Tightening of measures with respect to cybersecurity incidents involving individuals

Publication date: October 30, 2023

The current geopolitical context has brought about a marked increase in threats to the company and, consequently, a rise in behavioral cybersecurity incidents. Indeed, though they are often committed without any intent to harm, 70% of the incidents reported within the company are linked to careless behavior on the part of staff or external resources. This situation has caused Hydro‑Québec to review certain rules in the interests of safeguarding the grid. Accordingly, as of October 30, 2023, the five high-risk actions below will no longer be tolerated and may entail disciplinary measures:

  1. Changing the configuration of equipment belonging to Hydro Québec. This includes, without being limited to, modifying the initial configuration; it also includes downloading, installing and using software or applications that are unauthorized or are not listed in the Groupe – Technologies numériques catalogue.
  2. Browsing or visiting unlawful websites using a computer or mobile device belonging to Hydro Québec. This includes sites with explicit content as well as any site defined as unlawful under the laws of Québec and Canada.
  3. Sending or forwarding company documents outside the organization without authorization. This includes, without being limited to, sending company documents to a personal email address or third party as well as using an unapproved cloud service. Please use only the company’s secure tools (FTPS).
  4. Connecting external or removable media to equipment belonging to Hydro‑Québec. This includes, without being limited to, USB keys and hard drives.
  5. Taking digital technology equipment belonging to Hydro‑Québec outside of Québec without authorization. This includes, without being limited to and regardless of context, taking a Windows tablet or computer outside of Québec.

In keeping with the Supplier Code of Conduct and as a Hydro‑Québec external resource, it is your responsibility at all times to know and comply with these cyber security rules in order to ensure company safety and safeguard the integrity of our mission to provide electricity. You are also responsible for making your staff and/or sub-contractors aware of these rules.

Refresh your memory by completing the mandatory self-study module on exemplary cyber security behaviorThis link will redirect you to an external site. in AgiliT (duration: 15 minutes), then sign the newly added commitment form that also recaps the security rules.

Thank you for your cooperation.

How can we help you?

Do you have any questions? Contact us.

Contact us