
Compliance
As technology becomes more advanced, regulations become more complicated.
Electric utilities that own, operate, or use the bulk electric system (BES) must comply with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards— or face steep noncompliance penalties. Between fines up to $1 million a day, sanctions, and the rising frequency of cyber attacks on the electric grid, compliance and security are top of mind for IT leaders in the energy sector.
Achieving compliance with NERC CIP, which includes 11 standards, about 40 rules, and nearly 100 sub-requirements, is no mean feat. To make matters worse, the standards change often to keep pace with emerging cyber threats affecting industrial control systems (ICS) that increasingly resemble, and converge with, IT systems.
Responsible entities include load servicing entities; transmission owners, operators, and service providers; reliability coordinators; balancing and interchange authorities; and generator operators and owners. Such entities must:
For over a decade, Securance has helped responsible entities develop sustainable compliance programs, identify and remediate gaps, and prepare for periodic and investigative audits. Our senior compliance consultants have hands-on experience with leading ICS technologies, including solutions from Honeywell, Ignition, Schneider Electric, Siemens, Miser, and Yokogawa, as well as industry-specific certifications, such as GIAC Global Industrial Cyber Security Professional (GICSP) and Critical Infrastructure Protection (GCIP).
Our offerings include:
Securance compares policies, procedures, and controls to NERC CIP standards and develops a prioritized remediation plan to meet compliance requirements.
From documentation to interview prep, getting ready for a NERC CIP audit can be a daunting task. Securance helps subject matter experts (SMEs) gather evidence, prepare for interviews, and know what to expect.
Securance simulates a NERC CIP audit, including interviews and facility inspections. Mock audits prevent negative audit outcomes by teaching SMEs what and what not to do, and by uncovering compliance gaps that can be remediated before the real audit occurs.
Paper and active vulnerability assessments identify weaknesses in the electronic security perimeter (ESP) and the security of cyber assets.
As technology becomes more advanced, regulations become more complicated.
IT risk is a major concern for any organization, public or private. To protect your data, your reputation, and your bottom line, you need an effective, dynamic IT risk management strategy.
Business leaders hesitate to invest in governance because they think of it as an optional expense. IT leaders resist governance because they assume it will result in micromanagement. However, when properly designed and implemented, IT governance makes life easier for both sides.