NERC CIP Compliance Services

Learn More

The Business Challenge

Electric utilities that own, operate, or use the bulk electric system (BES) must comply with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards— or face steep noncompliance penalties. Between fines up to $1 million a day, sanctions, and the rising frequency of cyber attacks on the electric grid, compliance and security are top of mind for IT leaders in the energy sector.

Achieving compliance with NERC CIP, which includes 11 standards, about 40 rules, and nearly 100 sub-requirements, is no mean feat. To make matters worse, the standards change often to keep pace with emerging cyber threats affecting industrial control systems (ICS) that increasingly resemble, and converge with, IT systems.

How We Help

Responsible entities include load servicing entities; transmission owners, operators, and service providers; reliability coordinators; balancing and interchange authorities; and generator operators and owners. Such entities must:

Identify critical assets
Annually assess cyber risks and vulnerabilities
Implement firewalls and monitoring tools
Establish policies, procedures, and controls over access, configuration management, contingency planning, and event monitoring
Document compliance activities

For over a decade, Securance has helped responsible entities develop sustainable compliance programs, identify and remediate gaps, and prepare for periodic and investigative audits. Our senior compliance consultants have hands-on experience with leading ICS technologies, including solutions from Honeywell, Ignition, Schneider Electric, Siemens, Miser, and Yokogawa, as well as industry-specific certifications, such as GIAC Global Industrial Cyber Security Professional (GICSP) and Critical Infrastructure Protection (GCIP).

The Securance Difference

Executive-level consultants provide hands-on leadership to ensure every project is a success. Each engagement is led by senior-level consultants with 20 or more years of experience.
Our consultants leverage their experience to maximize efficiency. You can expect a board-ready draft report within one week after our assessment is done.
In our reports, we translate technical findings into business risks that all stakeholders, in and outside of IT, can understand and appreciate.

The Details

Our offerings include:

Compliance Gap Assessments

Securance compares policies, procedures, and controls to NERC CIP standards and develops a prioritized remediation plan to meet compliance requirements.

Audit Preparation

From documentation to interview prep, getting ready for a NERC CIP audit can be a daunting task. Securance helps subject matter experts (SMEs) gather evidence, prepare for interviews, and know what to expect.

Mock Audits

Securance simulates a NERC CIP audit, including interviews and facility inspections. Mock audits prevent negative audit outcomes by teaching SMEs what and what not to do, and by uncovering compliance gaps that can be remediated before the real audit occurs.

Cyber Vulnerability Assessments

Paper and active vulnerability assessments identify weaknesses in the electronic security perimeter (ESP) and the security of cyber assets.

Related Services

Compliance

As technology becomes more advanced, regulations become more complicated.

IT Risk Management

IT risk is a major concern for any organization, public or private. To protect your data, your reputation, and your bottom line, you need an effective, dynamic IT risk management strategy.

Governance

Business leaders hesitate to invest in governance because they think of it as an optional expense. IT leaders resist governance because they assume it will result in micromanagement. However, when properly designed and implemented, IT governance makes life easier for both sides.

“It’s rare that I can say a third party is a true partner, but in the case of Securance Consulting, they are our partner. It’s a relationship we’ve had for a very long time, and it’s a relationship that we’ll have for many years to come.”

Brian Boettcher

Alta Federal Credit Union

“I would recommend working with Securance any time. I would work with them again in a heartbeat.”

John Watkins

Pioneer Electric

“We continue to work with Securance simply due to the level of expertise that they provide.”

May Porter

Louisville Metro Government