Entries for Keyword(s):
Search terms
joined by:
And or Or
Document Citation:
52 Pa. Code § 101.3
Header:
PENNSYLVANIA ADMINISTRATIVE CODE
Commonwealth of Pennsylvania
Pennsylvania Code
TITLE 52. PUBLIC UTILITIES
PART I. PUBLIC UTILITY COMMISSION
SUBPART E. PUBLIC UTILITY SECURITY PLANNING AND READINESS
CHAPTER 101. PUBLIC UTILITY PREPAREDNESS THR
Date:
08/31/2009
Document:
§ 101.3. Plan requirements
(a) A jurisdictional utility shall develop and maintain written physical and cyber security, emergency response and business continuity plans.
(1) A physical security plan must, at a minimum, include specific features of a mission critical equipment or facility protection program and company procedures to follow based upon changing threat conditions or situations.
(2) A cyber security plan must, at a minimum, include:
(i) Critical functions requiring automated processing.
(ii) Appropriate backup for application software and data. Appropriate backup may include having a separate distinct storage media for data or a different physical location for application software.
(iii) Alternative methods for meeting critical functional responsibilities in the absence of information technology capabilities.
(iv) A recognition of the critical time period for each information system before the utility could no longer continue to operate.
(3) A business continuity plan must, at a minimum, include:
(i) Guidance on the system restoration for emergencies, disasters and mobilization.
(ii) Establishment of a comprehensive process addressing business recovery, business resumption and contingency planning.
(4) An emergency response plan must, at a minimum, include:
(i) Identification and assessment of the problem.
(ii) Mitigation of the problem in a coordinated, timely and effective manner.
(iii) Notification of the appropriate emergency services and emergency preparedness support agencies and organizations.
(b) A jurisdictional utility shall review and update these plans annually.
(c) A jurisdictional utility shall maintain and implement an annual testing schedule of these plans.
(d) A jurisdictional utility shall demonstrate compliance with subsections (a) -- (c), through submittal of a Self Certification Form which is available at the Secretary's Bureau and on the Commission's website.
(e) A plan shall define roles and responsibilities by individual or job function.
(f) The responsible entity shall maintain a document defining the action plans and procedures used in subsection (a).
Previous
Next
Click on Document Citation to see item