Effective data security starts with assessing what information you have and identifying who has access to it. Understanding how personal information moves into, through, and out of your business and who has—or could have—access to it is essential to assessing security vulnerabilities. You can determine the best ways to secure the information only after you’ve traced how it flows.

The electricity subsector1 cybersecurity Risk Management Process (RMP) guideline has been developed by a team of government and industry representatives to provide a consistent and repeatable approach to managing cybersecurity risk across the electricity subsector. It is
intended to be used by the electricity subsector, to include organizations responsible for the generation, transmission, distribution, and marketing of electric power, as well as supporting
organizations such as vendors. The RMP is written with the goal of enabling organizations— regardless of size or organizational or governance structure—to apply effective and efficient
risk management processes and tailor them to meet their organizational requirements. This guideline may be used to implement a new cybersecurity program within an organization or to build upon an organization’s existing internal cybersecurity policies, standard guidelines, and
procedures.