52 Pa. Code § 101.3 - Plan requirements

(a) A jurisdictional utility shall develop and maintain written physical and cyber security, emergency response and business continuity plans.
(1) A physical security plan must, at a minimum, include specific features of a mission critical equipment or facility protection program and company procedures to follow based upon changing threat conditions or situations.
(2) A cyber security plan must, at a minimum, include:
(i) Critical functions requiring automated processing.
(ii) Appropriate backup for application software and data. Appropriate backup may include having a separate distinct storage media for data or a different physical location for application software.
(iii) Alternative methods for meeting critical functional responsibilities in the absence of information technology capabilities.
(iv) A recognition of the critical time period for each information system before the utility could no longer continue to operate.
(3) A business continuity plan must, at a minimum, include:
(i) Guidance on the system restoration for emergencies, disasters and mobilization.
(ii) Establishment of a comprehensive process addressing business recovery, business resumption and contingency planning.
(4) An emergency response plan must, at a minimum, include:
(i) Identification and assessment of the problem.
(ii) Mitigation of the problem in a coordinated, timely and effective manner.
(iii) Notification of the appropriate emergency services and emergency preparedness support agencies and organizations.
(b) A jurisdictional utility shall review and update these plans annually.
(c) A jurisdictional utility shall maintain and implement an annual testing schedule of these plans.
(d) A jurisdictional utility shall demonstrate compliance with subsections (a)-(c), through submittal of a Self Certification Form which is available at the Secretary's Bureau and on the Commission's website.
(e) A plan shall define roles and responsibilities by individual or job function.
(f) The responsible entity shall maintain a document defining the action plans and procedures used in subsection (a).

Notes

52 Pa. Code § 101.3

This section cited in 52 Pa. Code § 61.45 (relating to security planning and emergency contact list); and 52 Pa. Code § 101.6 (relating to compliance).

State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.

No prior version found.