Impacts of governance regulations and constraints on EPU sensitive data distribution and location of data storage

The scope of this Technical Brochure (TB) offers guidelines for assessing the impact of governance regulations and constraints on electric power utility (EPU) sensitive data distribution and location of storage in accordance with the approved terms of reference. This TB uses a broad definition of data to include any information such as descriptive information, parametric information, schematics and pictures. Personal information is extremely sensitive because it can be used to influence or coerce authorized personnel to collaborate in accomplishing an attack on EPU’s systems. Critical infrastructure information can be used for unauthorized access to and use of their systems. Sensitive information also includes any information that requires a notification of a breach to a designated authority. The guideline will provide recommendations that identify the relationship between governance response requirements and their dependency on enabling security systems to ensure the confidentiality and integrity of sensitive data. Specifically, this TB addresses regulations that enforce constraints regarding read/write privileges and storage locations. Consideration is also given to local restrictions regarding identification of local national authority, security requirements imposed on sensitive data, local definitions of sensitive data, sensitive data transfer and approved requirements, and sensitive data breach notification requirements.