NEWS

Proven Compliance Solutions Inc. (PCS) reminds Registered Entities that the deadline of January 1, 2020 is fast approaching for transitioning their North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance programs to meet the latest version of CIP-003. 

As the deadline swiftly approaches for transitioning CIP compliance programs to the meet the new CIP-003-7 cyber security standard requirements, entities will need to document and implement some important changes.  As part of this transition, each program must now incorporate the following:

Policy statements for:

1.     Transient Cyber Assets and Removable Media malicious code risk mitigation.

2.     Declaring and responding to CIP Exceptional Circumstances.

In addition, entities are required to:

1.     Document and implement a Physical Security Controls Plan to protect their low impact BCS and the Cyber Assets, providing electronic access controls for those devices to only those personnel who are deemed to need access.

2.     Document and implement an Electronic Access Controls Plan.

3.     Document all necessary inbound and outbound electronic access for any communications that meet all of the following criteria:

4   Between a low impact BCS and a Cyber Asset outside the low impact facility

4   Using a routable protocol when entering or leaving the low impact facility

4   Not used for real-time sensitive protection or control functions between intelligent electronic devices (note that SCADA communications are not to be considered “real-time sensitive”)

4.     Document and implement a Transient Cyber Asset and Removable Media Plan to mitigate the risk of malicious code to low impact BCS.

PCS believes that developing and implementing your program to transition from CIP-003-6 to CIP-003-7 well in advance of the January 1, 2020 deadline is prudent and has been encouraging and supporting its clients with numerous program updates underway.  Ryan Carlson, CISSP-PSP and PCS Vice President – Critical Infrastructure Protection Services explained, “The time is now to complete transition efforts to CIP-003-7.  Last minute development and implementation carries with it a significantly higher risk of noncompliance.”

PCS CIP staff members have been in the business of CIP program development, implementation, technical procedure writing, staff training, and mock audit/gap analysis projects since the inception of NERC CIP mandatory compliance.  Having two former Regional CIP auditors on staff, PCS CIP team members fully understand the ramifications of CIP compliance and are working with numerous clients in multiple NERC Regions throughout the U.S. and Canada to implement their CIP programs.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide clients with confidence in the compliance status of their organization.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Proven Compliance Solutions Inc. (PCS) is pleased to announce that Ryan Carlson, CISSP-PSP and Mitchell E. Needham, P.E. will be the instructors for the EUCI “NERC Fundamentals and Compliance” and “NERC Critical Infrastructure Protection” courses in Atlanta, Georgia on October 15-17, 2019.

Understanding how to comply with the NERC Reliability Standards often creates anxiety for many newcomers, as companies hire them into new operational environments where the expectation also includes the application of compliance protocols.  Likewise, personnel who have been in the compliance arena for some time can also experience anxiety because the rules are constantly changing, and their concerns heighten over missing those changes and/or knowing how to apply them.  Ryan and Mitchell bring an extensive history of the industry and both NERC CIP and O&P compliance knowledge to these classes.  Understanding and instructing on the interpretation of the standards, vetted by years of real-time operations and compliance work and successful regional audits strengthens Ryan’s and Mitchell’s ability to help attendees understand best practice methods for accomplishing their work effectively and efficiently.

Ryan has over 25 years of experience in Cyber Security, IT project management, network system engineering, and network/server system administration.  His career has been devoted exclusively to assisting clients with their NERC Critical Infrastructure Protection (CIP) compliance program needs since 2008.  Ryan has conducted hundreds of CIP mock audit/gap analysis projects over the last 10 years and participated in dozens of regional CIP audits as an expert advisor, observer, and embedded Subject Matter Expert.  He is actively involved in monitoring the CIP Standards development process by monitoring/attending NERC Critical Infrastructure Protection Committee (CIPC) meetings, as well as numerous NERC/regional CIP user group meetings and conferences.  Ryan is an active member of the NERC CIPC Compliance Input Working Group (CEIWG) and the NERC Supply Chain Working Group.  He is a Certified Information Systems Security Professional (CISSP) and Physical Security Professional (PSP) and holds a Bachelor’s Degree in Economics, International Relations and Marketing from the University of Minnesota.

