DOWNLOAD: Spectra for NERC solution brief >>

NERC CIP
With the upcoming implementation of NERC CIP cybersecurity standards, many electric utilities are finding themselves 'behind the curve' in developing and implementing the programs and policies necessary to ensure compliance. In particular, many power and utility companies are struggling with:

• Understanding NERC CIP - while CIP standards will be set for initial NERC Board approval in May, they are still a 'moving target' and in draft form
• Determining specific requirements - while the current draft of CIP standards is more prescriptive than 1200 standards, significant room for interpretation exists
  
• Creating a control architecture - companies struggle with creating a centralized set of policies and controls that ensure compliance with current NERC 1200 standards, and provide a solid foundation for CIP compliance
  
• Documenting the audit approach - with CIP's new auditing provisions, companies will need to determine approaches and processes for auditing compliance with key policies whoever the auditing body might be
  
• Collecting audit evidence - in preparation for audits, utilities need to create a systematic approach for collecting and documenting audit proof, including assessments and system compliance checks

Business Impact
Even before the implementation of NERC CIP standards, power and utility companies have felt the impact of 1200 cybersecurity standards, SOX and other regulatory mandates and industry standards - NERC CIP will likely only exacerbate the situation, through:

• Increased costs - increasing 'costs of doing business' associated with the creation and management of policies and controls and audit response, whether internally or with the help of external consultants
• Increased risk - increasing business risk due to potential impacts of non-compliance with current NERC CIP standards

DOWNLOAD: NERC CIP and the Compliance Management Challenge >>

The Compliance Spectrum NERC Solution
Compliance Spectrum's NERC solution provides the services and capabilities needed both to achieve and demonstrate compliance with both existing 1200 standards, and to effectively prepare for upcoming CIP standards across SCADA, DCS and corporate networks. Key capabilities of the Compliance Spectrum NERC solution include:

• Regulations and requirements management - identifies gaps between current policies and controls and NERC 1200 and CIP standards
• Controls management (Policy and awareness) - provides an auditable centralized repository for policies and controls, comprehensive templates for 'quick start' programs, and deployment and awareness tracking
  
• Audit management - provides audit point tracking and prep reporting capabilities for internal and external audit activities
  
• Vulnerability and incident management - provides a comprehensive vulnerability database, targeted alerting, and task management and status tracking
  
• Compliance management - supports online assessment and integrated audit point tracking for demonstrable compliance

Compliance Spectrum’s Spectra automates key processes across the IT compliance life cycle.

For more solutions click on the compliance standards below:

Contact us to learn more >>