Proven Compliance Solutions personnel have a wealth of NERC Critical Infrastructure Protection (CIP) experience.  Our CIP compliance team includes NERC trained auditors, former CIP committee members (including CIPC), and cyber/physical security specialists, including two Certified Information Systems Security Professionals (CISSPs).  Our personnel have been involved in every aspect of CIP Standards compliance including mock audits, physical/cyber site reviews, vulnerability assessments, and full compliance implementations.  Our team strives to stay current with the continuously changing requirements to ensure our clients sustain full compliance.  Our three primary practice areas are:

CIP Compliance Assessments

CIP Program Development

CIP Implementation and Special Projects


Other CIP-specific services include:

  • CIP Training (one day workshop or customized for your organization)
  • SME Coaching
  • Security Event Logging Solutions
  • Malicious Software Prevention Program and Tools
  • Testing Programs
  • Security Patching Programs
  • ESP (CIP-005) Vulnerability Assessments
  • CCA (CIP-007) Vulnerability Assessments
  • ESP Design, Implementation, and Review
  • Risk-Based Assessment Methodology Review
  • CIP-005/007 Annual Documentation Reviews
  • Cyber Security Awareness Program
  • Cyber Security Training Program
  • Physical Security Perimeter - Access Controls Design and Review
  • Technical Feasibility Exception (TFE) Review
  • Roles and Responsibilities Design/Implementation
  • Cyber Asset Account Management

Contact Proven Compliance Solutions today to find out how our team can help your organization meet your CIP compliance goals.

In order to meet NERC/Regional compliance requirements, electric utilities are forced to manage thousands of documents.  In addition, many regulatory standards require that documentation be reviewed on a semi-annual or annual basis, creating a major challenge for compliance program managers.  Small to medium utilities often struggle with the day to day challenges of supporting an IT infrastructure without a dedicated support professional to keep systems and business critical applications running smoothly.  Our staff understands your challenges and would be happy to discuss the advantages that Microsoft Online Services can bring to your compliance document management program.

As a registered Microsoft Solutions Partner, Proven Compliance Solutions can help you customize a solution that meets your budget and business needs, and allows your personnel to concentrate on running the grid, instead of managing documentation.

The Microsoft Business Productivity Online Suite can provide your organization with the following business critical applications and provide assistance with proper design, implementation and management:

  • Microsoft Exchange Online for email, contacts, and calendar
  • Microsoft SharePoint Online for compliance document management and workflows
  • Microsoft Office Communicator Online for secure instant messaging and presence
  • Microsoft Office Live Meeting for web conferencing

Contact Proven Compliance Solutions to have one of our Microsoft Certified Professionals discuss with you an online Microsoft hosted solution for your compliance documentation management needs.

Imagine applying the combined expertise of industry recognized compliance managers, NERC trained compliance auditors, and highly respected compliance implementation experts in filling the gaps or assisting in the development and implementation of your entire compliance program!  We understand what it takes to achieve compliance that can be measured, maintained, and sustained.  Our decades of combined experience in electric operations and NERC compliance enable us to transform your current day operations protocols into provable compliance documents. 

Will there be adjustments to make?  Absolutely, and we are prepared to assist your subject matter experts in making the transition as smooth as possible.  Having previously worked in many of your employee’s roles, we identify with their concerns and can minimize the negative view often depicting consultants as people trying to change how they have been successfully doing their work for years.  Our goal is to implement successful documentation and provide training that will enhance a culture of compliance without “over-rocking” the boat.  We make no false claims that change is easy or seamless. We do, however, have a history of successful implementation work. 

What does the Proven Compliance Solutions Compliance Program Implementation look like? 

The process begins with NERC trained compliance auditors and expert compliance managers reviewing your current program and supporting documentation.  The output of the review or “gap analysis” is a detailed report which will provide direction aimed at achieving compliance and delivering a positive message of your companies’ “Culture of Compliance.”  The resulting amount of internal development and external development is your choice.  Our ultimate goal is to leverage the strengths and experience of our organization to assist your personnel with sustainable business practices that will ensure ongoing compliance activities.  Throughout the process we are capable of providing everything from development of the compliance documentation (policies, processes, and procedures) to implementation and training of personnel.


Contact Proven Compliance Solutions today to find out how your organization can benefit from compliance implementation services.

Does your company struggle with any of the following questions?

