During an audit, a regulator asks a seemingly simple question: “Can you show who modified this process and when?”It should be an easy answer. Yet for many utility organizations, providing a clear and immediate response is more challenging than expected.
Not because the information doesn’t exist. But because permissions have evolved over time, access rights are scattered across systems, and traceability was never designed for today’s regulatory landscape.
As utilities continue to digitize critical operations, security is no longer just about keeping bad actors out. It is about governance, accountability, compliance, and trust.
And that raises a new question: Do you really know who has access to your critical utility processes?
The utility industry is operating in a completely different environment than it was only a few years ago. Regulations such as GDPR and NIS2 are raising expectations around how organizations control access, ensure traceability, and demonstrate accountability across their systems.
While these frameworks cover a broad range of requirements, a critical foundation is the ability to clearly define who has access to which data and to prove it at any moment in time. At the same time, utility organizations are managing increasingly complex processes across multiple teams, systems, and business domains.
As a result, leaders are asking questions that go far beyond IT:
These are no longer technical questions. They are business-critical questions.
MEEP, the MECOMS Enterprise Extensibility Platform, has become a central orchestration platform for an increasing number of critical utility processes.
As the platform’s role continues to grow, so do the expectations around governance, transparency, and security. That is why Ferranti redesigned the MEEP Security Model: to align with modern enterprise security standards while providing utility organizations with greater control, stronger traceability, and enhanced operational governance.
The result is a security framework built around three key pillars.
In many systems, security often comes down to two basic options:
But real-world utility organizations are far more complex than that. Operations teams, customer service representatives, finance departments, integration specialists, and platform administrators all require different levels of access and responsibility.
A one-size-fits-all approach no longer works.
The new MEEP Security Model introduces a flexible role and permission structure that allows organizations to define access with much greater precision. Roles, permissions, applications, and profiles can be configured according to business needs and governance requirements.
This gives organizations the ability to ensure users receive exactly the access they need and nothing more.
The result?
Because effective security starts with granting the right access to the right people.

From basic user management to enterprise-grade role configuration tailored to your organization.
Imagine a critical customer or financial record is modified. The first question is rarely what changed. The real question is: Who changed it?
Without proper traceability, organizations face increased compliance risks and reduced accountability. The new MEEP Security Model introduces comprehensive audit trail capabilities, enabling organizations to transparently track data creation, modifications, and user activity.
This creates:
In short: No more guessing. No more blind spots.
NIS2 is not simply about cybersecurity. It is about demonstrating control over critical systems and processes. Organizations must be able to show:
The ability to demonstrate governance is becoming just as important as security itself. For utility organizations preparing for current and future regulatory requirements, traceability is no longer optional. It is becoming a business necessity.
One of the biggest challenges in modern organizations is balancing accessibility with security. A finance employee should not necessarily have access to operational workflows. A customer service agent does not need visibility into every dataset.
With the new MEEP Security Model, permissions can be configured not only at application level but also at data level. Organizations can define exactly which users or teams may access specific flow categories, business domains, or datasets. This creates an additional layer of protection while supporting modern compliance requirements.

Granular data permissions ensure users only access the information they are authorized to see.
Imagine a utility organization processing both operational and finance-related workflows within the same platform. With traditional security models, users may have broad visibility across all process types.
With the new MEEP Security Model, organizations can restrict finance-related flows exclusively to authorized finance teams while maintaining visibility for other users where appropriate. The result is stronger governance, reduced risk, and better protection of sensitive information. Because not everyone needs access to everything.
The biggest advantage of the new MEEP Security Model is not a feature. It is confidence. Confidence that:
For utility organizations navigating increasing regulatory pressure and operational complexity, that confidence is becoming invaluable.
The question is no longer whether security matters. The question is whether your current security model is ready for what comes next.
Utilities are operating in an environment where regulatory expectations continue to increase, operational ecosystems become more interconnected, and governance requirements grow more demanding every year.
Organizations need more than secure software:
With the new MEEP Security Model, Ferranti helps utility organizations strengthen governance, improve transparency, and gain greater control over their most critical processes. Because when utilities can trust the systems behind their operations, they can focus on what matters most: Delivering reliable energy and services to millions of customers.
Discover how MEEP Security helps utilities strengthen governance, improve traceability, and implement enterprise-grade access control for critical business processes.

Mar Jorba
Talk the talk
Stay informed about current events and stay on top of the latest trends for energy suppliers, grid operators, heat-and-water providers.