NERC CIP Audit and 693; we are ready when you are!
The professionals at PromeroMDR are completely committed to you and your business’ NERC CIP audit success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations. Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned hoping to conceal their methodology and expertise. We don’t prescribe to that philosophy. We believe the best approach is transparent and built on a partnership developed on trust and credibility.
PromeroMDR’s primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence – in any jurisdiction. PromeroMDR specializes in IT security, risk, privacy, governance, cyberspace law and NERC CIP audit compliance leadership solutions and is fully dedicated to global success in these disciplines. We can help your organization too! Our clients come from all business sectors across the world.
Comprehensive NERC CIP Audit Services
Once a company has made the decision to enlist a third party to provide a service, they want assurances that those services will be provided timely, accurately and securely. A NERC CIP audit or 693 based audits shows your commitment to maintaining a sound control environment that protects your client’s data and confidential information.
PromeroMDR’s NERC CIP services are designed to serve the needs of North American bulk power system covered entities in regard to CIP compliance. PromeroMDR offers a complete range of services built around the key areas of CIP compliance standards:
NERC CIP Audit Overview :
- NERC CIP-002: Critical Cyber Asset Identification
- NERC CIP-003: Security Management Controls
- NERC CIP-004: Personnel and Training
- NERC CIP-005: Electronic Security Perimeter
- NERC CIP-006: Physical Security of Critical Cyber Assets
- NERC CIP-007: Systems Security Management
- NERC CIP-008: Incident Reporting and Response Planning
- NERC CIP-009: Recovery Plans for Critical Cyber Assets
- NERC CIP-010: Configuration Change Management and Vulnerability Assessment
- NERC CIP-011: Information Protections
It is crucial for electric utilities to be prepared for malicious attacks and internal actions that could negatively affect their operations and organization. Utilities must consider how they are being logically and physically accessed in order to optimize their security approach. While utilities have a reputation for engineering just about everything, they often treat security programs and systems as “add-ons”. This approach only ensures that the expenditures are more costly and far less effective and have a shorter operational life cycle.
You will immediately appreciate the PromeroMDR Proactive Cyber Security™ NERC CIP audit methodology.
To ensure effective regulatory compliance to the NERC CIP audit standards, and to enhance their risk management programs, Information Technology, Physical and Personnel Security programs and Business Continuity should be engineered into literally every project and operational processes so that actual use of these practices in daily functions strengthens the security of the utility while supporting safe and secure operations. In short, they should be built into the very infrastructure of utility operations whether it is a Systems Operations Control Center, Substation or Generation Facility.
What to Expect
- PromeroMDR’s NERC CIP audit process initially takes just a few weeks from start to completion to baseline your organization depending on your team’s availability. We are cognizant that our clients have full time, everyday obligations in addition to dealing with auditors so we are flexible to your needs and work around your schedule to provide a quality audit and report in the time frame you desire.
- A significant differentiator you will immediately appreciate is our Proactive Cyber Security™ NERC CIP audit methodology which take a continuous audit approach rather than the end of reporting period Audit Anarchy approach by other firms. We will also utilize our proprietary IT Audit Machine technology to set you up for success. The IT Audit Machine is a full-featured and highly collaborative assessment and reporting tool only available from PromeroMDR.
- PromeroMDR creates sustainable NERC CIP audit partnerships with our clients. We have a proven methodology and project plan that helps our clients achieve compliance on budget and on schedule. You will come to appreciate our Service, Integrity and Reliability which will be apparent to you from the very first call.
You don’t just get certified, you get PromeroMDR certified!
The Federal Energy Regulatory Commission (FERC) designated NERC the ERO in accordance with Section 215 of the Federal Power Act, enacted by the Energy Policy Act of 2005. Upon FERC’s approval, NERC’s Reliability Standards became mandatory within the United States. These mandatory Reliability Standards include NERC CIP audit standards 001 through 011, which address the security of cyber assets essential to the reliable operation of the electric grid. To date, these standards (and those promulgated by the Nuclear Regulatory Commission) are the only mandatory cyber security standards in place across the critical infrastructures of the United States.
Through the successful completion of hundreds of audits around the world for organizations of all sizes, PromeroMDR has developed an efficient methodology and proprietary assessment protocols to evaluate the controls in place at your organization.
Leveraging the Continuum GRC IT Audit Machine, Security Trifecta methodology and the Policy Machine, PromeroMDR provides international standards that are recognized as “Best Practices” for developing organizational security standards and controls that support NERC CIP audit certifications.