(First Edition) - rsb.gov.aersb.gov.ae/assets/documents/2086/regsbcm2014en.pdfThe Business...

Septem

ber 20

14

Issued by:The Regulation and Supervision Bureau

The Business Continuity Management Regulations for Drinking Water, Wastewater and Electricity Services (First Edition)

Pu

blicatio

n N

o. E

D/R

01/10

1

النسخة العربية متوفرة أيضًا

Th

e Bu

siness C

on

tinu

ity Man

agem

ent R

egu

lation

s for D

rinkin

g W

ater, Wastew

ater and

Electricity Services

The Business Continuity Management Regulations for Drinking Water, Wastewater and Electricity Services(First Edition)

September 2014

Issued by

The Regulation and Supervision Bureau

for the water, wastewater and electricity sector

in the Emirate of Abu Dhabi

www.rsb.gov.ae

1 September 2014

The Business Continuity Management Regulations for

Drinking Water, Wastewater and Electricity Services

(First Edition)

The Business Continuity Management Regulations for Drinking Water, Wastewater and Electricity Services (First Edition)2

The Business Continuity Management Regulations for Drinking Water, Wastewater and Electricity Services (First Edition) 3

Foreword

The Regulation and Supervision Bureau (the Bureau) is established in Abu Dhabi law to oversee the economic and technical activities of the water, wastewater, and electricity companies that are licensed to operate in the Emirate of Abu Dhabi.

In addition to its duties over licensed companies, the Bureau has certain responsibilities towards the general public, including the assurance of safe, adequate, and secure provision of water, wastewater, and electricity supplies to customers and these Regulations have been produced with this primary aim in mind.

They may be cited as the Business Continuity Management Regulations for the Drinking Water, Wastewater and Electricity Services (First Edition), referred hereafter as “the Regulations”.

These Regulations are issued by the Bureau in accordance with Section 3 of Part 1 of National Emergency Crisis and Disasters Management Authority (NCEMA) Standard 7000:2012 (as defined in these Regulations), to ensure entities in the water, wastewater, and electricity sectors in the Emirate of Abu Dhabi develop a Business Continuity Programme and Business Continuity Plans in compliance with NCEMA 7000:2012. Accordingly, these Regulations establish a Business Continuity Programme for the drinking water, wastewater, and electricity sectors in the Emirate of Abu Dhabi and those Licensees supplying the Emirate of Abu Dhabi.

These Regulations have been produced following extensive consultation with sector stakeholders.

This Guide is also available in Arabic, but the reader should note it was first written in English. It may also be downloaded from the Bureau’s website at www.rsb.gov.ae

Saif Saeed Al QubaisiA/ Director General

1 September 2014



Acknowledgements

The Bureau gratefully acknowledges the contributions, comments, and referenced documentation from the following organisations:

a) External information instrumental to the development of these Regulations:

• Australian/ New Zealand Standard 5050:2010, Managing Disruption Related Risk;

• British Standard 25999-2: 2007 Business Continuity Management – Part 2: Specifications;

• International Standard Organisation (ISO) 22301:2012, Societal Security – Business Continuity Management Systems – Requirements;

• International Standard Organisation (ISO) 31000: 2009, Risk Management;

• Singapore Standard 540:2008, Business Continuity Management;• United Arab Emirates, National Emergency Crisis and Disasters

Management Authority (NCEMA) Standard 7000:2012, Business Continuity Management;

• United Arab Emirates, National Electronic Security Authority (NESA), National Information Assurance Framework (NIAF) Policy, version 1.0, 2013;

• United Arab Emirates, National Electronic Security Authority (NESA), Critical Information Infrastructure Protection (CIIP) Policy, version 1.0, 2013;

• United Arab Emirates, National Cyber Security Strategy, version 1.0, 2013; and

• United States, National Fire Protection Association (NFPA) Standard 1600:2013, Disaster/ Emergency Management and Business Continuity Programs.

b) Government organisations:

• Abu Dhabi Food Control Authority (ADFCA); • Abu Dhabi Water and Electricity Authority (ADWEA);• Abu Dhabi Water and Electricity Company (ADWEC);• Critical Infrastructure and Coastal Protection Authority (CICPA) ; • Emirates Nuclear Energy Corporation (ENEC);• Environment Agency – Abu Dhabi (EAD);• Federal Authority for Nuclear Regulation (FANR);• Health Authority – Abu Dhabi (HAAD);• National Emergency Crisis and Disasters Management Authority

