HOME

Proven Compliance Solutions is more than just our company name. It is, in fact, a statement made with confidence and backed by our team’s successful work to date with over 100 electric utility clients in the United States and Canada. Our client references attest to our successful approach to NERC / Regional audits, our commitment to first-rate, long-term relationships, and our extensive experience spanning all facets of the energy industry. Our company's sole focus is NERC and Regional Compliance, whether assisting in audit preparation, sculpting corporate compliance documentation, or managing ongoing compliance activities for all aspects of NERC compliance including preparation for NERC CIP Version 5/6. PCS also has extensive experience in renewable energy and understands the unique compliance challenges faced by power producers in this rapidly evolving market.

Services include:

  • NERC Compliance Mock Audits – CIP and O&P
  • Internal Controls
  • Gap Analysis
  • Due Diligence
  • Assist in the preparation of Interconnection Agreements
  • Nuclear Plant Interface Requirements Assessments
  • Complete Program Development
  • RSAW Review and Preparation
  • Training
  • Oversight of the OATI webCDMS portal and reporting requirements
  • Internal Compliance Programs
  • Monitor Monthly FERC/NERC/Regional Developments and prepare individualized reports
  • NERC Alert Support

 

Contact Proven Compliance Solutions today to find out how the PCS Team can help your organization with its NERC and regional compliance needs.

Latest News

CIP Low Impact Policies and Plans Developed by Proven Compliance Solutions Inc. Recognized as Best Practices

Proven Compliance Solutions Inc. (PCS) is pleased to announce the recognition of Best Practices for its development of policies, plans and procedures for the NERC Critical Infrastructure Protection (CIP) Reliability Standards CIP-002 Cyber Security - BES Cyber System Categorization and CIP-003 Cyber Security - Security Management Controls.

PCS has developed comprehensive, easy to follow, manageable CIP low impact policies, plans and procedures for its clients that allow site personnel to follow the Requirements and applicable attachments of CIP-002 and CIP-003.  The documents are written so that responsible personnel clearly understand their roles, can easily implement the program, and are able to produce the necessary evidence to prove compliance with the Standards.

During a client’s recent compliance monitoring event, CIP-002 and CIP-003 were in scope.  Following their review, the Regional Entity’s validation letter indicated it found no evidence of non-compliance for the Standards and Requirements, and included in its letter a statement that “… [Entity]’s program demonstrated one of the Best Practices in the region.”  PCS also received recognition from the client who indicated, “Excellent work by PCS on the CIP-002 and CIP-003 procedures and guidance… No violations!  The results speak for themselves.  Thanks again for your high quality of work.”

PCS has written CIP impact assessments and low impact policies and plans for multiple clients and has assisted with their implementation, as well as writing and leading Cyber Security Incident Response table top exercises, and creating awareness materials for dissemination throughout the client’s organization, all with successful outcomes.  Pleasing its clients and providing expert quality work is one of PCS’ highest goals.

In addition to the CIP low impact programs, PCS has also developed medium and high impact programs for its clients.  CIP Reliability Standards compliance is a main focus of the PCS team, along with the Operations and Planning (O&P) Standards.  PCS staff is committed to the success of its clients’ programs and providing guidance, information, and exceptional NERC consulting services that will foster that success.  If you would like to receive more information on how PCS can assist you with your Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

Proven Compliance Solutions Inc. is a privately owned NERC Reliability Standards Consulting Firm specializing in all aspects of compliance to the NERC Reliability Standards.  Collectively, the PCS team has over 300 years of industry experience in literally all aspects of the power system, including generator and transmission system operations, technical writing, marketing, and regulatory compliance, all from an industry standpoint.  PCS is industry recognized for the first-class services and the exceptional care it provides to its clients.  #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

January 2020 Deadline Approaching for Compliance with NERC Reliability Standard CIP-003-7

Proven Compliance Solutions Inc. (PCS) reminds Registered Entities that the deadline of January 1, 2020 is fast approaching for transitioning their North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance programs to meet the latest version of CIP-003. 

As the deadline swiftly approaches for transitioning CIP compliance programs to the meet the new CIP-003-7 cyber security standard requirements, entities will need to document and implement some important changes.  As part of this transition, each program must now incorporate the following:

Policy statements for:

1.     Transient Cyber Assets and Removable Media malicious code risk mitigation.

2.     Declaring and responding to CIP Exceptional Circumstances.

In addition, entities are required to:

1.     Document and implement a Physical Security Controls Plan to protect their low impact BCS and the Cyber Assets, providing electronic access controls for those devices to only those personnel who are deemed to need access.

