Part 2 – Governance
Introduction
NERC CIP standards are designed to protect the reliability and security of the North American bulk power system.
Below we discuss NERC CIP best practices practices to help you maintain compliance and minimize the risk of fines or penalties:
Governance
Creating a strong governance for your NERC CIP compliance means you manage your compliance systematically and keep it moving forward and ahead of penalties and non compliance events.
As part of Governance you need to :
Appoint a leader
Appoint a dedicated compliance officer or team responsible for overseeing and implementing the compliance program.
This individual or team should have a thorough understanding of NERC CIP requirements and should be proactive in identifying and addressing potential compliance gaps.
Identify and assign an executive sponsor
Without the right executive level sponsorship, you run the risk of losing the priority you need to ensure your NERC CIP compliance stays on the list of important and ‘above the line’ activities.
If you think of it as the keys to the vehicle and its a privilege not a right to drive then you know that an executive sponsor will help the organization shepherd the program and help it stay aloft. There may end up being more than one executive who supports your efforts but you certainly need a leading executive advocate.
Establish a Compliance Program
Develop a comprehensive compliance program that covers all aspects of NERC CIP regulations.
This program should ensure adherence to the standards.via
- Clear policies
- Procedures
- Controls
- Monthly review meetings
- Quarterly reviews
Critical Success Factors
-Executive support
–Dedicated owner with the right skills, resources to run the program
–Tracking of important schedules & tasks
–Maintaining documentation
–Timely reporting of issues
–Creating a culture of compliance
NERC CIP Best Practices
The four main categories of best practices for NERC CIP compliance include:
Governance
Reconnaissance
