NERC CIP Supply Chain Management

Case Study Staffing

A gas and electric utility leverages our Staffing solution to help them meet industry compliance standards. 

SITUATION

In order to meet an approaching compliance deadline, a Fortune 500 gas and electric utility company, was seeking a strategic partner to help execute the vendor risk management and procurement objectives of new industry guidelines. NERC CIP standards were recently modified to include new guidelines for electric power and utility companies to reduce the risk of a cybersecurity incident affecting the reliable operation of the Bulk-Power System (CIP-013). This new standard includes security controls for supply chain management for industrial control system hardware, software, and services associated with bulk electric system operations. Due to our proven past performance with this client, we were chosen as an exclusive partner to support this initiative.

SOLUTION

We deployed a team of cybersecurity analysts and a regulatory subject matter expert that developed IT policies and procedures and created KRI/KPI metrics to engage with vendors that measured compliance with associated policies and procedures. Additionally, our team executed third party cyber risk assessments across hundreds of vendors and contractors. The team completed an average of 30 assessments per month. Our project team utilized RSAM GRC for automation and continuous risk monitoring of critical information assets and systems.

30 Third Party Cyber Risk Assessments Completed Per Month

RESULT

NERC CIP standards carry severe penalties and noncompliance would have exposed a major financial risk for our client. Our ability to rapidly stand up a project team and create and execute a plan to meet their strict deadline enabled our client to avoid significant monetary penalties and enforcement actions by NERC.