NERC Compliance


Solution & Benefits Lifecycle Related Regulations

ProcessGene™ NERC Software – Introduction

The ProcessGene™ GRC software suite provides a complete solution for NERC compliance. The NERC software is implemented within days, immediately creating compliance visibility and centralized control.

The NERC software establishes an automated workflow that reduces the time and cost of compliance enforcement and eliminates manual labor, maintenance of multiple excel spreadsheets, etc. ProcessGene™’s NERC software is designed for multi-subsidiary organizations, based on our Multi-Org technology.

ProcessGene is acknowledged worldwide as a leading provider of Business Process Management (BPM) software solutions (see Gartner’s report on ProcessGene).

NERC Compliance in a Changing Business Environment

In today’s highly regulated environment, enterprises are increasingly strained by regulatory compliance concerns, while at the same time having to promote the ongoing conduct of business. Executive officers are specifically required to demonstrate capabilities for effective regulatory compliance, and to ensure corporate transparency and visibility into the business.

ProcessGene™ GRC software provides a complete solution for NERC compliance. The NERC software is implemented within days, and uses automation to reduce the time and cost of compliance enforcement.

Compliance Challenge

The North American Electric Reliability Corporation regulation (also known as “NERC”, “NERC CIP”) was introduced by the North American Electric Reliability Corporation, and has been continually maintained and updated to reflect the dynamic changes in business environment. The North American Electric Reliability Corporation regulation is aimed at regulating aspects related to Supervisory Control and Data Acquisition devices and networks (SCADA). The Nuclear Regulatory Commission (NRC), is a related commission for nuclear power. NERC applies to companies that generate, provide, or transmit energy. NERC’s standards are mandatory and enforceable throughout the 50 United States and several provinces in Canada. Any violation of NERC’s standards can result in fines of up to $1 million per day per violation.

Currently, there are nearly 100 NERC standards, amongst which the most common standard is NERC 1300 (an update of NERC 1200). The newest version of NERC 1300 is called CIP-002-1 through CIP-009-2, where CIP stands for Critical Infrastructure Protection. The majority of IT related policies are also among the CIP standards.

All CIP standards require documentation and review of the company’s procedures and policies every year. NERC audits compliance to these standards according to a schedule provided by the organization.

Ensuring compliance with the NERC regulation is an important organizational task, which requires ongoing management of compliance data. The compliance process is continuous and needs to be repeated periodically and closely monitored. Managing officers are personally responsible to maintain the NERC compliance, and this responsibility requires significant management attention and allocation of time and effort. Beyond self assessments or assessments of compensated third parties (such as accounting auditors or regulation consultants), the organization may also confront other external audits, such as NERC, that show little if any tolerance to deficiencies. The ProcessGene credo in this matter is that objective compliance data, maintained by the organization itself, has much higher value than opinions of compensated third parties. We also believe that only an ongoing, continuous process can ensure actual compliance and audit clearance.

Compliance Challenge for Multi-Subsidiary Organizations

Multi-subsidiary organizations are confronting even more complex compliance challenges, due to differences between the business processes and operational characteristics of subsidiaries. Hence, the management and communication of NERC compliance in a multi-subsidiary environment becomes an extremely complex task when managed manually or by tools that are not specifically designed for Multi-Org operations.

NERC Compliance with the ProcessGene™ GRC Software Suite: Solution & Benefits

ProcessGene™ GRC software provides a complete solution for NERC compliance. Our Multi-Org software solution automates the NERC compliance lifecycle and offers the following benefits:

  1. Very fast implementation, the NERC software is up and running within days
  2. The NERC software is based on Multi-Org technology, designed for NERC compliance in multi-subsidiary organizations
  3. The NERC software features full automation of the NERC compliance process using the ProcessGene™ BPM workflow engine, making it the most powerful system in the industry – yet the most intuitive and user friendly
  4. The NERC software features central cockpit with dashboards for data analysis and diagnostics- showing quantitative NERC compliance fulfillment levels
  5. The NERC software features easy and fast access to objective evidence used for external audits
  6. The NERC software features direct connectivity to ERP systems (e.g. SAP / Oracle) and ability to extract and process data in real time, and run automated tests
  7. The NERC software covers not only NERC compliance but also hundreds of other regulations and frameworks – all within the same framework
  8. The most seasoned and comprehensive SaaS (Software as a Service) solution in the GRC domain (see Gartner’s report on ProcessGene)
  9. The NERC software improves the quality of NERC internal audits and self-assessments

ProcessGene™ “Multi-Org” Technology

ProcessGene™ has been a pioneer and global leader in Multi-Org technology. During the past decade we have mastered a unique expertise in providing software solutions to multi-subsidiary organizations worldwide (see Gartner’s report on ProcessGene). Our NERC compliance software has been specifically designed for multi-subsidiary organizations and it features the most comprehensive solution for complex, distributed compliance challenges. Read more about ProcessGene Multi-Org technology.

Screenshots

Project Steps

Process Flowchart

Risk Heat-Map

Risk and Control Dashboards

Controlled vs. Residual Risk Levels

IT Connectivity

Inter-Subsidiary Comparison

Control Dashboards



Continue to: Lifecycle >