NERC CIP Compliance Services

Our team knows NERC CIP like the back of our hands. We have seen it all before. In fact we’ve done just about most of it ourselves. We’ve been the implementers, the control owners, and the auditors. Sometimes it takes an extra set of eyes or a fresh perspective to get it just right.

• Audit Readiness Reviews: Practice makes perfect. Let us audit you so you can find the weak spots before the regulators.

• CIP-010 R3 Vulnerability Assessments: A vulnerability assessment can take time away from your day job. Let us perform the assessment for you.

• Documentation Reviews: Sometimes a second set of eyes on your documentation can make all the difference.

• Gap Assessment & Remediation: We can review your program documentation to find compliance gaps and offer recommendations on industry best practices.

• Program Development & Evolution: If you’re new to NERC CIP, we can help you develop your CIP Program or if you’ve been at it for a while we can help you refine it.

• Training & Awareness: We can help take the burden off of tedious NERC CIP training and awareness requirements.

These are just some of the NERC CIP services we offer. Contact us if there are other areas you are interested in or need help solving a compliance problem.

Information Security Services

Information Security takes more than just the right tools and technologies in place to keep threat actors at bay. The “people” aspect of information security is often an overlooked part of the information security program experience. Let us help you develop a robust culture of security.

• Gap Assessment & Remediation: We can review your program documentation to find gaps in best practices and offer recommendations to fix those gaps.

• Internal Controls Assessment: Assess your internal controls and offer recommendations and improvements.

• Security Assessment: Assess your security program as a whole, or a particular domain, and offer recommendations and improvements.

• Security Program Development: We can help you develop your information security program to the framework of your choice.

• Training & Awareness: We can help take the burden off of tedious information security training and awareness to help reinforce a culture of security.

• vCISO Consulting: We can help with strategic initiatives and assist with planning for the long term.

Risk Management Services

Risk management in terms of information security is a fairly personal affair. Everyone has an opinion on the likelihood and impact of a particular scenario occurring. Let us help facilitate those discussions and steer the conversations.

• Risk Assessments: Whether its for a regulatory obligation or policy compliance, we can facilitate the risk assessment workshops and discussions.

• Risk Management Process Development: Developing the process documentation to the framework of your choice can set you up for success.

• Risk Monitoring: Let us monitor your risks for you, to free up your staff for their day jobs.

• Supply Chain Risk Management: Supply chain and third-party risk management is a vital to help protect your organization from the risks posed by your vendors.