Program Management

COMPLIANCE PROGRAM MANAGEMENT

Registered Entities now carry the responsibility of maintaining compliance with the NERC and regional reliability standards. With this responsibility comes an enormous investment of time and financial resources. An even greater challenge is finding qualified employees to oversee and understand the complicated process of maintaining a current compliance program within an industry where the standards are still developing and violations come with a hefty price. A Registered Entity cannot risk a faltering internal compliance program or an audit with violations. However, there is a solution that can save a company time, staff resources and thousands of dollars in penalties and violations.  CIP Corps Compliance Monitoring and Reporting Program (CMRP), provides constant compliance monitoring for the Registered Entity and relieves the Registered Entity of many day-to-day compliance responsibilities; such as, internal compliance monitoring, monitoring of regional compliance web portals, preparation and submittal of mandatory compliance reports, monitoring new, and revisions to, reliability standards, monitoring changes to NERC and regional compliance programs and industry updates regarding compliance matters. The CIP Corps CMRP is designed in a modular format and can be custom designed to meet the needs of your company.

PROGRAM INSTANTIATION AND MAINTENANCE

CIP Corps will develop compliant program documentation required of registered entities, proving compliance and in accordance with good utility practices.  CIP Corps will develop procedures and program documents that Registered Entities are required to have for compliance with the NERC and regional Reliability Standards. As an example, CIP Corps can develop the following procedures and programs:

  • Cyber Security Programs, including:

    • Policy

    • Processes

    • Procedures, aka Desk Level Instructions

  • Brightline assessments and Impact Rating Criteria (IRC) Assessments

  • Personnel Programs, including

    • Quarterly Access Record Reviews

    • Annual Access Reviews

    • Revocation Programs and documentation retention

CIP Corps can provide annual review services designed to ensure up-to-date program documentation as required by the standards.

Internal controls is an important component of any compliance program today. NERC and FERC have deemed it a critical component of reliability and have directed Regional Entities to include it within the scope of audit. CIP Corps can help you:

  • Architect an Internal Controls Program

  • Implement effective controls throughout your organization

  • Document Preventative, Detective, and Corrective Controls

  • Prepare audit ready Internal Controls assessment ready for RSAW inclusion.

DOCUMENT AND FILE MANAGEMENT

One of the most crucial parts of any Compliance Program is the ability to prove compliant activities and practices through evidence.  The organization of compliance evidence files CIP CORPS has a broad depth of experience relating to properly cataloged and curated compliance evidence, including structured templates for documenting artifacts of compliance, as well as file structures that can be customized for your organization.