Physical/Cyber Security & Data Privacy
New technology brings new challenges, and both cybersecurity and physical security have been identified as key enterprise risks for the company. Our information security team works with local, state, and federal agencies, as well as our colleagues in the energy business, to identify and employ the latest technological tools to protect our customers and our equipment. We collaborate with these partners to share threat information and best practices, and conduct large-scale joint cybersecurity and physical security drills to help protect the electric industry against cyberattacks. Internally, an annual presentation on cybersecurity risks continues to be provided to the board and the audit committee has commenced reviewing more in-depth cybersecurity matters on a semi-annual basis. In addition, the board receives regular updates as to both cybersecurity and physical security risks from management.
With the threat of cybercrime constantly becoming more acute, we continue to strengthen our data-protection efforts. Cybersecurity and physical security use a layered mitigation strategy that includes 24/7 monitoring, vulnerability assessments, employee education, and regular drills, and cybersecurity conducts phishing tests. We monitor approximately 2,000 cameras, Intrusion Detection Systems, duress alarms, and a card access system to restrict access. We consistently earn passing grades on audits that assess our cybersecurity and data-protection standards, and we are in compliance with reporting requirements from the Federal Energy Regulatory Commission and North American Electric Reliability Corporation. As for grid resiliency, there have been no material violations or fines due to non-compliance with physical and/or cybersecurity standards or regulations.