Attendees
Andrew Wileman (Virgin Media)
Andy Rawnsley (Gamma Telecom)
David Clarkson (Ofcom)
David Halliday (OTA
Gareth Davies (Ofcom)
John Morden (BTW)
Martin Whewell (Openreach)
Neil McArthur (Talk Talk)
Paul Beaumont (Sky)
Peter Ryde (NGNuk)
Rod Smith (NGNuk)
Robyn Durie (Everything Everywhere)
Steve Unger (Ofcom)
Steve Best (BT Wholesale), Andy May (CW), Ann Francis (Colt),
1. Minimum Security Standard
2. Terminal Compatibility
3. NGN Standards
4. WiFi
5. Budget
6. AOB
NICC ND1643 and associated guidance
Peter Ryde stated that Version 2 of the NICC Minimum Security Standard (ND1643) had been agreed by NICC but is not yet published on the NICC web site .
Version 3 will update the Standard with feedback from CPs and Auditors following the initial implementation and audits. This is progressing, albeit slowly.
He informed the Exec that this revised version of the Standard will be applied retrospectively to those CPs who have been audited to date. These are BT and TT. It will however not affect the existing conclusions of the auditors. Overall both the CPs audited and the Certification Bodies were able to confirm there are no significant issues identified with the Standard or auditing against the documented controls.
EU Framework and MSS Scope
Steve Unger provided the Exec with an update on the activity of BIS and Ofcom regarding the impact of the EU Framework Directive. He stated that the output on the BIS Consultation had not yet been published but was expected towards the end of April. An Ofcom statement on their approach will follow very shortly after this.
He reiterated the view he had stated at his last briefing to the Exec in mid 2010. Meeting ND1643 would provide a presumption of a CP meeting the requirements of Article 13 of the EU Framework Directive. Ofcom will publish guidance and write to CPs regarding compliance to the Article and Reporting of Incidents. CPs will be asked regarding their status of compliance and if they do not comply, what actions are being taken to do so. For reporting purposes Ofcom have worked with CPNI to communicate the thresholds to be followed by CPs.
Peter Ryde stated that at the last NGNuk Exec it was highlighted that the 3 CPs implementing the standard (BT, KCom and TT) had applied ND1643 consistently but their interpretation was more limited than originally envisaged by TISAC/CPNI. This was raised with CPNI who confirmed that the original scope aimed to protect networks in shared areas; they defined this as 'interconnect' for convenience rather than equipment type (e.g. MSAN) or operation (e.g. LLU). Where there are sites which are shared by other parties and which are declared 'out of scope' then CPNI have stated they believe the original purpose will have been undermined and the risk not fully addressed. As requested by the Exec at the last meeting this has been flagged to Ofcom for resolution between NICC/Ofcom and CPNI. It was also flagged to members/individuals attending TISAC. No subsequent feedback has been provided. Proposed that NGNuk should not take any further action unless requested to do so by either TISAC or Ofcom. This was accepted by the Exec.
Impact on smaller CPs
Peter Ryde stated that an assessment of ‘readiness’ and advice on implementation of two small CPs was undertaken by Red Island funded by Ofcom.
These reviews showed that neither had documented the scope, nor had a security policy, that roles & responsibilities had not been defined and that no documented or measurable access control policy(s) were in place. They both showed some or full compliance with: management commitment, 3rd party agreements, T’s & C’s of employment, physical security, equipment maintenance, network controls and incident monitoring.
A good level of best practice was in operation, however, in many cases this was not supported by any documentation or monitoring.
The general consensus of both CP’s was that whilst they could both understand the reasoning behind the Standard that due to their size, felt the documentation they perceived will be required was onerous and unnecessarily bureaucratic. Peter Ryde informed the Exec that he is scheduled to meet Telxl (one of the CPs) to review whether the guidance to CPs and auditors can be improved to clarify what would be acceptable, particularly around change control , staff starters & leavers and operating procedures and whether this can be made less bureaucratic or onerous.
A strong request from both CP’s was the provision of sample policies and procedures. They both felt that if NGNuk/OFCOM could provide “boilerplate” examples of an acceptable use policy and the required procedures for them to tailor to their own environments, this would save them a lot of resource and provide assurance that their documentation was compliant.