(NCEMA);• National Electronic Security Authority (NESA); and• Telecommunications Regulatory Authority (TRA).


c) Licensees:

• Abu Dhabi Company for Servicing Remote Areas (RASCO);• Abu Dhabi Distribution Company (ADDC);• Abu Dhabi Sewerage Services Company (ADSSC);• Abu Dhabi Transmission and Despatch Company (TRANSCO);• Arabian Power Company (APC);• Al Ain Distribution Company (AADC);• Al Etihad Biwater Waste Water Company PJSC;• Al Mirfa Power Company (AMPC);• Al Wathba Veolia Besix Waste Water Company PJSC;• Emirates Aluminium (EMAL);• Emirates CMS Power Company (ECPC);• Emirates Sembcorp Water and Power Company (ESWPC);• Fujairah Asia Power Company (FAPC);• Gulf Total Tractebel Power Company (GTTPC);• Manazel (Corodex);• Ruwais Power Company (RPC);• Shams Power Company PJSC;• Shuweihat Asia Power Company (SAPCO);• Shuweihat CMS International Power Company (SCIPCO); and• Taweelah Asia Power Company (TAPCO).

d) Fuel and gas suppliers:

• Abu Dhabi Gas Industries Limited (GASCO); and• Dolphin Energy Limited (DEL).

In particular, the Bureau wishes to acknowledge the permission granted by the Emirates Authority for Standardization and Metrology (as the UAE’s national ISO member) for the use in these Regulations of definitions taken from ISO 22300:2012 and ISO 22301:2012.


Document numbering

These Regulations use the following numbering system:

Parts are referenced by integers (e.g. 1, 2, etc.)

Regulations are referenced by one full stop between numbers (e.g. 1.1, 1.2, etc.)

Clauses are referenced by two full stops between numbers (e.g. 2.2.1, 3.1.2, etc.)

Sub-Clauses are referenced by lower-case letters between parentheses (e.g. (a), (b), etc.)



Table of contents

1 Introduction 111.1 Citation 111.2 Commencement 111.3 Purpose 111.4 Scope 111.5 Supporting information 12

2 Definitions� 132.1 Interpretation 132.2 Definitions 13

3� Business Continuity Programme Requirements 173.1 Define criteria for executing the Business Continuity

Programme 173.2 Define the scope of the Business Continuity Programme 173.3 Establish a Business Continuity Management Committee 173.4 Appoint a Business Continuity Coordinator 183.5 Conduct Business Impact Analysis 193.6 Assess Risk 193.7 Develop Business Continuity Strategies 203.8 Measure effectiveness 203.9 Provide awareness and training 203.10 Conduct Tests and Exercises 213.11 Continue improving Business Continuity Programme 21

4 Business�Continuity�Management�hierarchy� 234.1 Business Continuity Management hierarchy for the

water, wastewater, and electricity sectors in the Emirate of Abu Dhabi 23

4.2 Business Continuity Management duties of the Bureau 234.3 Business Continuity Management duties of ADWEA 244.4 Business Continuity Management duties of ADSSC 244.5 Business Continuity Management duties of Licensees 24

5 Business Continuity Programme Requirements 255.1 Business Continuity Management documentation 25

6 Business Continuity Programme Requirements 276.1 Establishment of the Review Panel 276.2 Role of the Review Panel 276.3 Review Panel membership 276.4 Review Panel rules 28

10 The Business Continuity Management Regulations for Drinking Water, Wastewater and Electricity Services (First Edition)

7 Review of Bureau decisions 297.1 Application for review 297.2 Bureau request for information 297.3 Bureau decision 29

8 Failure�to�comply�with�Regulations� 318.1 Compliance and enforcement 318.2 Reporting failures 31

9 Governing�law� 339.1 Governing law 33

11

1


1.1 Citation

1.1.1 These Regulations shall be cited as the Business Continuity Management Regulations for Drinking Water, Wastewater, and Electricity Services (First Edition), referred to hereafter as “the Regulations”.

