CIP Version 3 to Version 5 transition
We analyze your current operations against the NERC CIP Version 3 and Version 5 Standards to assess low, medium, or high risk categorization and develop a supporting Bulk Electrical System Cyber Asset Report.
Back to the Top
Policy and Procedure Review/Development
We provide an in-depth analysis of your current policies and procedures, cross-walk against applicable NERC Standards, provide a gap analysis, and recommend strategies to improve and assist in policy and procedure development.
Back to the Top
Compliance Audit Readiness Review
We conduct a thorough review of compliance packages (e.g., RSAWs, procedures and compliance evidence) to ensure your readiness for planned and spot audits.
Back to the Top
Compliance Controls Development
We analyze your unique business and operational environment, and utilize applicable NERC Standards to develop complimentary compliance controls (e.g., schedules, dashboards, reports) for management monitoring and decisions.
Back to the Top
Internal Compliance Plan (ICP) Development
We prepare or review your ICP to ensure alignment with FERC’s compliance and enforcement policy statements and NERC’s 13 question pre-audit survey.
Back to the Top
Regional Compliance Monitoring
We conduct Regional Entity CMEP monitoring and notifications of required compliance activities, provide insight and advice for Registered Entity actions with respect to NERC Standards voting, and offer customized services to meet your support requirements.
Back to the Top
Audit Package Preparation Assistance
We prepare NERC audit packages based on registered functions, including RSAW response development, evidence compilation, NERC 13 question survey preparation, and entity auditor introduction presentation formatted for electronic presentation. We stand with you during the audit process and provide immediate support.
Back to the Top
Cyber Security Program Development
We analyze your operational and/or business network architecture via device discovery, vulnerability assessments, and policy reviews. This analysis provides the basis for overarching security recommendations and optimization planning that will create or update your cyber security program, allowing you to implement network defense and protect recommendations, risk assessments and emergency management planning.
Back to the Top
Product Security Assessments
We provide in-depth analysis of software (source code), hardware and firmware components of technology and technical infrastructure implementations. Our greatest experience is in testing IT and Telecom infrastructure products, but can also assess other specialized technology solutions that must be free from malware or other exploitable vulnerabilities. This methodology goes beyond the standard Common Criteria and Capability Maturity Model frameworks, and is intended to be continuously executed throughout the full lifecycle of supported systems/infrastructures, to include ongoing analysis of software patches and new releases, and hardware/firmware updates or changes.
Back to the Top
Training and Education
We prepare and deliver individual or group, leadership and NERC Standards and Internal Compliance Program training. Conduct of remote or on-site training. Host off-site training curriculum with records management and prompts for pending expiry of training due dates, complete with routine reports.
Back to the Top