Security

in

Terna has always paid great attention to the various risk factors affecting its resources and the national grid as a whole, by studying and applying up to date solutions to a high technical and organisational level, implemented in the form of Group-wide processes, systems and technologies, but also using procedures and/or guidelines applicable to electricity providers.

To meet the growing demand for safety, Terna implements a broad-based system for identifying, analysing and monitoring Company risks, combined with a major plan of consolidating its technical and organisational security mechanisms.

The initiatives regularly taken are intended to protect the Group's human resources, physical and technological infrastructures, focusing mainly on activities intended to prevent all risks and to manage cases of business fraud. Terna has set up a Security Operations Centre (SOC) with the aim of managing and monitoring critical situations within its operational scope. The SOC can prevent, address and manage safety and fraud-related events, and any emergency situations that may arise.

Terna's security unit adopts the latest best practices in the areas of critical infrastructure protection and security, which are also in line with the current national and European regulatory framework.

Security Operations Centre

In 2012, the number of operative company sites monitored for break-ins and by video-surveillance systems increased significantly, thus now covering most of the most sensitive sites as specified in the agreement with the Ministry of Interior.

In addition to these, we also have the areas involved by sites, which are monitored by systems that can be relocated, also referred to as VideoBoxes.

Overall, by the end of 2012 the system managed the video surveillance of 150 company sites across the Group.

With regard to physical safety operations, jointly with the Carabinieri police force, the portal "Terna - Control Centre Carabinieri" is now fully operational, allowing for the complete integration between the Terna control centre and that of the Carabinieri.

Through this portal, information, images and videos can be exchanged in real time between the SOC control room and the Carabinieri patrol, equipped with "EVA" devices, sending the records from the monitoring room of the control centre, or the data collected on field by the patrols, thereby allowing for a rapid exchange of information in the event of a break-in.

With regard to the monitoring of information security, in 2012 company ICT resources were integrated further (servers, management platforms, etc.) onto the Security Information and Event Management system devoted to monitoring and relating security events on ICT resources. 2012 saw the consolidation of the ICT Security Events management system, in line with international standards such as ISO27001 and in particular ISO27035 with regard to incident management.

Risk Management

Electricity market risk management

In order to analyse the main risks relating to the electricity market, Terna uses an application called SIMM (Security Index Market Monitor), which represents the key performance indicators (KPIs) that allow us to have an overview of the high level of the trend of the electricity market and to readily identify any differences from the threshold limits established in order to analyse potential critical issues and risks.

Additionally, with its Resolution no. 115/08 ("TIMM") regarding the monitoring of the Wholesale Energy and Market for Dispatching Services, the Authority for Electricity and Gas defined the general principles and criteria of market monitoring for the companies Terna, GME and GSE, calling for each of these companies to establish a specific monitoring office.

Electricity market risk management is Terna's monitoring unit, which is responsible for the TIMM data warehouse and sees to the acquisition, organisation and storage of data in order to monitor the volumes and indicators related to the Market for Dispatching Services (MDS).

The activity in question is particularly important under the scope of the Terna incentives scheme envisaged by Authority Resolution no. 351/07 in relation to the procurement of resources for the dispatching service.

During 2012 the new requirements of the AEEG were implemented in accordance with the required deadlines, and were agreed with the same authority. Activities were commenced that are expected to be completed during the course of 2013.

For the second year running, ISO/IEC 27001:2005 certification was obtained on the TIMM implementation process. No non-conformity situations were detected.

Electricity system risk management

Terna is responsible for the efficient, effective and coordinated operation of the entire electrical system, even if it only directly manages the National Transmission Grid. It therefore follows that the share of internal vulnerability, mainly a function of the reliability of the systems and components, can be associated with additional threats due to the inadequate function of the plants connected that are not managed by Terna. The action taken to maintain risk levels at acceptable values is therefore twofold and it uses both investigation and diagnostic tools on electrical system equipment, to prevent failures on the basis of plant monitoring and the monitoring of events observed, and the supervision of the onset of any exogenous events such as breach of the Network Code by plants connected to the National Transmission Grid. Recently, the connection of plants with innovative characteristics, such as those with non-programmable renewable sources, not entirely regulated by the Network Code has required: analyses, studies and agreements with constructors, producers and distribution companies to ensure conditions that will result in amendments and supplements to Terna's instructions for the secure connection to the transmission grid.

