Business Continuity Standards & Regulations: US Energy Sector
A summary of the leading regulatory requirements and standards related to business continuity.

FERC COOP: Continuity of Operations Plan (2007)

Applies to the US energy industry

FERC reacted to 9/11/01 by making a statement providing regulatory guidance on certain energy infrastructure reliability and security matters, recognizing that electric, gas, and oil companies may need to adopt new procedures to safeguard their systems. This regulatory requirement is mandatory.

FERC RM01-12-00

Applies to the US electric power industry, specifically larger metro utilities (rural utilities exempt)

FERC requires a disaster recovery plan for all energy companies. This regulatory requirement is mandatory.

NERC CIP 002-009 (2006)

Applies to US electric power and utility companies

NERC CIP standards are comprised of eight standards (including cyber asset identification, security management controls, personnel and training, electronic security perimeters, physical security, system security management, incident reporting and response, and recovery plan for critical cyber assets), each of which is mandatory for electric power and utility companies. This regulatory requirement is mandatory.