Other Business Protections
In addition to cyber security measures, we have business continuity and disaster recovery plans in place. Every business unit has a business continuity plan specific to its needs that addresses people, processes, property and other factors. For example, we have plans to respond to a pandemic that could cause widespread employee absences and supply disruptions, affecting our ability to serve our customers.
We benchmark our business continuity plans against our peers, recently using the Edison Electric Institute Business Continuity Benchmark survey. In addition, AEP maintains a 24/7 IT Disaster Recovery Center that makes it possible for us to continue operations in the event of a disaster. Although our disaster recovery infrastructure is continuously monitored and is in a state of readiness, we will analyze the recovery prioritization of business processes to ensure those priorities reflect today’s business environment and needs.
Since 2008, AEP has been subject to the federal government’s Red Flag legislation, which requires financial institutions and creditors to have a personally identifiable information (PII) protection program in place. AEP is considered a “creditor” under this legislation and must provide protection for the customer information we collect. In 2012, AEP’s Red Flag team went into action when scammers targeted customers with threats of disconnection unless they immediately paid their outstanding bill, using a prepaid money card. Collaboration between the Red Flag team and AEP Security identified patterns of the scam that helped determine which customers were being targeted and why. The team also made follow-up calls to customers who reported the incidents to inform them of the scam and provide tips to protect themselves from harm.