Don Daigler Director of Business Resiliency and Corporate Real Estate

1 September 2, 2015

Cross-Functional Integration & Operational Best Practices for Resilience Planning

Overview of SCE

2

• 14 million people • 180 incorporated cities • 15 counties • 125 years of reliable electric service • One of the nation’s largest IOU’s • 50,000 square miles of service area • 5,000 large businesses • 280,000 small businesses • Leader in alternative/renewable

energy • Focus on employee/public safety

Pacificorp

LADWP IID

Glendale Burbank Pasadena

San Francisco

San Diego

Los Angeles

SDG&E

PG&E

SMUD

Edison

The ability of an organization’s business operations to rapidly adapt and respond to internal or external dynamic changes – opportunities, demands, disruptions or threats – and continue

operations with limited impact to the business.

3

1987

1994

2011

2012

2013

2014

2015

2016 Proposed focus on climate change and drought impacts Background/Timeline

• Director w/emergency management experience • Expanded internal coordination

Business Resiliency Department Established

San Gabriel Wind Storm

• Preparedness & response analysis • Davies Report • Implementation of the IICS • Corporate Storm Performance

Improvement Program

Northridge Earthquake

• Moderate system damage in substations • First use of drop, cover, and hold

• Corporate headquarters building damaged • Emergency Response Coordinators and

Life Safety Coordinators • Storage of emergency survival supplies

Whittier Narrows Earthquake

Cyber & Physical Security Focus

• Engaging National Guard, DHS, FBI, and local law enforcement

• Critical Lifelines Group with Dr. Lucy • Support CA Capstone exercise design • Working with National Academy of

Sciences on supply chain resilience • Enhanced mutual assistance through EEI

Capability Building • Building department and response capabilities • Benchmarking and draft resiliency strategy • External stakeholder outreach

Earthquake Exercise

• Partner Caltech & USGS for early warning infrastructure • Facility seismology study • Developed All Hazards Plan (earthquake planning factors) • Great Shakeout & Train 1st Responders in Safety • Partner with DHS on Cajon Pass Resiliency Assessment • Improvements to spare transformer program • Communications (SCE Alert, SCE.com, mobile apps • SCE reps at county Emergency Operation Centers

Business Resiliency

Continuity of Operations

Business Continuity

Crisis Communications

Disaster Recovery

Cyber Security

Incident Response

Occupant Emergency

Critical Infrastructure Protection

Programs Supporting Resiliency

Employee & Family Preparedness

5

Governance Model The Business Resiliency governance model utilizes a tiered framework to maximize cross component coordination, while ensuring consistency and open communication across Organizational Units.

Matrixed Stakeholders

Business Resiliency Oversight Council (BROC)

Utility Operating Committee (UOC)

Subject Matter Experts (SMEs)

Governance Stakeholders

6

Aligning Business Functions

7

Business Continuity

Plan

Disaster Recovery

Plan Critical

Applications Critical

Infrastructure

Critical Business Process

Business Impact Analysis

National Preparedness Cycle

8

Train and equip personnel responsible for executing plans

Exercise company capability to manage emergencies

Stakeholder engagement Development of plans

Evaluate capability Develop corrective actions Improve capability

Preparedness

Planning Hierarchy

8888

Strategic Plans High level concepts and strategies, primarily

targeting company executives Business Resiliency Strategy Crisis Communications

Strategic Plan

Operational Plans Broad corporate actions available for

execution following an emergency; primary audience Incident Commander

Corporate All-Hazards Plan Cyber & Physical Security

annex Corporate Storm plan/annex

Tactical Plans Details the specific actions taken by

technical teams to execute corporate actions outline in operational plans

Cyber Security Incident Response Plan

Business Continuity Plans IT Disaster Recovery Plans

Procedures Provides step-by-step

guidelines for executing a specific function

Internal OU procedures/Job Aids

Risk and Business Impact Analysis

9

Incident Command Structure (Incident Management Teams)

Incident Support

Team

Electrical Service IMT

Generation IMT IT IMT

Security Facilities

IMT

Corp Comm

Government Affairs

Customer Service

Power Supply &

Ops Srvcs Human

Resources

Information Technology

Finance

Regulatory Affairs

Legal

Transmission &

Distribution

Governance

10

Crisis Management

Council SME

Team Qualification/ReQualification Requirements

All Roles

• Shadow qualified personnel

• 2 exercises and/or activations

• 2 User Groups

• Audit Class

• Qual card sign off by BR Authority

Basic ICS

Position Task Book

Position Specific

IntermediateAdvanced

ICS

All Roles

Incident Commander

Public Info Officer

Liaison Officer

Operations Chief

Planning Chief

Logistics Chief

Finance Chief

Safety Officer

• ICS-300 (All Roles)

• ICS-400 (Incident Support Team Only)

• FEMA Independent StudyWBT

All Roles

• ICS-100

• ICS-200

• ICS-700

• ICS -320 Annual Refresher

11

• 2014 All Hazards Exercise Series • 2015 Cyber/Physical Security Exercise Series • 2016 Environmental Exercise Series

SCE Cyber Physical Security Annexes

Crawl

Red Team Weight 10%

Walk

ROC Drill Weight 20%

Run

FSE Weight 50%

HSEE

P Ex

tern

ally

Eva

luat

ed

Cyber/Physical Security Exercises

SCE Exercise Program

12

Annual and Quarterly Drills

Corrective Actions

Evaluate and Improve • Conduct Hotwash (drills,

exercises, & incidents) • Lessons Learned and After

Actions Captured • Corrective Actions Tracked

13

• Purpose – Articulates resiliency standards and serves as the baseline for

measuring resiliency capabilities • Based on IBM’s Resiliency Tiers

– IBM Resiliency Tiers: Platinum, Gold, Silver, and Bronze • Resiliency Tiers used for Metrics and Scorecard

Gold

Silver

Bronze

Platinum

0

100

125

25

50

75

SafetyCompliance

Criticality =Impact x Risk

Resiliency

Self -AssessedPerformance-Based Indicato1. Plans & Proc2. Training3. Exercise

Business Resiliency Tiers & Scorecard

14

Questions & Answers

September 2, 2015 15