Oil & Gas Security and Compliance
As attention increases on the physical and cybersecurity of the gas and pipeline section, it is essential for responsible entities to assure their infrastructures have an appropriate level of controls in place to protect on-going operations.
Pipeline owners and operators find themselves at a cross roads where volunteer security guidance is expected to be followed and potential mandatory regulatory is in sight. There are many lessons learned to be had from the NERC Reliability Standard but the most important one is “being prepared”.
“Being prepared” is where Archer can really help – our consultants are well-seasoned as they have been where you are now with the NERC CIP Standards when those mandates first hit the electric sector. They have ridden the rollercoaster of challenges that new security standards and requirements present to a utility from all angles. They have been compliance leaders at a utility responsible for implementing the new controls into business areas that are resistant to change, they have been auditors for government (and quasi-government) agencies tasked with assessing utilities for compliance and they have been consulting energy sector utilities for years on how to learn from their experiences.
Even without a push toward potential regulatory mandates, cyber and physical security is a business discipline not to be taken lightly. The ramifications of inadequate security is enormous as demonstrated by recent ransomware events. Archer can make implementations of directives much smoother and help assure you are meeting expectations!
At Archer, we are able to help utilities with their gas and pipeline security by providing significant Industrial Control System (ICS) and information technology (IT) security knowledge and experience toward your security goals
Security & Compliance Strategic Planning
Our clients are looking for the most effective and efficient methods to address their needs:
- Embed compliance into operational processes with minimal impact
- Build security solutions that work and fully address compliance mandates
- Design processes that are easy to follow resulting in consistent approaches
- Develop policies, procedures and job aids that are useful and understandable
- Minimize expenses and maximize results
- Automate processes where possible.
Building security & compliance into operational excellence
Gap assessments are often the quickest way to discover strengths and weaknesses. This can be to address a number of technology environments, security programs, compliance obligations or documentation state, organizational structure or even a strategic plan. Archer customizes our gap assessment based on our client’s needs. The outcome of a gap assessment is a detailed report and can also include other deliverables such as a roadmap to follow for successful remediation, mitigation or implementation plan.
In security and compliance there is always a need to remediate or mitigate an identified or emerging risk. Archer is able to help our clients develop plans and, where needed, do the work to fully address issue or support the project management needs.
Security and compliance never sits still. The environments are in constant flux and require continuous improvement. Archer is able to support our clients in addressing program maturity through direct consultation, hands-on documentation updates, internal training and relevant change management.
It is difficult to staff highly skilled positions. That has never been more true than with security and compliance roles. Archer has highly technical and skilled compliance professionals readily available to support our clients needs. Our team of specialists are well-versed in information technology (IT) and operational technology (OT).
Archer has been supporting the energy sector in preparing for all kinds of regulatory scrutiny from various levels of oversight stemming from local, state and federal agencies. As the Gas & Oil industry matures its security mandates there will be more and more assessments or audits coming. This will demand that your staff be prepared for interviews, delivering demonstrably compliant documentation and able to respond quickly.
Below are a number of links relevant to the Gas & Oil :