Mitchell’s industry experience spans over 40 years in the electric power industry, including 28 years with the Tennessee Valley Authority prior to working for NERC.  He is a former NERC Readiness Auditor and Regional Compliance Oversight Liaison for two NERC Regions and received NERC and FERC training in reliability compliance auditing.  He has extensive experience conducting mock audits of BES O&P Reliability Standards with specific expertise in protective relays, process development, power system operations, reliability benchmarking, and compliance management.  Mitchell is a registered Professional Engineer in the State of Tennessee and holds a Master of Science Degree in Electrical Engineering (University of Tennessee - Chattanooga), and a Bachelor of Science Degree in Electrical Engineering (University of Tennessee – Knoxville).

PCS has provided training instructors for EUCI classes since 2018 and encourages industry leaders to consider the value these classes can add to their personnel.  PCS also provides NERC training directly to organizations and can tailor the training, as required, to achieve the most benefit for your organization.

PCS NERC Compliance Consulting Services has an unsurpassed track record in Regional NERC Audit success.  Whether your need for support is in the area of Operations and Planning Standards or Critical Infrastructure Protection Standards for your Utility, Generation Facility, Solar Facility or Wind Facility, PCS provides the technical expertise and program management support you desire.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide you confidence in the compliance status of your organization.

To sign up for these classes visit WWW.EUCI.COM.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Proven Compliance Solutions Inc. (PCS) is celebrating its nine year anniversary in the field of NERC Reliability Compliance Consulting.  PCS has firmly established itself as one of the leading compliance consultants in both the (FERC Order 693) Operations and Planning (O&P) Reliability Standards and the (FERC Order 706) Critical Infrastructure Protection (CIP) Reliability Standards.

PCS was formed in July of 2010 by a team of seasoned electric industry technical experts, former NERC and Regional auditors, and compliance management professionals.  PCS services include audit support and preparation, compliance assessments, mock audits, gap analyses, internal controls, staff training, due diligence support, development and implementation of reliability compliance documentation, including Internal Compliance Programs, and on-call reliability compliance expertise.  PCS supports clients in all regions in both the US and Canada.

PCS supports Registered Entities of all shapes and sizes from small generating sites to the largest Utilities and Reliability Coordinators/Independent System Operators in North America.  PCS clients have received and continue to receive the same excellent care, attention to detail, and timely responses year after year.  When asked about PCS’ support, a long time client responded:

The staff at PCS is very easy to work with.  They are very knowledgeable; they give the right advice, and are available when we need their guidance.”

Crystal Musselman, PCS President and CEO stated: “It is hard to believe how fast the past nine years have come and gone. We have seen an emergence of wind and solar generation that require NERC compliance program support, which has added to our extensive client list.  Year after year we have repeat clients, which demonstrate the confidence they have in our team.  Our staff is committed to educating itself on evolving industry issues so we can continue to provide the quality services that are recognized by both our clients and Regional auditors.”

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Whether you’re a new player, just reaching the threshold requiring NERC registration, or a long standing NERC registered entity, the facts clearly reveal that a strong NERC compliance program is more sustainable, more effective, and far more efficient when it reflects your operations.

When reviewing your policies and procedures for NERC Reliability Standards compliance, do you clearly identify your actual operations or do you see documents that simply regurgitate the NERC Standards with no application to how you perform your business? Compliance procedures and policies that simply regurgitate the Standards may be far less expensive to put in place, but are more costly to maintain and are rarely understood by those tasked with following them. Proven Compliance Solutions Inc. (PCS) firmly believes that operations personnel relate far better to an operations procedure that includes reliability compliance as part of their normal tasks. Compliance should simply be a natural output of good operations and properly developed policies and procedures, which are the key to generating evidence.

