North American Energy Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) requirements is a set of requirements that provide the energy sector a set of requirements, depending upon their operations – generation, distribution, transmission. These NERC CIP requirements are updated regularly and must be met by all energy sector organizations and facilities.
Who is it for
Any utility organization needs to meet some part of the NERC CIP requirements.
How is it performed
CipherTechs’ auditors review the utility organization’s potential exemptions from portions of NERC CIP prior to starting the compliance assessment. The auditor focuses on the operating and non-industrial control systems (ICS) portion of the operation. The auditor conducts a series of interviews with the client personnel in charge of IT operations, cyber security, application developers, and reviews documentation and evidence to see if the organization has the needed requirements implemented and operational to meet NERC CIP requirements. CipherTechs will issue an audit report for NERC CIP and a client whitepaper for the organization to provide to clients when asked about their NERC CIP compliance.