Business Continuity Standards for the Energy Sector
| FERC COOP: Continuity of Operations Plan (2007) |
FERC reacted to 9/11/01 by making a statement providing regulatory guidance on certain energy infrastructure reliability and security matters, recognizing that electric, gas, and oil companies may need to adopt new procedures to safeguard their systems. This regulatory requirement is mandatory. |
Applies to the US energy industry |
| FERC RM01-12-00 |
FERC requires a disaster recovery plan for all energy companies. This regulatory requirement is mandatory. |
Applies to the US electric power industry, specifically larger metro utilities (rural utilities exempt) |
| NERC CIP 002-009 (2006) |
NERC CIP standards are comprised of eight standards (including cyber asset identification, security management controls, personnel and training, electronic security perimeters, physical security, system security management, incident reporting and response, and recovery plan for critical cyber assets), each of which is mandatory for electric power and utility companies. This regulatory requirement is mandatory. |
Applies to US electric power and utility companies |
|