1.1.2 These Regulations are issued by the Bureau pursuant to Article 62 of Law No (2).

1.2 Commencement

1.2.1 These Regulations come into force on 1 September 2014 with full compliance expected by 31 August 2016, unless otherwise agreed upon in writing by the Bureau.

1.3� Purpose

1.3.1 In accordance with the Business Continuity objectives of the United Arab Emirates (UAE) Government and the Emirate of Abu Dhabi, Licensees in the water, wastewater, and electricity sectors are to build a Business Continuity Programme to ensure the continued performance of their Mission Critical Processes and Functions (at a minimum) during and following an emergency, crisis, or disaster.

1.3.2 These Regulations are issued in compliance with International Standard Organisation (ISO) 22301:2012 Societal Security – Business Continuity Management Systems – Requirements; National Emergency Crisis and Disasters Management Authority (NCEMA) Standard 7000: 2012, as amended; Executive Council Circular No (4) of 2012 concerning management of Business Continuity; and Executive Council Resolution No (19) of 2012, as amended.

1.4 Scope

1.4.1 Subject to Clause 1.4.2, these Regulations apply to all water, wastewater, and electricity Licensees in the Emirate of Abu Dhabi and those supplying the Emirate of Abu Dhabi.

1.4.2 Small Scale Licensees (as defined in the Bureau’s Current Scale of Charges and Services) i.e.

1Introduction

12

1


a) in the case of electricity generation and/or desalination, Licensees with a licensed generation and/or desalination capacities of less than 50MW or 2.5MGD respectively; and

b) in the case of wastewater services, Licensees with a capacity to collect, treat or dispose of less than 10,000 cubic meters per day;

shall be subject to a simplified and templated BCM mechanism tailored to the size and complexity of operations. Additional detail is provided in the Guide for the relevant sector.

1.4.3 These Regulations may be amended or revoked by the Bureau at any time.

1.4.4 Nothing in these Regulations is intended to conflict with or affect the operation of any Federal or Abu Dhabi law, regulation, decree, order, or other ordinance.

1.5 Supporting information

1.5.1 As at the date of publication, these Regulations are supplemented by three Guides which contain details on implementing the requirements set out in these Regulations. The Guides include:

a) a Business Continuity Management Regulations Guide for Drinking Water Services;

b) a Business Continuity Management Regulations Guide for Wastewater Services; and

c) a Business Continuity Management Regulations Guide for Electricity Services.

The Bureau may from time to time issue further supplemental Guides or explanatory information in respect of these Regulations.

13The Business Continuity Management Regulations for Drinking Water, Wastewater and Electricity Services (First Edition)

Definitions 2

2.1 Interpretation

2.1.1 Words defined in this Part begin with capital letters when used in the Regulations.

2.1.2 Words and expressions other than those defined in these Regulations which are defined in Law No (2), shall have the meanings ascribed to them in Law No (2).

2.1.3 Words and expressions to which meanings are assigned by these Regulations shall (unless the contrary intention appears) have the same respective meanings in any document issued by the Bureau under these Regulations.

2.1.4 Words using the singular or plural number also include the plural or the singular number respectively.

2.1.5 Unless otherwise specified, days shall mean calendar days.

2.2 Definitions

The following words and expressions shall have the following meanings in these Regulations unless the context otherwise requires.

ADSSC – means Abu Dhabi Sewerage Services Company.

ADWEA – means Abu Dhabi Water and Electricity Authority.

ADWEA Affiliated Entity – means any Licensee whose activities are managed by ADWEA and/or in which ADWEA directly or indirectly owns or controls shares or similar interests.

Bureau – means the Regulation and Supervision Bureau for the water, wastewater and electricity sectors in the Emirate of Abu Dhabi as established by Law No (2).

Business Continuity – means “the capability of the organisation to continue delivery of products or services at acceptable predefined levels following disruptive Incident” (SOURCE: ISO 22300:2012).

Business Continuity Coordinator – shall have the meaning ascribed to it in Regulation 3.4.

Business Continuity Management (BCM) – means a “holistic management process that identifies potential Threats to an organisation and the Impacts to business operations that those Threats, if realised, might cause, and which provides a framework for building organisational Resilience with the capability of an effective response to

14

2


safeguard the interests of its key stakeholders, reputation, brand, and value-creating activities” (SOURCE: ISO 22301:2012).

