ENCS develops security requirements documents to help its members and grid operators to run secure systems. The documents cover specific smart grid systems, including:

  • SCADA / EMS / (A)DMS
  • Substation automation
  • Distribution automation
  • Smart metering
  • Electric vehicle charging

Grid operators can use the security requirements when they build new systems or update existing systems. The requirements are designed to be used with an information security management system. They are aligned with the ISO/IEC 27000 standards.

Security requirements documents

ENCS provides five types of documents:

  1. Security risks assessments which analyze threats and impact for typical systems. They can help grid operators to assess the risks in their own systems. They are also used to check if the measures in the security architecture are strong enough.
  2. Security architectures which recommend technical security measures to mitigate the risks. The measures concern the whole system. This is usually more effective than coming up with measures per component. The architecture can act as a blueprint for departments maintaining the system.
  3. Security requirements for procuring devices or software. These documents break down the security architecture into requirements to individual components. The requirements can be copied into tender documents.
  4. Security test plans for components that describe how to verify the requirements. They define the types of tests and test cases that need to be performed to know that the requirements are met.
  5. Technical audit plans to check that a system follows the security architecture. They contain audit and test activities to verify the measures in the architecture. Grid operators can use the plan when accepting a new system in production or to assess the security of a running system.


The SCADA / EMS / (A)DMS security requirements cover the central systems used at control centers. They contain measures for the SCADA, EMS and (A)DMS applications, servers, workstations, and networks.

Substation automation

The substation automation security requirements cover the systems in high-voltage substations. (Sometimes also known as Protection Automation and Control (PAC) systems.) They can be used by both DSOs and TSOs. They contain measures for gateways, HMIs, IEDs and protection relays.

Distribution automation

The distribution automation requirements cover the systems used in medium voltage substations. They contain requirements for RTUs and telecom modems at the substation. But they also cover the central systems used to maintain the substation equipment.

Smart metering

The smart metering requirements cover the full smart metering chain. They include measures for smart meters, data concentrators and central systems. The requirements have been endorsed by E.DSO for smart grids.

Electric vehicle charging

The electric vehicle (EV) charging requirements cover Charge Point Operator systems. They give measures for charging stations and  central systems used to maintain and control them. They can be used by municipalities and provinces or others when procuring charging services.

The requirements have been developed together with ElaadNL. They hav been endorsed by E.DSO for smart grids.