NERC CIP Program Recovery
ScottMadden has helped a number of organizations with their NERC CIP programming efforts. Contact us to learn how we can help support your risk and compliance projects.
At a Glance
Updated Documentation
Developed and updated NERC CIP documentation and trained more than 350 workers on new processes
Achieved Compliance
Helped utility achieve full compliance in the next NERC CIP regulatory audit
Facilitated Program Sustainability
Engaged more than 120 employees and facilitated long-term program sustainability
Challenge
A large electric utility had received an unfavorable audit that pointed to a significant programmatic breakdown and a lack of cultural understating of NERC CIP standards. Significant gaps existed in the organization’s roles and responsibilities to provide governance and oversight for the standards, procedures were not well maintained or did not exist, and the organization relied on manual methods to document and collect evidence. Operating and technical groups did not understand the NERC CIP standards, requirements, or the implications of not complying. Enterprise and business unit leadership were facing tight timelines to respond to audit findings and a situation where repeat issues would not be tolerated by the regulator or the board.
Process
- Developed and updated NERC CIP documentation, including seven technical program documents, 11 new CIP procedures, and more than seven updated procedures
- Developed more than 25 PMs and entered them into Maximo work management tool for recurring CIP requirements; allowed management visibility to oversee ongoing CIP tasks
- Developed eight template job plans with work instructions
- Delivered CIP technical instructor-led training at medium-impact facilities providing direct training to more than 350 workers
- Provided initial training to compliance managers and compliance analysts
Result
- Next NERC CIP regulatory audit contained zero findings for the business unit
- Developed the program in a way that engaged more than 120 employees, and the entire organization (compliance, engineering, cybersecurity, and operations) was able to self-sustain the program
Related Insights
Security Upgrade Project
Case Study
ScottMadden assisted Tennessee Valley Authority, a large nuclear generator, to execute its Security Upgrade Project to comply with the Code of Federal Regulations 10 CFR 73.55 and…
NERC Audit Support
Case Study
An electric utility was preparing for a NERC CIP and O&P audit to take place within the next six months. The utility started to prepare for the audit…
Governance, Risk, and Compliance Initiative
Case Study
A southwest midsized utility that had recently undergone leadership changes desired to increase transparency into its security control and governance processes.
Let’s Work Together
We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.