NERC CIP Compliance Lifecycle
The NERC CIP compliance lifecycle includes the following steps, all automatically enacted by the ProcessGene™ GRC Software Suite:
Lifecycle step |
NERC CIP activity |
|
NERC CIP context establishment |
- Definition of NERC CIP compliance related business processes
- Delineation of process diagrams (optional)
- Definition of assets within the NERC CIP scope
- Standardization and documentation of NERC CIP regulations, policies and procedures
|
|
Risk identification |
- Risk description, identification of risk stakeholders
- Risk classification and determination of heat-maps
- Risk assessment and measurement
- Determination of Key Risk Indicators (KRIs)
- Risk tolerance determination
|
|
Control determination |
- Definition of controls to mitigate identified NERC CIP risks
- Assignment of NERC CIP control owners
- Scheduling and monitoring NERC CIP control execution
- Assessment of residual risk levels
|
|
Requirement management |
- Requirement definition
- Automated requirement workflow management
- Requirement fulfillment monitoring
|
|
NERC CIP audit and remediation |
- Definition and scheduling of NERC CIP audit plans
- Definition of mechanisms for testing ongoing NERC CIP compliance
- Collection, analysis and storage of NERC CIP audit results
- Remediation plan definition, execution and follow-up
|
|
NERC CIP related incident management |
- Incident recording
- NERC CIP related incident handling (using scheduled workflows)
- NERC CIP related incident analysis and reporting
- Incident monitoring and follow-up
|
|
NERC CIP certification |
- Hierarchal NERC CIP certification process determination
- Establishment of an automated NERC CIP certification process
- Monitoring and reporting NERC CIP certification status
- Archiving NERC CIP certification history
|
|
Multi-Org management |
- Determination of a global NERC CIP compliance baseline with mandatory components
- Establishing a workflow for examining local (subsidiary) variants
- Enforcement of enterprise guidelines, regulations and frameworks within subsidiaries
- Control NERC CIP compliance level both locally (per subsidiary) and globally from a central HQ cockpit
|
|
|
|
The ProcessGene™ NERC CIP Software UsersThe ProcessGene™ NERC CIP compliance software provides value to the following users:
- C-level management (CEO, CFO, CIO, CRO, COO)
- Board of directors
- Compliance officers
- Internal auditors
- NERC CIP compliance managers
Continue to: Related Regulations >
|