EDP Distribuição is the Portuguese mainland Distribution System Operator, serving over 6 million customers in a regulated business with clearly defined responsibilities, being the holder of the concession to operate the Distribution Electric Power Network in Medium Voltage and High Voltage, and holding municipal concessions for the distribution of electricity in Low Voltage.
With EDP Distribuição under having responsibility for several assets and systems which are essential for the maintenance of vital societal functions - health, safety, security, economic or social well-being of people, the challenges were many. The selection of a manageable number of assets from a set of more than 400 main premises, the identification of their major threats and vulnerabilities, and writing down their emergency response procedures, were some.
With EDP Distribuição’s Business Continuity Department coordination, an integrated view of the organization was possible, enabling the address of critical infrastructure in the perspective of personal safety, facility security and information security, involving several departments from operational ones (Maintenance and Dispatch) to support departments (Automation & Remote Control, Information Systems, Health and Safety).
The key points and the key learning points we plan to cover in our presentation are:
- Identification of major threats, vulnerabilities and cross-business risks for each NCI typology;
- Development of risk assessment methodology in safety and security aspects and;
- Application to each distinct vectors: people, facilities, system and communications;
- Definition of emergency response procedures and supporting chain command enabling effective risk mitigation;
- Upgrading the organization resilience through the implementation of this PDCA process.