Business Continuity Management Committee – shall have the meaning ascribed to it in Regulation 3.3.

Business Continuity Plan (BCP) – means “documented procedures that guide organisations to respond, recover, resume, and restore to a pre-defined level of operation following disruption” (SOURCE: ISO 22301:2012), and Business Continuity Planning means the development of such procedures.

Business Continuity Programme – means “on-going management and governance process supported by executive management and appropriately resourced to implement and maintain Business Continuity Management” (SOURCE: ISO 22301:2012).

Business Continuity Strategy – means “a strategic approach by an organisation to ensure its recovery and continuity in the face of a disaster or other major incidents or business Disruptions”, (SOURCE: BCI Dictionary of BCM Terms 2011).

Business Impact Analysis (BIA) – means the “process of analysing activities and the effect that a business Disruption might have upon them” (SOURCE: ISO 22300:2012).

Countermeasures – means strategies used to reduce the Likelihood of a Risk occurring, the Vulnerability to a Risk, or the Impact of a realised Risk and/or Business Continuity event.

Dependencies – means the relationships, inputs, outputs, supplies, and suppliers needed for the performance of the Mission Critical Processes and Functions.

Disruption – means “an event that interrupts normal business, functions, operations, or processes, whether anticipated (e.g., hurricane, political unrest) or unanticipated (e.g., a blackout, terror attack, technology failure, or earthquake)” (SOURCE: BCI Dictionary of BCM Terms 2011).

Entity – means any entity or organisation, whether incorporated or unincorporated, commercial or charitable, private or public (government) sector, and includes individual persons.

Exercise – means a “process to train for, assess, practice, and improve performance in an organisation” (SOURCE: ISO 22300:2012).

15

2

Defi

nitions


Full-scale Exercise – means an exercise designed as close to the real event/ emergency as possible. It is an exercise, which takes place on location, using the capabilities and personnel that would be called upon in a real emergency event.

Functional Exercise – means an exercise designed for personnel to validate their operational readiness for emergencies by performing their duties in a simulated operational environment. Functional exercises allow staff to execute their roles and responsibilities as they would in an actual emergency, but only focusing on the capability of one or more functions.

Guide – means one or more of the three guides issued with, and any additional guides issued in respect of these Regulations. These Guides provide contextual information, relevant to each of the three sectors, necessary for implementing the higher level strategic intent of these Regulations.

Impact – means immediate, short- and long-term effects of a malevolent attack or natural hazard.

Incident – means a “situation that might be, or could lead to, a Disruption, loss, emergency, or crisis” (SOURCE: ISO 22300:2012).

Key Performance Indicator (KPI) – means a set of quantifiable measures that an organisation uses to gauge or compare performance towards meeting specific goals.

Law No (2) – means Law No (2) of 1998 concerning the regulation of the water and electricity sectors in the Emirate of Abu Dhabi, as amended.

Licensee – means the holder of a licence issued by the Bureau.

Likelihood – means “the chance of something happening, whether defined, measured or estimated objectively or subjectively” (SOURCE: BCI Dictionary of BCM Terms 2011).

Mission Critical Processes and Functions – means the processes / functions necessary for sustaining a Licensee’s core business operations. These are processes / functions that 1) constitute the Licensees’ core service offerings, 2) satisfy the Licensees’ contractual and legal requirements, and 3) must be continued throughout an emergency or resumed rapidly after a Disruption of normal activities.

NCEMA – means the National Emergency Crisis and Disasters Management Authority of the Supreme National Security Council of the United Arab Emirates.

16

2


NCEMA 7000:2012 – means the Business Continuity Management Standard AE/HSC/7000:2012 Version (1) issued by the National Emergency Crisis and Disasters Management Authority of the Supreme National Security Council of the United Arab Emirates.

NESA – means the National Electronic Security Authority.

Recovery Point Objective (RPO) – means the “point to which information used by an activity must be restored to enable the activity to operate on resumption” (SOURCE: ISO 22301:2012).

Recovery Time Objective (RTO) – means the “period of time following an Incident within which 1) a product or service must be resumed, or 2) an activity must be resumed, or 3) Resources must be recovered” (SOURCE: ISO 22301:2012).

