An interactive Excel tool to collect, prioritise and trace requirements (by Use Case) is available at empirica. Among others, it can also be used for surveys among staff and to calculate the result.

Any use of the list below must reference empirica GmbH.

Legal and Regulatory

Legal and regulatory requirements cover issues related to smart metering in all countries and data protection resulting from national legislation and European regulation. D9.1 describes results in more detail.

This category is referenced with the capital “LR” or “9”.

R9.1. Privacy (LPRI)

Specifies the following requirements associated with how the SMARTSPACES service handles privacy.

R9.1.1 Policy The service shall develop a privacy policy with respect to the processing of personal data. R9.1.2 Individual access The service shall allow access to the service by registration introducing username and password (in compliance with regional/national/European data protection legislation). R9.1.3 Consent - Research Research shall take place with regard to which individual needs to be asked about permission to record data with metering and / or sensors being part of the service. R9.1.4 Consent - Form The service shall provide a consent form for users that need to be asked about permission to record data either written and / or in electronic form. R9.1.5 Consent - Withdrawal The service shall allow for withdrawal of the individual’s consent either written and / or in electronic form. R9.1.6 Data Deletion The service shall allow for any individual requesting to delete data related with the individual. R9.1.7 Subscription The service shall provide users with updates and information or marketing material in form of electronic mail only if the user has requested so during registration. R9.1.8 Anonymity The service shall allow each individual user only access to his/her own data. If benchmark possibilities are given he/she can access anonymised data for other spaces and staff members. R9.1.9 Cookies The service shall provide the user (prior to a successful registration) with information about the purpose of storage or access to information gathered by cookies and ask for the user’s consent to use such type of devices. R9.1.10 Awareness The service shall provide the user with complete information on its privacy and security policies during registration and later through navigation in the user interface. R9.1.11 Disclosure The service shall use disclosure due to it’s nature of being a project involving different partners and the need of evaluation on an international level.

R9.2. Access (LACC)

Specifies the following requirements associated with how the SMARTSPACES service provides access to its functionality.

R9.2.1 Web-Access The service shall allow for accessing individual related data through the web. R9.2.2 Account - User Registration The service shall allow for a user registering an account by himself/herself via a registration mask. R9.2.3 Account - Provision The service shall allow for generating user accounts and default passwords for all and / or a selection of staff members. R9.2.4 Account - Mail The service shall notify a user about registration details via email. R9.2.5 Account - Paper The service shall notify a user about registration details via a paper-based form (e.g. letter). R9.2.6 Account - Deletion The service shall provide the user with the option to delete his/her account. R9.2.7 Account - Data Deletion The service shall provide the user with the option to delete his/her data stored with the account. R9.2.8 Password The service shall require a user to access the user interface only with a password. R9.2.9 Password - Restrictions The service shall provide restrictions on the length and symbols used for a password. R9.2.10 Password - Change The service shall allow for changing a user password. R9.2.11 Password - Forgotten The service shall allow for a recovery process of a forgotten password by a user. R9.2.12 Password - Renewal The service shall request the user to renew his/her password after a default period and / or according to the user’s settings. R9.2.13 Username The service shall allow for the user to set his/her username. R9.2.14 Username - Restrictions The service shall restrict the form of username (e.g. email as a username or length and symbols used) and inspect if the entered username is valid (e.g. contains @ and a valid domain). R9.2.15 Username - Change The service shall allow for changing the username. R9.2.16 WrongAccess-Count The service shall count the times a user tries to log in with false username and/or password (e.g. by IP) and take actions (e.g. temporarily blocking the IP) if the count exceeds a given number (e.g. 3 or 5 attempts). R9.2.17 Automatic Logout The service shall automatically log-out a user after a default period and / or according to the user’s settings.

R9.3. Measurement Obligations (LOBL)

Specifies the following requirements associated with legal obligations to measure and / or report certain data related with the SMARTSPACES service now or in the near future. Background: Whilst measuring of total resource consumption is obligatory in most countries, reporting and measurement of other units such as CO2 is only relevant for some countries or building types (e.g. nurseries).

