NERC CIP Compliance Services

Learn More

The Business Challenge

Electric utilities that own, operate, or use the bulk electric system (BES) must comply with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards— or face steep noncompliance penalties. Between fines up to $1 million a day, sanctions, and the rising frequency of cyber attacks on the electric grid, compliance and security are top of mind for IT leaders in the energy sector.

 

Achieving compliance with NERC CIP, which includes 11 standards, about 40 rules, and nearly 100 sub-requirements, is no mean feat. To make matters worse, the standards change often to keep pace with emerging cyber threats affecting industrial control systems (ICS) that increasingly resemble, and converge with, IT systems.

How We Help

Responsible entities include load servicing entities; transmission owners, operators, and service providers; reliability coordinators; balancing and interchange authorities; and generator operators and owners. Such entities must:

  • Identify critical assets
  • Annually assess cyber risks and vulnerabilities
  • Implement firewalls and monitoring tools
  • Establish policies, procedures, and controls over access, configuration management, contingency planning, and event monitoring
  • Document compliance activities

 

For over a decade, Securance has helped responsible entities develop sustainable compliance programs, identify and remediate gaps, and prepare for periodic and investigative audits. Our senior compliance consultants have hands-on experience with leading ICS technologies, including solutions from Honeywell, Ignition, Schneider Electric, Siemens, Miser, and Yokogawa, as well as industry-specific certifications, such as GIAC Global Industrial Cyber Security Professional (GICSP) and Critical Infrastructure Protection (GCIP).

The Securance Difference

  1. Executive-level consultants provide hands-on leadership to ensure every project is a success. Each engagement is led by senior-level consultants with 20 or more years of experience.
  2. Our consultants leverage their experience to maximize efficiency. You can expect a board-ready draft report within one week after our assessment is done.
  3. In our reports, we translate technical findings into business risks that all stakeholders, in and outside of IT, can understand and appreciate.

The Details

Our offerings include:

 

Compliance Gap Assessments

Securance compares policies, procedures, and controls to NERC CIP standards and develops a prioritized remediation plan to meet compliance requirements.

 

Audit Preparation

From documentation to interview prep, getting ready for a NERC CIP audit can be a daunting task. Securance helps subject matter experts (SMEs) gather evidence, prepare for interviews, and know what to expect.

 

Mock Audits

Securance simulates a NERC CIP audit, including interviews and facility inspections. Mock audits prevent negative audit outcomes by teaching SMEs what and what not to do, and by uncovering compliance gaps that can be remediated before the real audit occurs.

 

Cyber Vulnerability Assessments

Paper and active vulnerability assessments identify weaknesses in the electronic security perimeter (ESP) and the security of cyber assets.

Related Services

img
img
img

Our Latest Success

×