NERC CIP


Solution & Benefits Lifecycle Related Regulations

NERC CIP Compliance Lifecycle

The NERC CIP compliance lifecycle includes the following steps, all automatically enacted by the ProcessGene™ GRC Software Suite:

Lifecycle step NERC CIP activity
NERC CIP context establishment
  1. Definition of NERC CIP compliance related business processes
  2. Delineation of process diagrams (optional)
  3. Definition of assets within the NERC CIP scope
  4. Standardization and documentation of NERC CIP regulations, policies and procedures
Risk identification
  1. Risk description, identification of risk stakeholders
  2. Risk classification and determination of heat-maps
  3. Risk assessment and measurement
  4. Determination of Key Risk Indicators (KRIs)
  5. Risk tolerance determination
Control determination
  1. Definition of controls to mitigate identified NERC CIP risks
  2. Assignment of NERC CIP control owners
  3. Scheduling and monitoring NERC CIP control execution
  4. Assessment of residual risk levels
Requirement management
  1. Requirement definition
  2. Automated requirement workflow management
  3. Requirement fulfillment monitoring
NERC CIP audit and remediation
  1. Definition and scheduling of NERC CIP audit plans
  2. Definition of mechanisms for testing ongoing NERC CIP compliance
  3. Collection, analysis and storage of NERC CIP audit results
  4. Remediation plan definition, execution and follow-up
NERC CIP related incident management
  1. Incident recording
  2. NERC CIP related incident handling (using scheduled workflows)
  3. NERC CIP related incident analysis and reporting
  4. Incident monitoring and follow-up
NERC CIP certification
  1. Hierarchal NERC CIP certification process determination
  2. Establishment of an automated NERC CIP certification process
  3. Monitoring and reporting NERC CIP certification status
  4. Archiving NERC CIP certification history
Multi-Org management
  1. Determination of a global NERC CIP compliance baseline with mandatory components
  2. Establishing a workflow for examining local (subsidiary) variants
  3. Enforcement of enterprise guidelines, regulations and frameworks within subsidiaries
  4. Control NERC CIP compliance level both locally (per subsidiary) and globally from a central HQ cockpit

The ProcessGene™ NERC CIP Software Users

The ProcessGene™ NERC CIP compliance software provides value to the following users:
  1. C-level management (CEO, CFO, CIO, CRO, COO)
  2. Board of directors
  3. Compliance officers
  4. Internal auditors
  5. NERC CIP compliance managers



Continue to: Related Regulations >