Resilience – means the ability to reduce the magnitude and/or duration of a Disruption. It is the ability to anticipate, absorb, adapt to, and/or rapidly recover from a potential Disruption and return to normal business operations.

Resources – means all “assets, people, skills, information, technology (including plant and equipment), premises, and supplies and information (whether electronic or not) that an organisation has to have available to use, when needed, in order to operate and meet its objectives” (SOURCE: ISO 22301:2012).

Review Panel – means the Business Continuity Management (BCM) Review Panel established under Regulation 6.1 to provide advice and guidance to the Bureau in relation to the development and implementation of these Regulations.

Risk – means the “effect of uncertainty on objectives” (SOURCE: ISO 22301:2012).

Test – means a “particular type of Exercise which incorporates an expectation of a pass or fail element within the goal or objectives of the Exercise being planned” (SOURCE: ISO 22300:2012).

Threat – means a man-made or natural event with the potential to cause harm.

UAE – means the United Arab Emirates.

Vulnerability – means the inherent state of a system (e.g., physical, technical, organisational, cultural) that can be exploited by an adversary or impacted by a natural hazard to cause harm or damage.


Business Continuity Programme Requirements 3

3.1� Define�criteria�for�executing�the�Business�Continuity Programme

3.1.1 All Licensees shall clearly define their own organisational criteria and triggers for executing a Business Continuity response in accordance with their Business Continuity Programme in the event of a Disruption.

3.2� Define�the�scope�of�the�Business�Continuity�Programme

3.2.1 Each Licensee shall define the scope of its Business Continuity Programme in terms of:

a) all Mission Critical Processes and Functions;

b) the applicable legal, regulatory, and contractual requirements for its Mission Critical Processes and Functions;

c) the activities, including Resources, supporting its Mission Critical Processes and Functions; and

d) the internal and external partners, for example Dependencies, contributing to the performance of its Mission Critical Processes and Functions.

3.3� Establish a Business Continuity Management Committee

3.3.1 Each Licensee shall establish a Business Continuity Management Committee, or equivalent corporate group, to address organisational, functional, and operational issues related to Business Continuity Planning.

3.3.2 The Business Continuity Management Committee, or equivalent, shall be responsible for:

a) developing a BCM policy to outline the principles and context for the Licensee’s Business Continuity Programme;

b) providing for the overall direction of the Licensee’s Business Continuity Programme;

c) setting roles, responsibilities and accountability for the Licensee’s Business Continuity Programme;

d) monitoring the performance of the Licensee’s Business Continuity Programme;

18

3


e) providing the necessary Resources for the Licensee’s Business Continuity Programme; and

f) making decisions on behalf of the Licensee in times of emergency, crisis, or disaster, or delegating responsibility to non-Business Continuity Management Committee members who possess the requisite authority to make decisions on behalf of the Licensee in times of emergency, crisis, or disaster.

3.3.3 At a minimum, the Business Continuity Management Committee shall be composed of the following:

a) a Business Continuity Coordinator in accordance with Regulation 3,4; and

b) the Licensee’s principal officers.

Depending on size or complexity of operations, Licensees may elect to include additional positions, such as those listed below, on the Business Continuity Management Committee:

c) the directors of departments and/or business units;

d) human resource representatives; and

e) subject matter experts deemed necessary for the continuation of the Licensee’s Mission Critical Processes and Functions.

3.4� Appoint a Business Continuity Coordinator

3.4.1 Each Licensee shall appoint a Business Continuity Coordinator, or allocate the duties and functions of the Business Continuity Coordinator to appropriate staff, to manage its Business Continuity Programme.

The Business Continuity Coordinator shall be responsible for:

a) ensuring compliance with these Regulations;

b) maintaining Business Continuity Management documentation in accordance with Regulation 5.1;

c) developing Business Continuity Strategies in accordance with Regulation 3.7;

d) implementing Business Continuity Strategies; and

e) maintaining and updating Business Continuity Strategies.

19

Bu

sin

ess

Co

nti

nu

ity

Pro

gra

mm

e R

equ

irem

ents

3


3.4.2 The Business Continuity Coordinator shall have sufficient competence in Business Continuity Management as demonstrated by an accreditation from an international Business Continuity accreditor and/or the equivalent amount of subject matter expertise relevant to BCM, as approved in writing by the Bureau.

