NERC CIP Audit and 693; we are ready when you are!
The professionals at Continuum GRC are completely committed to you and your business' NERC CIP audit success. Regardless of whether you represent the private sector or the public sector, we stand ready to partner with your organizations. Our competition may want to keep you and your employees in the dark where security, risk, privacy and governance are concerned hoping to conceal their methodology and expertise. We don't prescribe to that philosophy. We believe the best approach is transparent and built on a partnership developed on trust and credibility.
Continuum GRC's primary purpose is to help organizations attain, maintain, and demonstrate compliance and information security excellence - in any jurisdiction. Continuum GRC specializes in IT security, risk, privacy, governance, cyberspace law and NERC CIP audit compliance leadership solutions and is fully dedicated to global success in these disciplines. We can help your organization too! Our client's come from all business sectors across the world.
Comprehensive NERC CIP Audit Services
Once a company has made the decision to enlist a third party to provide a service, they want assurances that those services will be provided timely, accurately and securely. A NERC CIP audit or 693 based audit shows your commitment to maintaining a sound control environment that protects your client's data and confidential information.
It is crucial for electric utilities to be prepared for malicious attacks and internal actions that could negatively affect their operations and organization. Utilities must consider how they are being logically and physically accessed in order to optimize their security approach. While utilities have a reputation for engineering just about everything, they often treat security programs and systems as "add-ons". This approach only ensures that the expenditures are more costly and far less effective and have a shorter operational life cycle.
To ensure effective regulatory compliance to the NERC CIP audit standards, and to enhance their risk management programs, Information Technology, Physical and Personnel Security programs and Business Continuity should be engineered into literally every project and operational processes so that actual use of these practices in daily functions strengthens the security of the utility while supporting safe and secure operations. In short, they should be built into the very infrastructure of utility operations whether it is a Systems Operations Control Center, Substation or Generation Facility.
Assessment modules include:
- NERC CIP-002: Critical Cyber Asset Identification
- NERC CIP-003: Security Management Controls
- NERC CIP-004: Personnel and Training
- NERC CIP-005: Electronic Security Perimeter
- NERC CIP-006: Physical Security of Critical Cyber Assets
- NERC CIP-007: Systems Security Management
- NERC CIP-008: Incident Reporting and Response Planning
- NERC CIP-009: Recovery Plans for Critical Cyber Assets
- NERC CIP-010: Configuration Change Management and Vulnerability Assessment
- NERC CIP-011: Information Protections
You don't just get certified, you get Continuum GRC certified!
The Federal Energy Regulatory Commission (FERC) designated NERC the ERO in accordance with Section 215 of the Federal Power Act, enacted by the Energy Policy Act of 2005. Upon FERC's approval, NERC's Reliability Standards became mandatory within the United States. These mandatory Reliability Standards include NERC CIP audit standards 001 through 011, which address the security of cyber assets essential to the reliable operation of the electric grid. To date, these standards (and those promulgated by the Nuclear Regulatory Commission) are the only mandatory cyber security standards in place across the critical infrastructures of the United States.
Through the successful completion of hundreds of audits around the world for organizations of all sizes, Continuum GRC has developed an efficient methodology and proprietary assessment protocols to evaluate the controls in place at your organization.
Leveraging our proprietary IT Audit Machine ITAM IT audit software, Continuum GRC provides international standards that are recognized as “Best Practices” for developing organizational security standards and controls that support NERC CIP audit certifications.