top of page
Image (7).png

National Electric Reliability Corporation (NERC CIP)

Electric utilities that own, operate, or use the bulk electric system (BES) must comply with the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards— or face steep noncompliance penalties. Between fines up to $1 million a day, sanctions, and the rising frequency of cyber attacks on the electric grid, compliance and security are top of mind for IT leaders in the energy sector.

Achieving compliance with NERC CIP, which includes 11 standards, about 40 rules, and nearly 100 sub-requirements, is no mean feat. To make matters worse, the standards change often to keep pace with emerging cyber threats affecting industrial control systems (ICS) that increasingly resemble, and converge with, IT systems.

How We Can Help

Responsible entities include load servicing entities; transmission owners, operators, and service providers; reliability coordinators; balancing and interchange authorities; and generator operators and owners. Such entities must:

  • Identify critical assets

  • Annually assess cyber risks and vulnerabilities

  • Implement firewalls and monitoring tools

  • Establish policies, procedures, and controls over access, configuration management, contingency planning, and event monitoring

  • Document compliance activities

For over a decade, Securance has helped responsible entities develop sustainable compliance programs, identify and remediate gaps, and prepare for periodic and investigative audits. Our senior compliance consultants have hands-on experience with leading ICS technologies, including solutions from Honeywell, Ignition, Schneider Electric, Siemens, Miser, and Yokogawa, as well as industry-specific certifications, such as GIAC Global Industrial Cyber Security Professional (GICSP) and Critical Infrastructure Protection (GCIP).

Our offerings include:

Compliance Gap Assessments

Securance compares policies, procedures, and controls to NERC CIP standards and develops a prioritized remediation plan to meet compliance requirements.

Audit Preparation

From documentation to interview prep, getting ready for a NERC CIP audit can be a daunting task. Securance helps subject matter experts (SMEs) gather evidence, prepare for interviews, and know what to expect.

Mock Audits

Securance simulates a NERC CIP audit, including interviews and facility inspections. Mock audits prevent negative audit outcomes by teaching SMEs what and what not to do, and by uncovering compliance gaps that can be remediated before the real audit occurs.

Cyber Vulnerability Assessments

Paper and active vulnerability assessments identify weaknesses in the electronic security perimeter (ESP) and the security of cyber assets.

THE SECURANCE DIFFERENCE

Executive-level consultants provide hands-on leadership to ensure every project is a success.

Senior resources with 20 or more years of experience don’t just lead engagements; they execute them from cradle to grave.

Icon (4).png

We speak two languages, business and IT, and use our fluency to translate technical findings into business risks.

Our reports and recommendations are in plain English, not IT jargon, that all stakeholders can understand and appreciate.

Icon (5).png

Securance is the only IT security firm that uses artificial intelligence to enhance its approach to identifying risks and vulnerabilities.

Our proprietary AI technology predicts security and control failures, compliance gaps, and even data breaches.

Icon (6).png
bottom of page