Effective October 1, 2020, LADWP is required to comply with North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standard-013. Pursuant to the CIP-013 Standard and LADWP’s CIP-013 Supply Chain Cyber Security Risk Management Plan, LADWP must implement changes to its procurement process and prequalify vendors that participate in bidding opportunities for the procurement of cyber assets, equipment, software, or services supporting the Bulk Electric System.

A Bulk Electric System is defined as facilities and control systems necessary for operating an interconnected electric energy network including electrical generation, transmission, and interconnection systems and all associated software and equipment used to control and operate voltages of 100 kV or higher.

To be prequalified by LADWP, vendors are required to provide a cybersecurity risk profile information that will be evaluated by LADWP. This evaluation includes an assessment of the vendor’s organization, access control, technical controls, incident response, network security, and overall security posture.

All LADWP Invitation for Bids and Request for Proposals for the procurement of cyber assets, equipment, software, or services supporting the Bulk Electric System will be exclusively advertised to vendors that are on LADWP’s Prequalified List of Cyber Vendors.

Vendors that seek to be prequalified by LADWP shall review the document titled LADWP – New Regulation for Procurement of Cyber Assets and Services and submit a completed copy of the CIP-013 Vendor Risk Assessment Questionnaire to VendorCyberRisk@ladwp.com for evaluation.

LADWP will manage all inherent and residual risks based on established practices and in accordance with the CIP-013 Supply Chain Cyber Security Risk Management Plan.