Manage NERC CIP Risk and Compliance
NERC CIP requirements control cyber assets and infrastructure, such as electronic security perimeters, as well as physical assets. NERC CIP compliance applies to companies – owners, operators, and users – that materially impact" the reliability of our bulk power system. While a compliance failure can be addressed, a cyber incident involving a utility could be disastrous, keeping risk and compliance managers awake at night.
The NERC requires policies for defining, monitoring, and changing the configuration of critical assets, as well as defined, dynamic policies governing access to those assets. Risk and compliance managers must develop standards, provide ongoing risk assessments, plan for business continuity in case of disruption, enforce IT controls, and share important information with different stakeholders around the company.