Summary
We decided to audit ICS because we believe Albertans may be at risk if ICS are unsecured or do not meet minimum IT security standards.
Objective and Scope
Our audit objective was to determine what the AUC’s role is with respect to objections and complaints filed in connection with the approval of the Alberta Reliability Standards – IT security standards for ICS, and if there are effective AUC processes to carry out that role.
Conclusion
The Alberta Utilities Commission (AUC) fulfilled its role and followed its processes, as required by regulation, to adjudicate and approve the IT security standards recommended by the Alberta Electric System Operator (AESO). However, Alberta’s electrical operators do not have to comply with the newly-approved IT security standards until October 2017.