Cybersecurity requirements for suppliers related to the bulk electric system
Cybersecurity is crucially important to us. It helps us secure operations of our organization, and to support the secure operation of the power system, which is connected across North America.
We need to assess and manage the cybersecurity risk posed by our suppliers as they deliver products or services to us related to our critical infrastructure.
Managing cybersecurity risk in our supply chain
As directed by the B.C. Utilities Commission and the North American Electric Reliability Corporation (NERC), we've developed cybersecurity policies and procedures for suppliers specific to NERC's Critical Infrastructure Protection standard 013 (CIP-013-2 [PDF]).
These apply to suppliers with contracts that relate to the protection of facilities, systems, assets and information critical to the operation or support of the bulk electric system.
What you need to review
For suppliers we deem to be working with critical infrastructure systems, processes, or services, we expect that they’re familiar with NERC's CIP-013-2 [PDF], "Cyber Security – Supply Chain Risk Management".
We've developed requirements for our suppliers related to these standards, and adhering to them is a contractual requirement. Refer to the requirements and addenda below. We developed these in alignment with standards from other utilities in North America.
- NERC CIP requirements digest for BC Hydro suppliers [PDF, 526 KB]
- Contractor cybersecurity CIP-013 addendum [PDF, 221 KB]