Skip to content
Home › Work with us › Suppliers › Doing business with BC Hydro › Cybersecurity requirements for suppliers

Cybersecurity requirements for suppliers related to the bulk electric system and critical cyber systems

Cybersecurity helps secure operations of our organization, and to support the secure operation of the power system, which is connected across North America.

We need to assess and manage the cybersecurity risk posed by our suppliers as they deliver products or services to us related to our critical infrastructure.

Managing cybersecurity risk in our supply chain

As directed by the B.C. Utilities Commission and the North American Electric Reliability Corporation (NERC), we've developed cybersecurity policies and procedures for suppliers specific to NERC's Critical Infrastructure Protection standard 013 (CIP-013-2 [PDF]).

These policies and procedures apply to suppliers of products and services critical to the operation of the bulk electric system.

Additionally, suppliers not directly governed by CIP-013 may still be subject to cybersecurity requirements if their goods or services impact BC Hydro’s cybersecurity risk. These requirements may be referenced in their contracts.

What you need to review

For suppliers we deem to be working with critical infrastructure systems, processes, or services, we expect that they’re familiar with NERC's CIP-013-2 [PDF], "Cyber Security – Supply Chain Risk Management".

We've developed requirements for our suppliers related to these standards, and adhering to them is a contractual requirement. Refer to the requirements and addenda below. We developed these in alignment with standards from other utilities in North America.