Fraud Management

In 2012, the Fraud Management Unit continued with its control of company fraud, taking all actions needed to prevent its occurrence. Under this scope, the company has implemented specific procedures for certain critical processes, which are able to define management methods and criteria focussed on maximising efficiency and effectiveness and preventing unlawful conduct. Together with the activities involved in preventing crime, the Fraud Management Unit also carried out:

  • activities to support the Company's other units, such as in the analysis and assessment of counterparties, so as to limit the risks deriving from transactions with others;
  • compliance activities focusing on cooperating with and supporting the Company's management and its various offices, aimed at ensuring compliance with laws, regulations, procedures, codes of conduct, and best practices, as well as at reducing and/or preventing the risk of sanctions and safeguarding the Company's image.

Supplier qualification

In 2012 the Supplier Qualification Unit carried out a careful analysis of personnel employed by subcontractors and listed on Terna's Supplier Register. Extensive checks were carried out on all personnel declared by subcontractors, when the qualification application was made, in order to verify whether the declared workers had been duly employed for the whole duration of the three-year qualification period. The analysis was intended to lead to a reinforced safety policy, also in the sense of combating the phenomenon of illegal labour, in line with the principles of Terna's General Regulations, which provide that the minimum personnel required for the technical, management and operational divisions are duly and permanently employed as part of the company's workforce, as also mentioned in the Qualification Requirements.

The Supplier Qualification Unit has also carried out a series of increasingly strict controls intended to bring about continuous improvements in overall site safety. These controls include the introduction of a Quality, Safety & Environment Manager for all contract works sectors in which staff training is required, according to Terna specifications. The introduction of the QSA Manager allows the designation of a single contact within the contracting organisation who is responsible for the improvement and correct application of Quality, Safety and Environmental issues, to act as a sole interface in relations with the client company. In connection with the review of qualification requirements in the “Installation of AV cables” sector, training courses have been introduced for workers in the divisions of subcontracting organisations at greatest risk of incident.

During the last quarter of 2012, the project "Review of social and environmental control of the supply chain" was completed in collaboration with the CSR (PA- REC), Planning and financial analysis and Systems procedures and contracts (CA-AA) functions. The aim of the project was to verify the level of coverage offered by the current supplier qualification and procurement procedures of the Terna Group, with regard to the ESG (environmental, social, governance) aspects, and simultaneously identifying room for improvement. The project is part of the priority sustainability objectives for 2012 and responds to the focus on the supply chain. It proposes a series of initiatives intended to reduce the supply chain's ESG risk profile and to improve the quality of procurement.

The new UPQ (Unique Qualification Portal) has now been launched. It integrates the various IT systems involved in the qualification process, such as the AQF portal which handles qualification applications, the PQI application for staff training and equipment, and the section dedicated to contractor monitoring.

Finally, the "Subcontract Management" project has been launched. This is a centralised IT system that enables the management, analysis and continuous monitoring of subcontracts for qualifying sectors, with the aim of reducing the high level of fragmentation of information within the company, in order to organise and consolidate the available data with a view to optimising processes and mitigating employee health and safety risks. On the one hand, the system involves the setting up of a web app on the Qualification Portal, so that data and documents on subcontracts, required by law, can be entered. On the other hand, there will be an analysis dashboard to enable the correlation and comparison of data, which is not usually homogeneous.

Monitoring of the Organisational Model under Legislative Decree 231/2001

During 2012, the Model 231 Control Unit carried out an intensive study of sector regulations and adapted the Organisational Model to the new corporate organisation, by providing, among other things, a dynamic and effective Model able to prevent offences described in Legislative Decree 231.

