We analyze your current operations against the NERC CIP Version 3 and Version 5 Standards to assess low, medium, or high risk categorization and develop a supporting Bulk Electrical System Cyber Asset Report.
Back to the Top
We provide an in-depth analysis of your current policies and procedures, cross-walk against applicable NERC Standards, provide a gap analysis, and recommend strategies to improve and assist in policy and procedure development.
We conduct a thorough review of compliance packages (e.g., RSAWs, procedures and compliance evidence) to ensure your readiness for planned and spot audits.
We analyze your unique business and operational environment, and utilize applicable NERC Standards to develop complimentary compliance controls (e.g., schedules, dashboards, reports) for management monitoring and decisions.
We prepare or review your ICP to ensure alignment with FERC’s compliance and enforcement policy statements and NERC’s 13 question pre-audit survey.
We conduct Regional Entity CMEP monitoring and notifications of required compliance activities, provide insight and advice for Registered Entity actions with respect to NERC Standards voting, and offer customized services to meet your support requirements.
We prepare NERC audit packages based on registered functions, including RSAW response development, evidence compilation, NERC 13 question survey preparation, and entity auditor introduction presentation formatted for electronic presentation. We stand with you during the audit process and provide immediate support.
We analyze your operational and/or business network architecture via device discovery, vulnerability assessments, and policy reviews. This analysis provides the basis for overarching security recommendations and optimization planning that will create or update your cyber security program, allowing you to implement network defense and protect recommendations, risk assessments and emergency management planning.
We provide in-depth analysis of software (source code), hardware and firmware components of technology and technical infrastructure implementations. Our greatest experience is in testing IT and Telecom infrastructure products, but can also assess other specialized technology solutions that must be free from malware or other exploitable vulnerabilities. This methodology goes beyond the standard Common Criteria and Capability Maturity Model frameworks, and is intended to be continuously executed throughout the full lifecycle of supported systems/infrastructures, to include ongoing analysis of software patches and new releases, and hardware/firmware updates or changes.
We prepare and deliver individual or group, leadership and NERC Standards and Internal Compliance Program training. Conduct of remote or on-site training. Host off-site training curriculum with records management and prompts for pending expiry of training due dates, complete with routine reports.