R9.3.1 Electricity - Building The service shall measure and / or report and / our audit the given resource for the entire building. R9.3.2 Electricity - Floor The service shall measure and / or report and / our audit the given resource for each floor. R9.3.3 Electricity - Room The service shall measure and / or report and / our audit the given resource for each room. R9.3.4 Heating - Building The service shall measure and / or report and / our audit the given resource for the entire building. R9.3.5 Heating - Floor The service shall measure and / or report and / our audit the given resource for each floor. R9.3.6 Heating - Room The service shall measure and / or report and / our audit the given resource for each room. R9.3.7 Cooling - Building The service shall measure and / or report and / our audit the given resource for the entire building. R9.3.8 Cooling - Floor The service shall measure and / or report and / our audit the given resource for each floor. R9.3.9 Cooling - Room The service shall measure and / or report and / our audit the given resource for each room. R9.3.10 CO2 produced - Building The service shall measure and / or report and / our audit the given resource for the entire building. R9.3.11 CO2 produced - Floor The service shall measure and / or report and / our audit the given resource for each floor. R9.3.12 CO2 produced - Room The service shall measure and / or report and / our audit the given resource for each room. R9.3.13 Temperature - Building The service shall measure and / or report and / our audit the given resource for the entire building. R9.3.14 Temperature - Floor The service shall measure and / or report and / our audit the given resource for each floor. R9.3.15 Temperature - Room The service shall measure and / or report and / our audit the given resource for each room. R9.3.16 Humidity - Building The service shall measure and / or report and / our audit the given resource for the entire building. R9.3.17 Humidity - Floor The service shall measure and / or report and / our audit the given resource for each floor. R9.3.18 Humidity - Room The service shall measure and / or report and / our audit the given resource for each room.

R9.4. Regulation (LREG)

Specifies the following requirements associated with the regulations that arise from setting up the SMARTSPACES service.

R9.4.1 Energy Certificate Display The pilot sites shall display the national (or regional) form of energy certificate according to the relevant law. R9.4.2 EULA Successful registration and access to interface only after acceptance of the End User Licence Agreement (EULA) of the service. R9.4.3 Copyright The service will take according actions in cases of distribution of copyrighted material (such as logos, design functionalities, images, etc.). R9.4.4 Domain The service shall be available under a domain name with trademark registration (most commonly through InterNIC). R9.4.5 Trademark Actions for protection of words, images, slogans, or other devices designed to identify the services of SMARTSPACES, if such are established during the service development.

R9.5. Protocols & Standards (LPRO)

Specifies the following requirements associated with protocols or standards that arise from setting up the SMARTSPACES service.

R9.5.1 BMS - receiving The service shall be able to receive data and / or signals send from one or more building (energy) management systems (BMS) used or attached to the service. R9.5.2 BMS - sending The service shall be able to send data and / or signals send from one or more building (energy) management systems (BMS) used or attached to the service. R9.5.3 ZigBee The service shall be able to communicate via ZigBee in a selection or all devices installed for one or more resources (e.g. meter, sensors, control units).

R9.6. Security (LSEC)

Specifies the following requirements associated with how the SMARTSPACES service must handle security issues.

R9.6.1 Policy The service shall develop a security policy with respect to the processing of personal data. R9.6.2 Strategy The service shall develop a strategy for the case that, despite the security measures, a breach of security occurs (e.g. this can be theft, deliberate attack on the systems, unauthorised use of data by staff members, etc.). R9.6.3 Measures - Encryption The service shall provide necessary equipment and measures to ensure user and data privacy by encrypting all account related information and / or other databases. R9.6.4 Measures - Firewall The service shall provide necessary equipment and measures to ensure user and data privacy by installing a firewall. R9.6.5 Measures - HTTPS The service shall provide necessary equipment and measures to ensure user and data privacy by only allowing access to data through a https-encrypted web connection. R9.6.6 Measures - Intranet The service shall provide necessary equipment and measures to ensure user and data privacy by allowing access to data only within a restricted domain and / or intranet. R9.6.7 Measures - VPN The service shall provide necessary equipment and measures to ensure user and data privacy by allowing access to data, if applicable inside and / or outside of the restricted domain, via a virtual private network (VPN). R9.6.8 Breach Notification-User The service shall notify the users in case of security breaches by explaining the nature of the breach, contact information about the organisation and how the users can mitigate any possible adverse impact of the breach.

R9.7. Publication (LPUB)

Specifies the following requirements associated with publication of data or results from the SMARTSPACES project according with the DoW and / or part of the administration of the service and / or as part of dissemination and exploitation activities outside of staff members active in the pilot.

R9.7.1 Public - Personal Information The service shall use personal information such as name etc in any document or website in context of the project (e.g. opinion of a user). R9.7.2 Public - Personal Picture The service shall use pictures of any user in any document or website in context of the project (e.g. opinion of a user). R9.7.3 Public - Anonymous Statistics The service shall use only anonymised statistics and data for any given resource over any given period and a given space. R9.7.4 Internal - Personal Information The service shall use personal information only accessible for administrators of the service (e.g. for the purpose of service administration).