Section 1220-04-15-.04 - ANNUAL FILING REQUIREMENTS(1) By July 1st of each calendar year, all utilities shall submit documentation that the utility has prepared and implemented a cybersecurity plan. At a minimum, the documentation shall include:(a) Contact information for utility employee(s) responsible for cybersecurity;(b) A statement indicating whether the utility conducts annual cybersecurity training for the utility personnel with access to any utility Information Technology System or Operational Technology System; and(c) A statement indicating whether the utility has procured cybersecurity insurance.(2) The documentation filed must include a sworn statement by the utility's chief executive officer, president, or another person with an equivalent role and authority, over the development and implementation of the cybersecurity plan. Such statement shall, at a minimum, confirm that:(a) The utility has prepared and implemented the cybersecurity plan described in the filing;(b) The cybersecurity plan has been prepared or updated within the last two (2) years; and(c) All documentation and information filed is current and accurate.Tenn. Comp. R. & Regs. 1220-04-15-.04
New rules filed June 27, 2023; effective 9/25/2023.Authority: T.C.A. §§ 65-2-102 and 65-4-127.