3.4.3 The Business Continuity Coordinator shall have the knowledge, skills, and abilities to understand the Licensee’s business functions as performed under normal conditions.

3.5� Conduct Business Impact Analysis

3.5.1 Each Licensee shall identify and document its Mission Critical Processes and Functions.

3.5.2 Each Licensee shall identify and document the Resources and Dependencies necessary for the performance of each process and business function necessary for sustaining Mission Critical Processes and Functions.

3.5.3 Each Licensee shall identify, assess and document the potential Impacts to their overall business operations if each Mission Critical Process and Function is not performed.

3.5.4 Each Licensee shall determine and document the RTO for all Mission Critical Processes and Functions.

3.5.5 Each Licensee shall determine and document the RPO for all Mission Critical Processes and Functions.

3.5.6 Each Licensee shall prioritise and document its Mission Critical Processes and Functions according to RTOs and RPOs.

3.5.7 Each Licensee shall determine and document the single points of failure that may adversely affect the execution of its Mission Critical Processes and Functions.

3.6� Assess Risk

3.6.1 Each Licensee shall identify the Threats to its Mission Critical Processes and Functions as well as the Threats to the Resources supporting these Mission Critical Processes and Functions.

3.6.2 Each Licensee shall assess the Impact of the identified Threats against each of its Mission Critical Processes and Functions.

20

3


3.6.3 Each Licensee shall assess the Vulnerabilities that would allow a Threat to cause these Impacts.

3.6.4 Each Licensee shall assess the Likelihood of the identified Threats against each of its Mission Critical Processes and Functions.

3.6.5 Each Licensee shall calculate the Risk to its business operations based on Impact, Vulnerability, and Likelihood.

3.6.6 Each Licensee shall evaluate the results of the Risk calculation and identify Countermeasures to reduce those Risks. Each Licensee shall implement Countermeasures to improve the Resilience of its business.

3.7� Develop Business Continuity Strategies

3.7.1 Each Licensee shall develop Business Continuity Strategies for its Mission Critical Processes and Functions according to the RTOs and RPOs identified in the BIA (see Clauses 3.5.4, 3.5.5, and 3.5.6).

3.7.2 Business Continuity Strategies shall include Business Continuity Plans, emergency plans, disaster management plans, disaster recovery plans, crisis communication plans and any other documentation or plans as determined by the Licensee.

3.7.3 Each Licensee shall develop an appropriate framework of Business Continuity Strategies, as outlined in Clause 3.7.2, to suit their needs and scope of operations.

3.8� Measure�effectiveness

3.8.1 Each Licensee shall annually evaluate the effectiveness of its Business Continuity Programme with tools such as management reviews, internal audits, and measurement against KPIs.

3.9� Provide awareness and training

3.9.1 Each Licensee shall implement a BCM training and awareness programme for its internal staff and external stakeholders, such as suppliers and beneficiaries.

21

Bu

sin

ess

Co

nti

nu

ity

Pro

gra

mm

e R

equ

irem

ents

3


3.9.2 Each Licensee shall provide, at a minimum, annual BCM training to relevant personnel with a responsibility for Mission Critical Processes and Functions.

3.9.3 Licensees shall provide BCM awareness training to new employees with a responsibility for Mission Critical Processes and Functions within three months of employment.

3.9.4 Each Licensee shall document and maintain records of its BCM awareness and training efforts.

3.10� Conduct�Tests�and�Exercises

3.10.1 Each Licensee shall conduct, at a minimum, annual Tests of its Resources supporting Mission Critical Processes and Functions.

3.10.2 Quarterly, each Licensee shall conduct Functional Exercises or Exercises to evaluate the accuracy and efficacy of its framework of Business Continuity Plans.

3.10.3 Annually, each Licensee shall conduct a Full-scale Exercise based on appropriate scenarios to validate the components of its Business Continuity Programme.

3.10.4 Each Licensee shall document and maintain the findings and corrective actions from each BCM Test and Exercise.

3.11� Continue improving Business Continuity Programme

3.11.1 Each Licensee shall annually review and update its Business Continuity Plan, or more frequently as significant changes occur.

