Operational Excellence
Cyber Security & Data Privacy
New technology brings new challenges, and cybersecurity has been identified as a key enterprise risk for the company. Our information security group has a defense in depth approach, deploying cybersecurity tools to identify and prevent attacks both externally and internally. The cybersecurity program is aligned with the NIST Cybersecurity Framework and is embedded in all technology initiatives. The company complies with regulatory cybersecurity requirements and takes a leading posture in the development of new standards, regulations, and industry initiatives. We work with local, state, and federal agencies, as well as our colleagues in the energy business, to identify and employ the latest technological tools to protect our customers and our equipment. We collaborate with these partners to share threat information and best practices, and conduct joint cybersecurity drills. Internally, we provide an annual presentation and monthly updates on cybersecurity risks to the Board, and the Audit Committee reviews more in-depth cybersecurity matters semi-annually.
With the increasing threat of cybercrime, we continue to strengthen our cyber security and data-protection efforts. They include continuous monitoring, vulnerability assessments, employee education, regular drills, and phishing tests.
The company continues to advance data privacy through monitoring regulated activities related to personal data collection, use, and sharing; and maintaining compliance with applicable data privacy laws and privacy policies. Our well-established privacy team continues to guide IT and key business teams employing Privacy by Design principles to contemplate and mitigate data privacy risks at the time of system or process design and implementation. The privacy team is responsible for the Company’s appropriate handling of customer and employee personal information and regularly trains and educates teams across the organization to maintain awareness and careful attention to protective measures. Additionally, the company recently established the role of Chief Privacy Officer in recognition of the growing importance of privacy to customers, regulators, and stakeholders. The company remains focused on the evolving data privacy regulatory landscape, taking proactive measures and building forward-looking tools and processes in anticipation of more individual-centered business requirements.
To hear more about our cybersecurity program and other topics, visit https://soundcloud.com/con-edison
