Page 26 - ES&G report 2021 final
P. 26
Board determines direction for Associated Managing cyber risk and critical systems
based on member values
Associated’s cybersecurity department is one com- • A quantitative and qualitative risk-based approach
ponent of the cooperative’s overall security team, for measuring cyber risk across the organization.
The six G&T owners each send two directors to Associated Electric’s board of directors, typically the G&T man- including physical security. This skilled department • Adherence to all federal Critical Infrastructure
ager and a director from the G&T’s board. Associated’s board of directors meets monthly with the executive leads a comprehensive effort to monitor physical and Protection (CIP) compliance regulations for both
team to discuss issues, review projects and approve key items. The board determines the strategic direction for cyber threat activity 24/7 with the ability to respond physical and cybersecurity.
Associated, tests the cooperative’s business strategy, approves key investment decisions and sets the whole- rapidly to threats. Best practices to assess risks and • Maintaining a comprehensive business continuity
sale power supply rate to ensure Associated meets its financial responsibilities and stays focused on its mem- mitigate threats include: plan.
ber-driven mission. • Cyber Dome, a program of threat detection, rapid
• Sophisticated endpoint detection and response
The board is informed, cohesive and engaged, in tune with the makeup and needs of their members at the tools on servers and workstations. response and mutual assistance and defense mea-
end of the line. Board and management have proven their ability to quickly initiate and implement action to • Strong physical and digital access control program sures, offered to all member cooperative systems.
mitigate challenges. Enterprise risk management, including the key elements of environmental, social and gov- that is audited on a routine basis. The program improves cyber security through a
ernance, are overseen by senior management and independent board committees. collaborative approach that is the first of its kind.
Transparency and reporting
Engaged with members
Associated has a well-earned reputation of re- • NERC and OSHA filings.
sponsiveness to regulatory authorities and industry • Financial rating agencies: Fitch Investors, Moody’s,
groups. In 2020, Associated participated in 22 gov- Standard & Poor’s
ernmental agency inspections and reviews related to • A comprehensive operational and financial annual
the environment, health and safety without incidents report with financial statements.
or citations. Areas of special attention include: • Board meetings and membership communications.
Compliance with industry standards and codes
Power generation and transmission companies are Associated also serves on boards and committees
touched by many regulations. of the North American Transmission Forum (NATF),
whose members include investor-owned, municipal,
Associated participates in and is regulated by the cooperative and other utilities. The mission of the
North American Electric Reliability Corp. (NERC), a not- member-based group is to promote excellence in the
for-profit international regulatory authority whose safe, reliable and resilient operation of the electric
mission is to assure the effective and efficient reduction transmission system.
of risks to the reliability and security of the electric grid.
• NERC develops and enforces reliability standards;
annually assesses seasonal and long-term reliabil-
ity; monitors the bulk power system through sys-
tem awareness; and educates, trains and certifies
industry personnel.
• NERC’s area of responsibility spans the continental
United States, Canada and the northern portion of
Baja California, Mexico. NERC is the Electric Reliabil-
Associated’s annual meeting brings together the boards and staffs of cooperatives throughout the ity Organization (ERO) for North America, subject
three-tiered system. During the event, hundreds of attendees learn about the cooperative’s gener- to oversight by the Federal Energy Regulatory
ation strategies, current issues and challenges, and hear from experts on a variety of energy-related Commission (FERC) and governmental authorities
topics. The meeting concludes with reports from the board president, the CEO and general manager, in Canada. NERC’s jurisdiction includes users, own-
and a business meeting to appoint directors and conduct other essential tasks. ers and operators of the bulk power system, which
serves nearly 400 million people.
GOVERNANCE 25 GOVERNANCE 26
