NERC COMPLIANCE SERVICES
Sometimes it can seem so overwhelming. The task of achieving compliance with enforceable or soon to be enforceable NERC and Regional Entity Reliability Standards is difficult, to say the least. We should know as we have been helping organizations consisting of investor-owned utilities, municipal power systems, independent power producers, Rural Electric Cooperative and G&Ts, and public power agencies wade through the NERC mandatory requirements for over a decade.
Our team of experts are:
- Former Regional Entity NERC and FERC auditors
- Former utility compliance officers and chief information security officers.
- Team members from the NERC 2003 Blackout Investigative Team
- Previous members of Standard Development Teams
- Members and/or chairs of various NERC, SERC, and WECC committees and subcommittees
- Active participants in the development of the NIST Cybersecurity Framework (CSF)
- Developers of the Department of Energy (DOE) Cybersecurity Capability Maturity Model (C2M2)
We know the NERC standards inside and out. It is our specialty and our subject matter experts have more hands-on experience than any other consulting firm in North America. If you are looking for expert assistance in assuring your organization has a sustainable NERC compliance program and is capable of fully addressing their compliance obligation, then look no further than Archer!
With over 300 actual NERC Operations and Planning (O&P) and Critical Infrastructure Protection (CIP) audits performed as auditors for a compliance enforcement agent (CEA) all over North America, we have the experience and working knowledge to help you and your organization. Our NERC Compliance Services department offers assistance covering NERC O&P and CIP Reliability Standards and includes, but is not limited, to the following:
- Audit Interview Training – Provide training to client personnel to help them prepare for interviews and questions that are likely to be posed during a NERC/Regional Entity audit.
- Audit Support (during actual audit) – Assist client in gathering data and answering auditor’s questions during the NERC/Regional Entity on-site/off-site audit.
- BES Cyber Asset Inventory validation – Provide analysis of a utilities BES Cyber Assets to assure that they have been properly categorized.
- BES Cyber System Identification Workshops – Facilitate a workshop with key subject matter experts to develop a list of BES Cyber Systems using a methodology that is aligned with the expectations of the Regional Entity and FERC CIP auditors.
- CIP-002-5.1 Assessment Methodology validation – Review a utilities methodology being used to determine facility high, medium and low rankings and categorizing of Cyber Assets.
- CIP-014 top to bottom consulting, assessments & testing – Provide consulting and assessment services that meet all the requirements within the CIP-014 Standard.
- Cyber Asset Inventory walk-downs and/or validation – Help utilities build or validate an inventory of all Cyber Assets located in the High, Medium and Low facilities.
- Documentation only reviews – Review client’s compliance documentation and develop recommendations for additions and modifications to comply with NERC and Regional Entity requirements.
- Enforcement settlement consultation and support – Assist client in preparing for a settlement hearing and negotiating a settlement with the Regional Entity following receiving notification of an alleged violation.
- Evidence Preparation Training – Provide training on the appropriate form and content of evidence to be presented and the correct style and guidelines for writing within Reliability Standard Audit Worksheets (RSAWs)
- Gap Analysis – Review client’s compliance documents and procedures to identify gaps with respect to complying with NERC and Regional Entity Reliability Standards.
- Inherent Risk Assessments (IRA) – Conduct risk assessments covering Generation, Transmission, Load, Planning, Operations, Events, Changes to the System, and Agreements and/or review Regional Entity final IRA of client and provide findings and recommendations to correct any gaps found and identify Reliability Standards that pose the highest risk.
- Internal Compliance Program Development – Review client’s functional responsibilities and assist in developing an internal compliance program that meets or exceeds FERC, NERC, and Regional Entity compliance requirements/expectations. Provide recommendations on staffing, structuring, and organizing the internal compliance function. Ensure that the ICP has all the necessary attributes.
- Internal Controls Evaluation (ICE) – Evaluate client’s controls for identified risks and associated Reliability Standards identified in the IRA and provide findings and recommendations to client’s regarding their controls.
- NERC CIP-008 and CIP-009 facilitated exercises – Help develop exercise scenarios that best test the utilities capabilities to follow its NERC CIP incident response and recovery plans.
- Procedures and Programs – Assist client in developing and implementing formal procedures and programs that are necessary to demonstrate compliance and achieve sustained compliance. Prepare training material and assist client in training all applicable personnel regarding procedures that they are responsible for following.
- RSAW preparation (review, re-write or creation) – Assist client in either reviewing prepared RSAW write-ups and providing recommendations for improvement, or creating prepared RSAWs based on information and evidence provided by client.
- Mock Audits – Perform a confidential internal audit of the client’s implementation of its functional responsibilities to help the client prepare for NERC and Regional Entity compliance audits.
- Version transition planning – Provide consulting services and planning to support a transition from a previous NERC Operation & Planning or CIP Standard to a new one.