2.     Document and implement an Electronic Access Controls Plan.

3.     Document all necessary inbound and outbound electronic access for any communications that meet all of the following criteria:

4   Between a low impact BCS and a Cyber Asset outside the low impact facility

4   Using a routable protocol when entering or leaving the low impact facility

4   Not used for real-time sensitive protection or control functions between intelligent electronic devices (note that SCADA communications are not to be considered “real-time sensitive”)

4.     Document and implement a Transient Cyber Asset and Removable Media Plan to mitigate the risk of malicious code to low impact BCS.

PCS believes that developing and implementing your program to transition from CIP-003-6 to CIP-003-7 well in advance of the January 1, 2020 deadline is prudent and has been encouraging and supporting its clients with numerous program updates underway.  Ryan Carlson, CISSP-PSP and PCS Vice President – Critical Infrastructure Protection Services explained, “The time is now to complete transition efforts to CIP-003-7.  Last minute development and implementation carries with it a significantly higher risk of noncompliance.”

PCS CIP staff members have been in the business of CIP program development, implementation, technical procedure writing, staff training, and mock audit/gap analysis projects since the inception of NERC CIP mandatory compliance.  Having two former Regional CIP auditors on staff, PCS CIP team members fully understand the ramifications of CIP compliance and are working with numerous clients in multiple NERC Regions throughout the U.S. and Canada to implement their CIP programs.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide clients with confidence in the compliance status of their organization.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Proven Compliance Solutions Inc. Instructing at the October 2019 EUCI NERC Courses

Proven Compliance Solutions Inc. (PCS) is pleased to announce that Ryan Carlson, CISSP-PSP and Mitchell E. Needham, P.E. will be the instructors for the EUCI “NERC Fundamentals and Compliance” and “NERC Critical Infrastructure Protection” courses in Atlanta, Georgia on October 15-17, 2019.

Understanding how to comply with the NERC Reliability Standards often creates anxiety for many newcomers, as companies hire them into new operational environments where the expectation also includes the application of compliance protocols.  Likewise, personnel who have been in the compliance arena for some time can also experience anxiety because the rules are constantly changing, and their concerns heighten over missing those changes and/or knowing how to apply them.  Ryan and Mitchell bring an extensive history of the industry and both NERC CIP and O&P compliance knowledge to these classes.  Understanding and instructing on the interpretation of the standards, vetted by years of real-time operations and compliance work and successful regional audits strengthens Ryan’s and Mitchell’s ability to help attendees understand best practice methods for accomplishing their work effectively and efficiently.

Ryan has over 25 years of experience in Cyber Security, IT project management, network system engineering, and network/server system administration.  His career has been devoted exclusively to assisting clients with their NERC Critical Infrastructure Protection (CIP) compliance program needs since 2008.  Ryan has conducted hundreds of CIP mock audit/gap analysis projects over the last 10 years and participated in dozens of regional CIP audits as an expert advisor, observer, and embedded Subject Matter Expert.  He is actively involved in monitoring the CIP Standards development process by monitoring/attending NERC Critical Infrastructure Protection Committee (CIPC) meetings, as well as numerous NERC/regional CIP user group meetings and conferences.  Ryan is an active member of the NERC CIPC Compliance Input Working Group (CEIWG) and the NERC Supply Chain Working Group.  He is a Certified Information Systems Security Professional (CISSP) and Physical Security Professional (PSP) and holds a Bachelor’s Degree in Economics, International Relations and Marketing from the University of Minnesota.

Mitchell’s industry experience spans over 40 years in the electric power industry, including 28 years with the Tennessee Valley Authority prior to working for NERC.  He is a former NERC Readiness Auditor and Regional Compliance Oversight Liaison for two NERC Regions and received NERC and FERC training in reliability compliance auditing.  He has extensive experience conducting mock audits of BES O&P Reliability Standards with specific expertise in protective relays, process development, power system operations, reliability benchmarking, and compliance management.  Mitchell is a registered Professional Engineer in the State of Tennessee and holds a Master of Science Degree in Electrical Engineering (University of Tennessee - Chattanooga), and a Bachelor of Science Degree in Electrical Engineering (University of Tennessee – Knoxville).

PCS has provided training instructors for EUCI classes since 2018 and encourages industry leaders to consider the value these classes can add to their personnel.  PCS also provides NERC training directly to organizations and can tailor the training, as required, to achieve the most benefit for your organization.

PCS NERC Compliance Consulting Services has an unsurpassed track record in Regional NERC Audit success.  Whether your need for support is in the area of Operations and Planning Standards or Critical Infrastructure Protection Standards for your Utility, Generation Facility, Solar Facility or Wind Facility, PCS provides the technical expertise and program management support you desire.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide you confidence in the compliance status of your organization.

To sign up for these classes visit WWW.EUCI.COM.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc