AssetManagementBites #19 from Solar Asset Management Best Practice Guidelines

May 25, 2020

Welcome to the #AssetManagementBites.

Every Monday we will be sharing with you one of the numerous recommendations, best practices and advises (“bites”) from the “Solar Asset Management Best Practice Guidelines Version 1.0”.

The document was developed by SolarPower Europe with the contribution of Alectris. The “Solar Asset Management Best Practice Guidelines Version 1.0” is a resourceful guide addressing the commercial and financial management of solar investments, balancing the risks, opportunities, costs, and performance benefits. The document aims to encourage asset managers to keep their services consistent and at the highest level.

Bite #19



9.6. Cybersecurity [part 2/2]

It is therefore best practice that installations undertake a cyber security analysis, starting from a risk assessment (including analysis at the level of the system architecture) and implement a cybersecurity management system (CSMS) that incorporates a plan-do-check-act cycle.


The CSMS should start from a cybersecurity policy, and definition of formal cybersecurity roles and responsibilities, and proceed to map this onto the system architecture in terms of detailed countermeasures applied at identified points (e.g. via analysis of the system in terms of zones and conduits). These detailed countermeasures will include the use of technical countermeasures such as firewalls, encrypted interfaces, authorisation and access controls, and audit/detection tools. But they will also include physical and procedural controls, for example, to restrict access to system components and to maintain awareness of new vulnerabilities affecting the system components.


As minimum requirements, loggers should not be accessible directly from the internet or should at least be protected via a firewall. Secure and restrictive connection to the data server is also important.


The manufacturer of the data-logger and the monitoring platform should provide information on penetration tests for their servers, any command protocol activation channels and security audits for their products. Command functions should be sent using a secure VPN connection to the control device (best practice). Double authentication would be an even more secure option.


For further information, beyond t he scope of this document, please look at the EU Cybersecurity Act (EC, 2019) and the European Parliament’s study “Cyber Security Strategy for the Energy Sector” (EP, 2016).




Previous #AssetManagementBites


ACTIS ERP is an innovative Renewables’ Enterprise Resource Planning Platform dedicated to empowering end-owners and stakeholders of renewables’ assets, Asset managers and O&M service providers with full control of their portfolios through the award winning, one-stop solution providing comprehensive and integrated Real-time Monitoring, Service Management, Asset Management, PPA Billing, Project Management and many more tools. ACTIS helps you achieve the maximum performance of your assets by streamlining operations and consolidating Technical, Operational and Financial Reporting, increasing efficiency and reducing your costs.

ACTIS meets the requirements of the Asset Management Platform described in the Solar Asset Management Best Practice Guidelines Version 1.0″. Moreover, ACTIS was certified with the Solar Best Practices Mark developed by SolarPower Europe.

To learn more about our oftware request ACTIS demo!