UKAS
Peter Ryde informed the Exec that the documentation that needs to be supplied to UKAS is prepared but requires the final version of the Standard and Guidance to progress. This has not been ‘pushed’ with UKAS, in part since beyond the initial three CPs, only C&W and Colt appear to be implementing the Standard. This will make trialling for the accreditations scheme problematic. CP adoption will be triggered by any Ofcom statement(s) and contract activity by larger CPs, so is not an immediate prospect.
To support CPs wishing to gain certification in advance of UKAS accreditation Peter Ryde stressed that there are three Certification Bodies who are available which are BABT, BSI and LRQA
Terminal Compatibility
NICC Guidance
Peter Ryde informed the Exec that the NICC guidance on Terminal Compatibility for NGN/NGA has now been published.
Both TIA and BSIA have been informed and the offer made to facilitate a call with NICC should there be any general areas of clarification required. Peter Ryde also stated that both organisations had been asked to provide a considered view on test facilities now that the guidance is available.
Complaint
Peter Ryde informed the Exec that the TSA made fairly general complaint to NGNuk/Ofcom regarding lack of support from CPs to revert to a previous supplier/product when these create problems for services to the vulnerable.
On discussing this in more detail with their ‘technical’ representative there appeared to be a number of underlying issues which are as follows:
1. Status of escalation of repairs across CPs when a vulnerable individual is identified and whether this is being universally applied by CPs: Peter Ryde stated that Ofcom Consumer Policy group have been involved plus he had contacted Openreach to confirm use of the DSO by all significant CPs.
2. That when a fault occurs Service Providers to vulnerable individuals are provided with minimal information on the progress, nature and likely fix time from their telecoms provider. This affects their ability to take mitigating action. Associated with this is how to facilitate the authorisation of a Service Provider to act as an intermediary.
3. Reversion to current supplier when problems are experienced associated with the line performance of the new CP. As such a procedure does not exist Peter Ryde stated he would seek to clarify the timeline for reordering such services and the position of CPs where a cancellation is required.
4. A general concern over current levels of fault repair and provisioning
NGN Standards
Following the last Exec meeting Peter Ryde was requested to lobby members to support the NICC work in this area. In this context Colt, Gamma, Sky, TT, EE and Virgin all committed to participating to support NICC with the work associated with SIP NNI - ND1647. He stated that he had offered that NGNuk would facilitate the involvement of smaller CPs associated with organisations such as ITSPA, FCS etc. This was accepted by NICC but they have yet to determine the appropriate timing or nature of input required.
TT had raised a concern regarding signalling dialled digits (INFO and multiple INVITEs), however it was agreed to discuss this outside of the meeting to identify whether this was an NGNuk issue.
WiFi
Neil McArthur provided an update on the discussions he’d had offline regarding seeking to harmonise CP approaches to implementing WiFi. He stated that prior to the next Exec, he would provide a briefing on the benefits of to industry and consumers in harmonising Connection, Security, Authentication and Roaming between Wifi-Wifi and WiFi-3G/4G with view to holding a more detailed discussion of how this might be achieved.
Action 1 – March 2011: Neil McArthur to circulate a briefing on the benefits of to industry and consumers in harmonising Connection, Security, Authentication and Roaming between Wifi-Wifi and WiFi-3G/4G prior to the May Exec
It was suggested that the discussion should be extended to a more technical audience.
Budget
Rod Smith provided an update on the status of the 2010/11 budget. He also stated that the 20011/12 invoices had been issued and requested that members facilitate payment asap.
AOB
NICC QoS Working Group – Peter Ryde informed the Exec that the Working Group had queried the status of the NGNuk End-to-End Services Requirements Scope for
Interconnected Next Generation Network Interconnections which had been submitted for consideration in mid 2007. Peter Ryde stated that as the document had not been maintained he had informed the NICC work group that it could be taken as an input to any QoS work but that NGNuk would not seek to update it. NGNuk would however seek to respond any specific requests from the work group regarding commercial input.
| Action 1 – January 2011 – Flag to Ofcom that the scope of ND1643 differs from that originally envisaged by CPNI. Completed | Peter Ryde |
| Action 2 – January 2011 – Contact NGNuk members to encourage their support for SIP NNI Standards development via NICC ND164. Completed | Peter Ryde |
| Action 1 – March 2011: Neil McArthur to circulate a briefing on the benefits of to industry and consumers in harmonising Connection, Security, Authentication and Roaming between Wifi-WiFi and WiFi-3G/4G prior to the May Exec | Neil McArthur |
Peter Ryde
NGNuk Office
07771 555 048
020 7783 4688
peter.ryde@ngnuk.org.uk