3.11.2 Each Licensee shall annually review and update its Business Continuity Programme, or more frequently as significant changes occur.



Business Continuity Management hierarchy 4

4.1 Business Continuity Management hierarchy for the water, wastewater, and electricity sectors in the Emirate of Abu Dhabi

4.1.1 Licensees shall refer to the hierarchy of plans and authorities for Business Continuity as illustrated in Figure 1. This hierarchy is for illustrative purposes only; it does not assign regulatory authority.

Figure 1: Business Continuity Management hierarchy for water, wastewater, and electricity sectors

4.2 Business Continuity Management duties of the Bureau

4.2.1 The Bureau shall chair the BCM Review Panel for the first 2 years following the inaugural meeting. On the second anniversary of the Review Panel, the Bureau shall relinquish the chairman position and a representative of ADWEC shall assume the position. The Bureau shall coordinate routine reviews of these Regulations and monitor compliance with these Regulations.

ADSSC corporate Business Continuity Policy and Plans

ADWEA corporate Business Continuity Policy and Plans

Regulation and Supervision Bureau

Federal Authority

NCEMA 7000:2012 BCM Standard and Guide

Electricity & drinking water network lead stakeholder

Wastewater network lead stakeholder

Electricity & water network

companies

Electricity & water

producers

Business Continuity

Plans

Business Continuity Management Regulations

Business Continuity

Plans

Business Continuity

Plans

Business Continuity

Plans

Large wastewater companies

Small wastewater companies


4.3� Business Continuity Management duties of ADWEA

4.3.1 ADWEA shall assume the lead, coordinating role for the drinking water and electricity sectors.

4.3.2 In its lead, coordinating role for the drinking water and electricity sectors, ADWEA shall be responsible for:

a) setting a policy for ADWEA Affiliated Entity(ies) to comply with these Regulations;

b) assisting ADWEA Affiliated Entity(ies) to implement these Regulations, as appropriate;

c) setting up an appropriate Government structure for coordinating BCM for the drinking water and electricity sectors; and

d) communicating the status of ADWEA Affiliated Entity(ies) to the Bureau following a Disruption.

4.4 Business Continuity Management duties of ADSSC

ADSSC shall assume the lead, coordinating role for the wastewater sector.

In its lead, coordinating role for the wastewater sector, ADSSC shall be responsible for:

a) organising and coordinating the BCM efforts of all wastewater companies;

b) assisting all wastewater companies with BCM issues, as appropriate;

c) serving as the operational lead for BCM for the wastewater sector and reporting on sector issues, concerns, and progress to the Bureau; and

d) reporting to the Bureau following a Disruption in the wastewater sector.

4.5 Business Continuity Management duties of Licensees

Each Licensee shall implement these Regulations as outlined in Part 3 of this document.


5Documentation

5.1 Business Continuity Management documentation

5.1.1 Licensees shall document all information required in these Regulations.

5.1.2 Licensees shall make available their Business Continuity Programme information and related records to the Bureau upon request.



Business Continuity Management Review Panel 6

6.1 Establishment of the Review Panel

6.1.1 These Regulations establish a BCM Review Panel as an advisory body specific to the development and maintenance of these Regulations.

6.1.2 The chairman of the Review Panel shall convene the Review Panel within three months of the date these Regulations were issued.

6.2 Role of the Review Panel

6.2.1 The role of the Review Panel is to advise the Bureau on issues with the potential to disrupt critical drinking water, wastewater, and electricity operations. The Review Panel is intended to be an advisory body with oversight of the drinking water, wastewater, and electricity sectors.

6.3� Review Panel membership

6.3.1 The chairman of the Review Panel shall be a representative of the Bureau for the first 2 years following the inaugural meeting and include members from the following organisations:

a) the Bureau;

b) Abu Dhabi Energy Authority;

c) Abu Dhabi Water and Electricity Authority (ADWEA);

d) Abu Dhabi Water and Electricity Company (ADWEC);

e) Environment Agency – Abu Dhabi (EAD);

f) Abu Dhabi Transmission and Despatch Company (TRANSCO);

g) Abu Dhabi Distribution Company (ADDC);

h) Al Ain Distribution Company (AADC);

i) Abu Dhabi Sewerage Services Company (ADSSC);

j) Wastewater Licensees (Representative Number);

k) Emirates Nuclear Energy Corporation (ENEC); and

l) Production companies (representative number).


