N.H. Admin. Code § Puc 306.10

Current through Register No. 50, December 12, 2024
Section Puc 306.10 - Physical and Cyber Security Plans, Procedures and Reporting
(a) Each utility shall develop, maintain and follow a written physical security plan designed to protect the utility's critical equipment and facilities from breaches of security. For purposes of this section, "critical equipment and facilities" means utility infrastructure without which the utility could not provide safe and reliable service to its customers.
(b) The plan shall be risk-based and incorporate:
(1) A threat level assessment;
(2) A list of critical equipment and facilities to which the plan applies;
(3) Defined security measures for critical equipment and facilities;
(4) Response procedures and notifications upon discovery of a breach in security;
(5) Defined process to track events; and
(6) Employee awareness training programs.
(c) Each utility shall develop, maintain and follow a written information cyber security plan designed to protect the utility's critical cyber assets. For purposes of this section, "critical cyber assets" means those electronic data, communications, and computer network systems without which the utility could not provide safe reliable service to its customers.
(d) The plan shall be risk-based and incorporate:
(1) A threat level assessment;
(2) A list of critical cyber assets;
(3) Defined security measures for critical cyber assets;
(4) Response procedures and notifications upon discovery of a breach in security;
(5) Defined process to track events; and
(6) Employee awareness training programs.
(e) Each utility shall submit to the commission annually one original and one electronic copy of each of its physical security plan and cyber security plan. If any such plan contains confidential information, the utility shall so notify the commission in writing to provide the commission with an opportunity to review the confidential information at the utility's offices in New Hampshire.
(f) On the 15th day of the month following the last day of each quarter, each utility shall file Form E-37 Quarterly Report of Equipment Theft, Sabotage and Breaches of Security, pursuant to Puc 308.17 reporting all material breaches of security as defined within the plans.

N.H. Admin. Code § Puc 306.10

Amended byVolume XXXIV Number 24, Filed June 12, 2014, Proposed by #10603, Effective 5/21/2014, Expires5/21/2024 .