Security

The GGCS commits in its contracts with members to use reasonable endeavours to appoint a third party to supply, manage and maintain a Registration Database (also referred to as a registry), used by a specific member, to a reasonable standard. These third parties provide IT services to the GGCS, who are the Scheme Administrator operating the Scheme on a day-to-day basis.

There are currently two Registration Databases that may be used by a GGCS Scheme Participant depending on which green gas they are involved in.

1. G-REX

Since August 9th 2024 all activity related to RGGOs for biomethane production has taken place on the G-REX Registration Database operated by Grexel.

The characteristics of this database are described on Grexel’s website here.

2. www.greengas.org.uk

Activity related to GreenPower users and those handing RGGOs related to biopropane takes place on a bespoke Registration Database operated by SAV London Ltd.

This database also holds a record of activity related to biomethane RGGOs before August 9th 2024.

This database has the following characteristics:

• All data transmitted to and from the system is protected by high-grade encryption (AES-128 128-bit).
• Digital Certificates are 128-bit AES encrypted and are edit-restricted.
• Digital Certificates contain checksums and unique identifiers to ensure they can be traced and verified.
• All data is stored in four geographic locations to ensure continuity and minimum server down-time.
• The authenticity of Retirement Statements can be confirmed online via www.greengas.org.uk/validate.
• The data stored on the Green Gas primary server will be considered the primary source in the case of any dispute.
• Servers sit behind multiple firewalls. Only Ports 80 and 443 are publicly accessible.
• Snapshot data is kept at 3-hour intervals for a minimum of 3 months.
• Primary servers are managed by AWS and SAV London Ltd.
• IP addresses are explicitly tracked throughout the GGCS members functions, including injection, sale & certification.
• Member accounts log out automatically after 20 minutes of inactivity.
• All data is stored in accordance with the Data Protection Act 1998.