Section 1220-04-15-.05 - FAILURE TO COMPLY; SANCTIONS(1) A utility fails to comply with these rules, and is considered in non-compliance, when: (a) The company does not file documentation required by these rules showing that it has prepared a cybersecurity plan by July 1 of each calendar year; or(b) The company does not file documentation required by these rules showing that it has implemented that cybersecurity plan by July 1 of each calendar year.(2) After a hearing, the Commission may impose reasonable sanctions, including civil and monetary penalties, against a utility in non-compliance with these rules.(3) Monetary penalties imposed by the Commission will be consistent with the statutory limit set in T.C.A. § 65-4-120.(4) If the Commission determines that sanctions shall include a monetary penalty, it may consider: (a) The efforts by the utility to comply with these rules;(b) The financial stability of the utility; and(c) The impact of non-compliance on customers of the utility.(5) The Commission may require a utility to establish a separate fund to further support its compliance with these rules.(6) Any utility in non-compliance shall be reported to the General Assembly in accordance with T.C.A. § 65-4-127(f).Tenn. Comp. R. & Regs. 1220-04-15-.05
New rules filed June 27, 2023; effective 9/25/2023.Authority: T.C.A. §§ 65-2-102, 65-4-120, and 65-4-127.