PCS staff members have been in the business of NERC O&P and CIP compliance program development, implementation, technical procedure writing, internal controls, staff training, program management, and mock audit/gap analysis projects since the inception of NERC mandatory compliance. PCS develops each of its client’s NERC compliance programs individually, utilizing its team of industry recognized compliance managers, NERC and Regional trained compliance auditors, operations experts, documentation and management specialists, and respected compliance implementation experts. Our team’s expertise, combined with our in-depth industry experience and methodologies, provides each Entity with confidence that their program is being developed appropriately and efficiently.

Another service that PCS has developed is the Standards Compliance intelligence Portal (SCIP). This product is a customized, user friendly, real-time application developed and managed by PCS’ Reliability Compliance Professionals. Users simply log into the web-based portal to view their entity-specific Reliability Standards Under Development, recently Approved Standards and implementation dates, changes to NERC Rules of Procedure, regional criteria and protocols, industry news, as well as hot topics and other reliability compliance related items. PCS team members provide entity-specific comments regarding impacts and recommended actions based on the User’s Region and NERC registrations. SCIP addresses the full range of NERC O&P and CIP Standards.

For information on how PCS can support your NERC Compliance Programs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com.  #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Is your organization looking to hire a NERC Compliance Program Manager?  Proven Compliance Solutions Inc. (PCS) is industry recognized for excellence in North American Electric Reliability Corporation (NERC) Reliability Standards Compliance Consulting Services.

Imagine adding a team of industry recognized compliance managers, NERC and Regional trained compliance auditors, operations experts, documentation management specialists, and respected compliance implementation experts to your organization for about the cost of one full time qualified internal compliance staff member!  PCS was founded to do exactly that for your organization.  Our team’s expertise, combined with our in-depth industry proven methodologies will provide your organization the confidence that compliance is being managed appropriately and efficiently.

PCS staff members have been in the business of O&P and CIP program development, implementation, technical procedure writing, staff training, program management and mock audit/gap analysis projects since the inception of NERC mandatory compliance.  The PCS Program Management Support services leverages our expertise and experience to successfully manage your NERC/Regional compliance program.  Beyond providing a program manager, PCS brings a team of industry experts to your compliance environment.

Services that can be a part of the PCS Program Management Support include:

  • Internal Compliance Program management
  • Tracking and updating of applicable program documents
  • Monthly project matrix updates
  • Self-Certification support and submittal
  • Spot check support
  • Periodic data submittal support
  • Mitigation plan support and submittal
  • Annual RSAW review and updating
  • RSAW development for new Standards or Requirements
  • Training and awareness modules
  • Interface with the Regions and NERC
  • Monitoring NERC and Regional reliability compliance developments
  • Participate in applicable NERC and regional conference calls
  • Regional Portal support NERC Alerts support
  • Other support services as reasonably requested

Support and cooperation from your personnel is essential for successfully managing the compliance program.  The PCS Program Management Support offering is based on an already developed compliance program; however, PCS can also develop a program for you.

Even if your organization is not looking for an outside program management solution, take a moment to learn about the PCS Standards Compliance Intelligence Portal (SCIP).  This portal allows entities to benefit by having access to all NERC/FERC/Regional updates in one place without having to sign up for high cost software licensing fees.

SCIP is a customized web-based portal that is a user friendly, real-time application developed and managed by PCS’ Reliability Compliance Professionals.  Simply log into the web-based portal to view your Entity-specific Reliability Standards Under Development, recently Approved Standards and implementation dates, changes to NERC Rules of Procedure, regional criteria and protocols, industry news, as well as hot topics and other reliability compliance related items.  SCIP addresses the full range of NERC O&P and CIP Standards.

If you and/or your compliance team would like to hear more about PCS or see a SCIP demo, call PCS today!

For information on how PCS canb support your organization's NERC Reliability Standards compliance needs and to request a SCIP Demo, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com.  #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliabiity #SPPorg #ReliabilityFirst #Texas_RE_Inc

Our Services