- Mar 11, 2022 1:37 pm GMT
As anticipated the SEC is now proposing to require public Investor Owned Utilities (IOU) to add more "cybersecurity controls" to the workload of their compliance and security personnel. It's conceivable that an IOU could be subject to 3 regulatory regimes, with regard to cybersecurity controls and practices, NERC, FERC and now the SEC, in addition to any local, State regulatory requirements - and each could specify different requirements that need to be followed. Welcome to the new world of cybersecurity compliance.
Specifically, the proposal would:
● Require current reporting about material cybersecurity incidents on Form 8-K;
● Require periodic disclosures regarding, among other things:
o A registrant’s policies and procedures to identify and manage cybersecurity risks;
o Management’s role in implementing cybersecurity policies and procedures;
o Board of directors’ cybersecurity expertise, if any, and its oversight of cybersecurity risk; and
o Updates about previously reported material cybersecurity incidents; and
● Require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language (Inline XBRL).
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.