Security requirements

ENCS develops security requirements documents to help its members and grid operators run secure systems. These documents cover specific smart grid systems, including SCADA / EMS / (A)DMS, substation automation, distribution automation, smart metering and electric vehicle charging. The procurement requirements are publicly available, while the other documents (risk assessments, architecture documents, test plans) are restricted to ENCS members.

Grid operators and vendors can use these security requirements when building new systems or updating existing systems. The requirements are designed to be used with an information security management system and are aligned with the ISO/IEC 27000 standards. ENCS provides eight types of security requirement documents:


The SCADA / EMS / (A)DMS security requirements cover the central systems used at control centers. They contain measures for the SCADA, EMS and (A)DMS applications, servers, workstations, and networks.

Substation automation

The substation automation security requirements cover the systems in high-voltage substations. (Sometimes also known as Protection Automation and Control (PAC) systems.) They can be used by both DSOs and TSOs. They contain measures for gateways, HMIs, IEDs and protection relays.

Distribution automation

The distribution automation requirements cover the systems used in medium voltage substations. They contain requirements for RTUs and telecom modems at the substation. But they also cover the central systems used to maintain the substation equipment.

Electric vehicle charing

The electric vehicle (EV) charging requirements cover Charge Point Operator systems. They give measures for charging stations and central systems used to maintain and control them. They can be used by municipalities and provinces or others when procuring charging services.

The requirements have been developed together with ElaadNL. They hav been endorsed by E.DSO for smart grids.

The sensors requirements cover the security architecture for sensor systems, particularly those based on IoT technologies.


The distributed energy resources (DER) requirements support grid operators and parties with roles in wind or solar systems in selecting and implementing technical security measures for distributed systems, wind farms, solar parks and their components.

Central Systems

The central systems requirements cover the security measures to protect engineering laptops.