Pennsylvania Code
Title 52 - PUBLIC UTILITIES
Part I - Public Utility Commission
Subpart E - Public Utility Security Planning and Readiness
Chapter 101 - PUBLIC UTILITY PREPAREDNESS THROUGH SELF CERTIFICATION
Section 101.3 - Plan requirements

Universal Citation: 52 PA Code ยง 101.3

Current through Register Vol. 54, No. 38, September 21, 2024

(a) A jurisdictional utility shall develop and maintain written physical and cyber security, emergency response and business continuity plans.

(1) A physical security plan must, at a minimum, include specific features of a mission critical equipment or facility protection program and company procedures to follow based upon changing threat conditions or situations.

(2) A cyber security plan must, at a minimum, include:
(i) Critical functions requiring automated processing.

(ii) Appropriate backup for application software and data. Appropriate backup may include having a separate distinct storage media for data or a different physical location for application software.

(iii) Alternative methods for meeting critical functional responsibilities in the absence of information technology capabilities.

(iv) A recognition of the critical time period for each information system before the utility could no longer continue to operate.

(3) A business continuity plan must, at a minimum, include:
(i) Guidance on the system restoration for emergencies, disasters and mobilization.

(ii) Establishment of a comprehensive process addressing business recovery, business resumption and contingency planning.

(4) An emergency response plan must, at a minimum, include:
(i) Identification and assessment of the problem.

(ii) Mitigation of the problem in a coordinated, timely and effective manner.

(iii) Notification of the appropriate emergency services and emergency preparedness support agencies and organizations.

(b) A jurisdictional utility shall review and update these plans annually.

(c) A jurisdictional utility shall maintain and implement an annual testing schedule of these plans.

(d) A jurisdictional utility shall demonstrate compliance with subsections (a)-(c), through submittal of a Self Certification Form which is available at the Secretary's Bureau and on the Commission's website.

(e) A plan shall define roles and responsibilities by individual or job function.

(f) The responsible entity shall maintain a document defining the action plans and procedures used in subsection (a).

This section cited in 52 Pa. Code § 61.45 (relating to security planning and emergency contact list); and 52 Pa. Code § 101.6 (relating to compliance).

Disclaimer: These regulations may not be the most recent version. Pennsylvania may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.