  • What constitutes an acceptable compliance program?
  • What mechanisms do I need in place?
  • How do I organize?  
  • What are all the tasks I need to do, when, and how often?
  • How do I stay on top of all the changes?
  • What training is mandatory, when does it need to happen, where do I find materials?
  • How do I satisfy the auditors and get them off-site quickly?  
  • How do I get buy in from the people doing the work and support from upper management for my program?

These and many other questions are a real part of any compliance program.  Proven Compliance Solutions professional staff can offer your company personal guidance in proper program design, as well as an opportunity to be a part of an ongoing service that provides your organization continuing access to a team of true compliance experts.  Our key difference is personalized service from experts known in the industry for their experience at developing and managing successful compliance programsProven Compliance Solutions ongoing services can also be used to maintain awareness of the constant changes in the rules, current regional audit results, assistance in development of processes / procedures / training, and a primary point of contact to help with interpretation, audit preparation, mitigation efforts, or any other compliance needs that may arise.

Proven Compliance Solutions support provides an excellent value by working alongside you in a manner that “fits” your organization.  Proven Compliance Solutions will improve your compliance programs, relieving much of the stress related to NERC Reliability Standards.

Contact Proven Compliance Solutions today to find out how your organization can benefit from Compliance Program Development services.

Imagine having actual trained NERC auditors teamed up with successful compliance managers, providing you a true perspective on your current state of internal NERC and regional compliance! Proven Compliance Solutions has based its foundation on delivering your organization just that! Having a true understanding from both sides of the audit table ensures your management and subject matter experts that the compliance review provided is accurate, up to date, and will help them better prepare for the regional audits coming to your organization.

Proven Compliance Solutions offers two distinct categories of audit services, but can provide a combination of these two services as appropriate to your situation:

Compliance Assessments: The Proven Compliance Solutions team of utility industry specialists has extensive experience in gap analysis related to NERC Reliability Standards (FERC Orders 693, 706, and 716). This experience includes both Critical Infrastructure Protection (CIP) Standards and Bulk Electric System Standards (including NPIR). Our approach uses a unique combination of NERC published information, including the NERC Reliability Standard Audit Worksheets (RSAWs), our own lists of appropriate documentation, and proof for each Reliability Standard that is to be reviewed. Our team will identify all shortcomings in RSAW responses and evidence provided, and can precisely lead your compliance personnel to the best solution for those gaps. We provide a specialized grading system which allows you to focus your efforts on those areas with the greatest exposure, but also includes items where improvements still can be made to your program. The assessment results may include an overall report card showing each requirement and sub-requirement, a written detailed report identifying exactly what is needed to improve the provability of compliance, and a presentation developed with the appropriate management level for your company. Compliance assessments may be conducted remotely, saving your company travel expenses, or on-site if required by your company policy.

Mock Audits: PCS prides itself on providing an accurate portrayal of the audit experience to its clients. Unlike the actual audit, our on-site teams invite your observation and participation at every level, from the compliance manager to the system operator, so that a total understanding of the audit activities can be achieved. Our deliberations and discussions are open to your participation, and if there are specific focus areas you have identified, we can tailor our approach for added emphasis. Our team does extensive preparation prior to its arrival on-site, and will closely mimic the approach taken by your Regional Entity. We provide on the spot feedback for any and all presentation materials that you plan to use in the actual audit, RSAWs and associated evidence, coaching for subject matter experts on the appropriateness of responses to questions asked by auditors, and a realistic reporting of your likelihood of proving compliance during an actual audit. As with compliance assessments described above, audit results may include a presentation of the results, along with an overall report card for all Reliability Standards that are audited. Proven Compliance Solutions goes beyond document review to include an assessment of your evidence for compliance, the internal processes you have in place to maintain compliance, and your personnel responsible for compliance.

Nuclear Plant Interface Requirements Assessment: PCS understands the importance of accurately assessing your compliance status to NUC-001-2. Our gap analysis process includes a detailed review of NPIR agreements, evidence confirming the required entities are properly informed, and a thorough review to ensure that all the required elements of compliance have been met. If your organization has the responsibility of providing services related to the Nuclear Plant Interface Requirements under FERC Order 716, PCS offers a complete and accurate assessment and can provide assistance with any development needs.

Contact Proven Compliance Solutions today to find out how your organization can benefit from a compliance program assessment.

Our Services