6.3.2 The following Federal organisations, among others, shall be consulted as appropriate:

a) Critical Infrastructure and Coastal Protection Authority (CIPCA);

b) Federal Authority for Nuclear Regulation (FANR):

c) Abu Dhabi Gas Industries Limited (GASCO);

d) National Emergency Crisis and Disasters Management Agency (NCEMA);

e) National Electronic Security Authority (NESA).

6.3.3 Each Review Panel member organisation may nominate one or two representatives to sit on the Review Panel.

6.3.4 Any person nominated to sit on the Review Panel must be:

a) qualified and competent; and

b) have the necessary authority to undertake any actions on behalf of the organisation they represent or make representations to their senior executive management to undertake such actions as may be needed to comply.

6.4 Review Panel rules

6.4.1 The Review Panel shall set its own rules and procedures for conducting its business.

6.4.2 The Review Panel’s rules and procedures shall be approved by the Bureau.


Review of Bureau decisions 7

7.1 Application for review

7.1.1 An application to review a decision by the Bureau under these Regulations must be made in writing to the Bureau and submitted with supporting documents.

7.2 Bureau request for information

7.2.1 The Bureau may request, from any Licensee making an application for review under this Part 7, any information or documentation it considers reasonable and necessary in the circumstances and the Licensee must provide such information within the period specified by the Bureau.

7.3� Bureau decision

7.3.1 The Bureau shall notify the Licensee which made the application for review of its decision.

7.3.2 The Bureau may:

a) make any decision it sees fit in the circumstances; and/or

b) issue directions as it sees fit to the Licensee which made the application for review.

7.3.3 Any decisions or directions issued by the Bureau are binding on the Licensee which made the application for review.

7.3.4 Failure to comply with decisions or directions issued by the Bureau under this Part 7 shall be considered as a failure to comply with these Regulations.



Failure to comply with Regulations 8

8.1 Compliance and enforcement

8.1.1 Failure to comply with these Regulations (or any part herein) may be deemed as contrary to Law No (2) and/or a direct violation of a Licence as issued by the Bureau.

8.1.2 The Bureau may enforce these Regulations in accordance with:

a) its powers under Law No. (2);

b) the conditions of any relevant Licence; or

c) any other legislative or regulatory instrument conferring such authority upon the Bureau.

8.1.3 In case of failure to comply with these Regulations, the Bureau may take any remedial or corrective action within its authority to:

a) remediate specific non-compliance;

b) ensure future compliance; and/or

c) ensure that any relevant person or Entity discharges their respective responsibilities under these Regulations in a manner which is consistent with the overarching goal of ensuring the safe and efficient supply of water, wastewater, and electricity services within the Emirate of Abu Dhabi

8.2 Reporting failures

8.2.1 Any failure to comply with these Regulations (or any act that may be considered as a failure to comply with these Regulations) must be reported to the Bureau immediately upon discovery.



Governing law 9

9.1 Governing law

9.1.1 These Regulations and the rights and duties of any parties hereunder shall be governed by the laws of the Emirate of Abu Dhabi and the federal laws of the UAE as applied by the courts of the Emirate of Abu Dhabi.

Regulation and Supervision Bureau for the water, wastewater and electricity sector

in the Emirate of Abu Dhabi

PO Box 32800 Abu Dhabi, U.A.E

[email protected]

www.rsb.gov.ae

Septem

ber 20

14

Issued by:The Regulation and Supervision Bureau


Pu

blicatio

n N

o. E

D/R

01/10

1

النسخة العربية متوفرة أيضًا

Th

e Bu

siness C

on

tinu

ity Man

agem

ent R

egu

lation

s for D

rinkin

g W

ater, Wastew

ater and

Electricity Services

The Business Continuity Management Regulations for Drinking Water, Wastewater and Electricity Services(First Edition)

September 2014

Date post:	08-Apr-2020
Category:	Documents
Upload:	others
View:	19 times
Download:	0 times

(First Edition) - rsb.gov.aersb.gov.ae/assets/documents/2086/regsbcm2014en.pdfThe Business...

Documents