Electric Utilities Cannot Afford to be without a Specialized Software Tool to Manage their NERC CIP Compliance

artificial intelligence, brain, think-3382507.jpg

NERC CIP compliance tracking and management is a highly process oriented and extremely data-capture intensive task, requiring the ability to manage large amounts of data and task workflows. Specialized software for management of NERC CIP compliance is essential for the continued long- term success of the CIP program.  Those utilities who choose to customize their existing IT management tools, and those attempting to manage their processes with general collaboration tools, such as MS SharePoint,  are taking huge risks in terms of being able to sustain and manage the life cycle of their CIP.

Here are some of the reasons why non-specialized tools will not work in the long run:

1) They will severely lack the tight integration required with security platforms to capture the configuration status and related evidence.

2) They will lack the special data structure required to support the collection of configuration attributes from OT devices without impacting the operation.

3) They’ll operate as silos, and, as a result, will lack the ability to correlate evidence and monitor compliance deviations in a near real-time manner.

Even if a utility manages to get by with the traditional IT and homegrown tools, the utility is exposing itself with regard to maintaining the homegrown system. In many cases, the homegrown systems are maintained by a single subject matter expert (SME). What is to happen when this SME leaves? The NERC CIP Software standard is constantly evolving and the supporting tools require regular updating, and this can be an extremely demanding task.

Without a connected and specialized tool, the amount of time spent gathering the data using the traditional tools is cost prohibitive for most utilities, and the utilities will simply not be able to maintain the internal controls and lack an accurate self-reporting system. A decision to bring in a commercial off-the-shelf software to manage the CIP compliance processes is a smart business decision with a strong payoff.  As far as we can see, NERC CIP requirements are not going away anytime soon!

Share This Post

Related Posts