CIP Version 3 to Version 5 transition

We analyze your current operations against the NERC CIP Version 3 and Version 5 Standards to assess low, medium, or high risk categorization and develop a supporting Bulk Electrical System Cyber Asset Report.

Back to the Top

Policy and Procedure Review/Development

We provide an in-depth analysis of your current policies and procedures, cross-walk against applicable NERC Standards, provide a gap analysis, and recommend strategies to improve and assist in policy and procedure development.

Back to the Top

Compliance Audit Readiness Review

We conduct a thorough review of compliance packages (e.g., RSAWs, procedures and compliance evidence) to ensure your readiness for planned and spot audits.

Back to the Top

Compliance Controls Development

We analyze your unique business and operational environment, and utilize applicable NERC Standards to develop complimentary compliance controls (e.g., schedules, dashboards, reports) for management monitoring and decisions.

Back to the Top

Internal Compliance Plan (ICP) Development

We prepare or review your ICP to ensure alignment with FERC’s compliance and enforcement policy statements and NERC’s 13 question pre-audit survey.

Back to the Top

Regional Compliance Monitoring

We conduct Regional Entity CMEP monitoring and notifications of required compliance activities, provide insight and advice for Registered Entity actions with respect to NERC Standards voting, and offer customized services to meet your support requirements.

Back to the Top

Audit Package Preparation Assistance

We prepare NERC audit packages based on registered functions, including RSAW response development, evidence compilation, NERC 13 question survey preparation, and entity auditor introduction presentation formatted for electronic presentation.  We stand with you during the audit process and provide immediate support.

Back to the Top

Cyber Security Program Development

We analyze your operational and/or business network architecture via device discovery, vulnerability assessments, and policy reviews.  This analysis provides the basis for overarching security recommendations and optimization planning that will create or update your cyber security program, allowing you to implement network defense and protect recommendations, risk assessments and emergency management planning.

Back to the Top

Product Security Assessments 

We provide in-depth analysis of software (source code), hardware and firmware components of technology and technical infrastructure implementations. Our greatest experience is in testing IT and Telecom infrastructure products, but can also assess other specialized technology solutions that must be free from malware or other exploitable vulnerabilities. This methodology goes beyond the standard Common Criteria and Capability Maturity Model frameworks, and is intended to be continuously executed throughout the full lifecycle of supported systems/infrastructures, to include ongoing analysis of software patches and new releases, and hardware/firmware updates or changes.

Back to the Top

Training and Education

We prepare and deliver individual or group, leadership and NERC Standards and Internal Compliance Program training.  Conduct of remote or on-site training.  Host off-site training curriculum with records management and prompts for pending expiry of training due dates, complete with routine reports.

Back to the Top