The Unit has mapped all the risk areas of the Terna Group, and this has enabled not only the updating and adaptation of the parent company's Model, to include the reforms mentioned above (the introduction of Special Section D, governing "Offences against individuals" and the offence of “Employing citizens of third-party countries on irregular work permits") but has also equipped all the subsidiaries with their own Organisational Model tailored to suit their specific requirements.

Finally, in order to ensure that activities conform to laws, regulations and standards, the Model 231 Control Unit continued with the following activities:

  • logging all the relevant regulatory changes and obtaining all the legal reforms that may affect the definition of a policy of preventing criminal offences, ensuring periodic follow-ups on the adequacy of the control system;
  • day by day monitoring of structural changes that could have an adverse impact on the up-to-dateness and effectiveness of the Model;
  • updating of the internal control system to reflect changes that each process owner is required to implement, with the related deadlines;
  • support to all divisions to guarantee adequate advice in terms of interpretational and applicational aspects.

Control of Management Systems

During 2012 Terna obtained, following inspections by the certifying body (IMQ), confirmation of the following certifications: UNI EN ISO 9001:2008, UNI EN ISO 14001:2004, BS OHSAS 18001:2007 and ISO/IEC 27001:2005, the latter with regard to the TIMM applications.

During the year, in order to comply with recent legislation on the subject, support was provided in connection with the implementation of a test laboratory management system, for the instruments used in powered works, as required by the standard ISO/IEC 17025.

In the Environmental field, with regard to the rational use of energy for own consumption, the "Initial Energy Analysis" was carried out across the Terna Group. Three detailed analyses were carried out at the following sites: Viale Galbani (Rome), Via Palmiano (Rome) and San Rocco al Porto (Lodi).

The activities will continue into 2013, in order to implement an energy management system in accordance with the UNI CEI EN ISO 50001:2011 standard. The system will allow the company to implement the processes necessary to analyse energy consumption and put in place plans, targets and energy performance indicators in order to reduce consumption and identify the opportunities for improving energy performance. Subsequently the opportunity will be assessed of having an external body certify the energy management system implemented.

The project named "Context analysis and identification of guidelines for safe behaviours in the workplace" has been completed with the aim of carrying out a full-spectrum safety review in order to identify risks attributable to staff behaviours and factors liable to influence it. Interviews were carried out on 319 staff members and the information obtained was used to compile a national report and several individual reports on each site surveyed, leading to national and local improvement measures.

Following the company restructuring, functional specifications were put in place for the new corporate documentation system, to allow for greater ease of reference, research, and updating of company documents and processes.

During 2012 all the internal auditing activities were carried out on the Management Systems, as planned, including the audits of company sites.

Physical security

In 2012, physical security focused on natural and man-made events threatening the company's physical resources and assets, and on putting in place the technical and organisational measures needed to combat those threats.

In this context it was necessary to formulate a strategic emergency management plan, appropriate for, on the one hand, the context of critical infrastructure and civil protection system and, on the other, the increase in critical incidents liable to trigger emergencies in which the physical safety of assets and continuity of business operations must be guaranteed.

About 140 Fraud Events were recorded in 2012. These incidents required close collaboration with the public prosecutors and police, who immediately made available security measures to protect the company's sites and assets in the event of a critical incident.

21 new anti-intrusion and PSIS video surveillance systems were installed during 2012, to protect the new electrical stations.

With the "lighter" anti-intrusion systems - known as "Videoboxes" usually installed to prevent theft or for site security, 60 devices were installed across the country.

Particular attention was also paid to the ordinary and extraordinary maintenance of the PSIS systems.

The management of the safety of overseas workers is also a particularly important issue. When Terna personnel are transferred or working abroad, they are provided with important information about services and contacts to use in case of need.

As far as emergency management is concerned, the company played an active part in the National Civil Protection Service, in emergency management operations and drills.

Terna played a pro-active role during the year in stimulating the response of the Civil Protection Service at national and regional level.