Page 27 - ES&G report 2021 final
P. 27

Board determines direction for Associated    Managing cyber risk and critical systems

 based on member values
            Associated’s  cybersecurity department is one com-  •  A quantitative and qualitative risk-based approach
            ponent of the cooperative’s overall security team,    for measuring cyber risk across the organization.
 The six G&T owners each send two directors to Associated Electric’s board of directors, typically the G&T man-  including physical security. This skilled department   •  Adherence to all federal Critical Infrastructure
 ager and a director from the G&T’s board. Associated’s board of directors meets monthly with the executive   leads a comprehensive effort to monitor physical and   Protection (CIP) compliance regulations for both
 team to discuss issues, review projects and approve key items. The board determines the strategic direction for   cyber threat activity 24/7 with the ability to respond   physical and cybersecurity.
 Associated, tests the cooperative’s business strategy, approves key investment decisions and sets the whole-  rapidly to threats. Best practices to assess risks and   •  Maintaining a comprehensive business continuity
 sale power supply rate to ensure Associated meets its financial responsibilities and stays focused on its mem-  mitigate threats include:   plan.
 ber-driven mission.                                            •  Cyber Dome, a program of threat detection, rapid
            •  Sophisticated endpoint detection and response
 The board is informed, cohesive and engaged, in tune with the makeup and needs of their members at the   tools on servers and workstations.    response and mutual assistance and defense mea-
 end of the line. Board and management have proven their ability to quickly initiate and implement action to   •  Strong physical and digital access control program   sures, offered to all member cooperative systems.
 mitigate challenges. Enterprise risk management, including the key elements of environmental, social and gov-  that is audited on a routine basis.   The program improves cyber security through a
 ernance, are overseen by senior management and independent board committees.    collaborative approach that is the first of its kind.

            Transparency and reporting
 Engaged with members
            Associated has a well-earned reputation of re-      • NERC and OSHA filings.
            sponsiveness to regulatory authorities and industry   •  Financial rating agencies: Fitch Investors, Moody’s,
            groups. In 2020, Associated participated in 22 gov-   Standard & Poor’s
            ernmental agency inspections and reviews related to   •  A comprehensive operational and financial annual
            the environment, health and safety without incidents   report with financial statements.
            or citations. Areas of special attention include:   • Board meetings and membership communications.

            Compliance with industry standards and codes


            Power generation and transmission companies are     Associated also serves on boards and committees
            touched by many regulations.                        of the North American Transmission Forum (NATF),
                                                                whose members include investor-owned, municipal,
            Associated participates in and is regulated by the   cooperative and other utilities. The mission of the
            North American Electric Reliability Corp. (NERC), a not-   member-based group is to promote excellence in the
            for-profit international regulatory authority whose   safe, reliable and resilient operation of the electric
            mission is to assure the effective and efficient reduction   transmission system.
            of risks to the reliability and security of the electric grid.

            •  NERC develops and enforces reliability standards;
              annually assesses seasonal and long-term reliabil-
              ity; monitors the bulk power system through sys-
              tem awareness; and educates, trains and certifies
              industry personnel.
            •  NERC’s area of responsibility spans the continental
              United States, Canada and the northern portion of
              Baja California, Mexico. NERC is the Electric Reliabil-
 Associated’s annual meeting brings together the boards and staffs of cooperatives throughout the   ity Organization (ERO) for North America, subject
 three-tiered system. During the event, hundreds of attendees learn about the cooperative’s gener-  to oversight by the Federal Energy Regulatory
 ation strategies, current issues and challenges, and hear from experts on a variety of energy-related   Commission (FERC) and governmental authorities
 topics.  The meeting concludes with reports from the board president, the CEO and general manager,    in Canada. NERC’s jurisdiction includes users, own-
 and a business meeting to appoint directors and conduct other essential tasks.  ers and operators of the bulk power system, which
              serves nearly 400 million people.


 GOVERNANCE 25                                       GOVERNANCE 26
   22   23   24   25   26   27   28