, The Staff made it clear that this will not be rolled out via a lengthy back and forth discussion over several months, but in an urgent manner.
The meeting has made it clear that these new requirements will definitely be implemented. ESCOs and EDI Providers are roughly halfway through their original 60 day timeframe allowed by the Utilities. It’s possible that the deadline may be extended, but there are no guarantees at this point, and it likely won’t be extended for long. If your business has not been following this topic and taking action to complete the DSA and VRA, then we suggest you take action quickly!