Electricity Asset Management Plan 2019-2029
47
Vector Limited://
Activities to improve SAIDI performance are included in the Section 5 programmes of work.
TARGET For the Regulatory Period (1 April 2015 to 31 March 2020) Vector’s SAIDI target has been set at 96.0364 minutes (refer to DPP). 2.6 CYBER SECURITY AND PRIVACY We are committed to investing in technology solutions, processes and capabilities to ensure that we appropriately protect and detect potential disruptive security events that could impact our network services or customer privacy. The threat of a successful attack is ever present and we can therefore no longer solely rely on detective and preventative controls to mitigate the risk. Robust recovery strategies are also required to be able to quickly respond and recover to limit the impact. While our ability to meet any service targets is highly dependent on the nature and complexity of each attack we have set ourselves clear performance targets for the detection, containment and recovery from a cyber security incident. Effective processes and procedures have been developed to ensure our service targets can be met (or where possible exceeded) and Vector is very committed to achieving these. A description of the service levels is included below however, we do not publish the actual service level targets due to commercial sensitivities and for security reasons.
The table below summarises the how we define security incidents for the purposes of our targets:
PRIORIT Y
DESCRIPTION
NARRATIVE
1
Critical Incident
Interruption making a critical function inaccessible or a complete network interruption causing a severe impact on service availability. There is no possible alternative function/service available. Critical functions or network services are interrupted, degraded or unusable, having a severe impact on availability. No acceptable alternative is possible. Non-critical functions or services, are unusable or have intermittent issues resulting in an operational impact, but with no significant or direct impact on availability.
2
Priority Incident
3
Standard Incident
Table 2-12 Incident levels for cyber security
2.6.1 INCIDENT DETECTION SERVICE LEVEL
DEFINITION This service level measures the effectiveness of our security systems/Security Operations Centre (SOC) to analyse potential security threats and detect actual security events that require action and containment by the Cyber Security team. This service target has recently been introduced in RY19 and coincides with the launch of our improved SOC and detection capabilities. MEASUREMENT The service level is based on the time from the detection of an actual cyber event or threat by our SOC to the alerting/escalation for action to the Cyber security team. DEFINITION This service level measures the effectiveness of our security systems/Security Operations Centre (SOC) to quickly analyse actual security events and provide an appropriate containment strategy that minimises the impact to the Vector network. This service target has recently been introduced in RY19 and coincides with the launch of our improved SOC and detection capabilities. MEASUREMENT This service level measures the time from the detection of an actual cyber event or threat by our SOC to the development of the containment strategy to be implemented and managed by the Cyber Security team. 2.6.2 INCIDENT RESPONSE SERVICE LEVEL
Made with FlippingBook - professional solution for displaying marketing and sales documents online