Data Security Examinations

Data Security Examinations

Based on the Electricity Supply Ordinance (ESO [1]), METAS-Cert carries out data security examinations for intelligent measuring systems. The examinations are based on the protection requirements analysis Smart Metering in Switzerland [2].
Based on the protection need analysis, the guidelines for the data security of intelligent measurement systems were drawn up (main document [3], Annex 1 [4], Annex 2 [5]). The test methodology [6] was published by the association Smart Grid Industrie Schweiz (Swissmig).

On the basis of the available information, manufacturers of intelligent measurement systems (applicants) can register for testing with METAS-Cert.

The bases for the tests are defined in the guidelines for data security testing:

The tests are not carried out by METAS, but by testing laboratories. The applicant should already know at the first contact with which testing laboratory he will carry out the tests. The requirements for testing laboratories are defined in the guideline.

Registration procedure

1) Contact by e-mail (ds@metas.ch)
The contact is informal, METAS-Cert will then send a checklist (SDCM) for completion and assign a mandate number, which is necessary for the transmission of the data.

2) Filling in the checklist
The applicant fills in the checklist (SDCM) according to the instructions and transmits it to METAS-Cert via PrivaSphere (see Secure data transmission).

3) Estimate of costs
METAS-Cert makes a cost estimate for the data security check (part of METAS-Cert) on the basis of the information provided. The testing laboratory is mandated by the applicant, the costs of the testing laboratory are regulated directly between the testing laboratory and the applicant.

4) Testing process
The applicant submits the application form, which should also be signed by the testing laboratory, with the required evidence.

After confirmation by METAS-Cert, the applicant may submit the order to the testing laboratory.
The applicant shall inform METAS-Cert when:

  • The order has been submitted to the testing laboratory.
  • The test specimens together with the documents have been sent to the testing laboratory.
  • Problems arise.

The testing laboratory informs METAS-Cert when:

  • The test specimens have been received (with exact details of the test specimens, versions and hash values).
  • The planned test program including schedule is defined
  • The documents submitted were examined
  • The tests have been completed
  • Problems arise during the test

After completion of the tests, the METAS-Cert test laboratory will send a test report stating whether the tests have been passed, the fully completed DSP matrix and all supporting documents.

5) Certification process
Once the tests have been passed, METAS-Cert starts the certification process, in which the evidence from the testing laboratory is checked and a certificate is then issued if the test was successful. Specifically, the certification process is governed by clause 3.6 of the Data Security Guidelines.

Secure transmission of data

Data from data security checks must be transmitted in a secure manner. This requires the use of the PrivaSphere tool through our website.

Link to PrivaSphere

Certificate database

Issued certificates can be accessed via the following link: https://legnet.metas.ch/cs

Enter DS as search criterion under certificate number.

Last modification 22.08.2023

Top of page

Contact

Federal Institute of Metrology
Conformity Evaluation Body METAS-Cert
Lindenweg 50
CH-3003 Bern-Wabern
T +41 58 387 01 11
METAS-Cert@metas.ch

Print contact

https://www.bj.admin.ch/content/metas/en/home/dl/datensicherheitspruefungen.html