NERC CIP

NERC CIP

The North American Electric Reliability Council (NERC) was established to ensure the reliability of the North American bulk power system. One of NERC’s primary responsibilities is the development of standards for power system operation including the Critical Infrastructure Protection (CIP) plan. This set of requirements, which applies to all entities that materially impact the reliability of the power system, identifies the minimum cyber controls and protections that power suppliers and generators must address. Failure to comply with these standards can result in significant penalties and fines.

At Canaudit, we understand the challenges that businesses face when updating their systems to meet stringent regulations. Our compliance assessments can help your organization establish and review existing policies, procedures, and technical controls throughout the enterprise to adhere to NERC CIP standards. We emphasize the need to implement security controls as an ongoing process, rather than focusing on completing the checklists. This allows organizations to be in a continuous state of compliance with minimal operational overhead.

To help fulfill NERC CIP requirements, Canaudit will identify real world threat vectors and demonstrate weak access points. Our compliance assessments document security vulnerabilities affecting organizational access and include practical recommendations to remediate risks that other information technology audit firms miss.

Canaudit serves a variety of utility providers across the nation including oil, natural gas, water and electric services, ensuring security in operations and network integrity. To adhere to strict access control standards (such as SCADA and other industrial control systems) that many networks of these industries require, our consultants undergo a rigorous background screening process.

Adobe_PDF_file_icon_32x32 NERC CIP Standards

Related Services:

Network Penetration Testing and Vulnerability Assessment
IT System Audit and IT Security Review
Web Application Security Assessment
IT Policy and Procedure Review
Physical Security Review
Social Engineering Review