Have,you,been,audited,NERC,yet business, insurance Have you been audited by NERC yet? – Some real advice for a


Small offices have unique needs, and thatincludes document shredding. Designed with the smaller business inmind, the Dahle 20314 is a cross-cut shredder that offers Level 3security and brings you into compliance with federal regulations. The As we all know to live in this world we have to perform some activity by which we can earn money. There are many activities by which we can earn money and meet the standards to live in this society. And from one of them is franchise.  Franc


If you're in the electrical utility sector and you hear NERC Audit you're likely to start sweating. Not because you may not have a NERC compliance plan, but because of the simple fact that there really isn't any good information that exists that tells you everything you have to do and exactly how to do it. As you know there is NERC, FERC, and even SERC. How can you keep them all straight along with the litany of other regulatory issues you have to deal with? One of my best pieces of advice is to breakdown the different standards of NERC into manageable pieces. Creating a NERC Compliance PlanFirst, take apart all the standards and sectionalize them. NERC has done a decent job of trying to separate these into groups. For instance, Cyber Security has standards that go from CIP 001-009. However, if you break apart all the different issues that go into just those standards, you will no doubt have a million different action items on your plate. My specialty and focus has been on CIP 4, because this is where I have listened to a lot of screaming clients who have become frustrated with the auditing process taking place. The fines that these audits generate can cost upwards of $7,500 per person per day. I was recently at the TechAdvantage Expo in Atlanta, and spoke with many industry executives who said they have had to pay fines of several hundred thousand dollars and more for not complying with CIP 4.The best thing to do is break apart the standards and review each one in detail and then parse them out to your different department heads, who can be made responsible for implementation. As the NERC compliance plan manager, you will need to get buy in from your senior management so that they will dictate to your peers the fact that they will need to report to you on their findings. You will need to coordinate their efforts and then tell your senior management you want to provide them with updates on the plan bi-weekly or at least monthly. By doing this, it will help keep them engaged and continue to provide you with the resources you need to devise a NERC compliance plan. Let's just take, for example, the Cyber Security standards. The very name could be a little misleading because it would imply that this standard should go to your IT department. They are the ones that will need to implement all kinds of cool techno stuff that will provide you with cyber intrusion protection tools, right? Not necessarily. Take for example the CIP 004. This clearly states that you must have a system in place for conducting awareness training, background risk assessments, and access documentation and credentialing on all of your employees and contractors. You may now look at this and then realize this is more of a security department or HR concern rather than a technical one. Second, when you're looking for vendors to help you analyze all of the different options, remember this one true statement. No single company has a system to manage all NERC compliance plan issues. I've seen it many times before where companies advertise that they can make you NERC compliant by just hiring them. This is a fallacy. There are many consulting companies out there that are very reputable and can certainly assist you with the interpretation and development of a NERC compliance plan, but they cannot implement the systems and technology to make you compliant. I go back to the CIP 4 standard for Cyber Security where vendors proclaim to be able to achieve compliance in a certain time frame. One of the most important issues as part of that standard is conducting a risk assessment background check on anyone that has access to critical assets. To do a background check, you need to be a certified CRA (Credit Reporting Agency). But even to this same point, doing things that might involve other pieces of that standard, for instance handling encryption and password protection of those assets that same company would not be the correct fit. Remember that creating a NERC compliance plan is a goal driven task. Have yourself or a consulting company review the different aspects of NERC that apply and coordinate with your top managers to make this a goal for you and your peers. Implementing a NERC Compliance PlanOne of the morals of this story is to get your suppliers to illustrate how they comply with a specific standard of NERC. If they say they comply with multiple standards, then ask them to show you how and run it by NERC for verification. Also, make sure their pricing is in line with how they sell it to you. There are multiple occurrences where a vendor will sell something to one company and then turn around and sell the exact same thing to another company but at a much higher mark up since there is a regulation surrounding that industry. Don't be fooled by those gimmick tactics and allow vendors to prey on your fear of not having a NERC compliance plan in place. In summary, get a breakdown of which standard applies directly to you, create a matrix chart of which pieces of which standard apply to what departments, get your senior managers involved to dictate these goals to your peers and provide them with updates. Then, when going out to vendors, have them prove how it directly relates to a NERC compliance plan; ask them if they sell that same tool to others and how much it is. Doing these things in this order will help you become the go-to person on regulatory issues, and, in a utility company...that is highly valued.

Have,you,been,audited,NERC,yet

business

Europe Construction Equipment Market (2020-2026)

Market Forecast By Types(Cranes (Mobile Cranes, Crawler Cranes, Tower Cranes), Earthmoving Equipment(Loaders, Excavators, Motor Grader)), Aerial Work Equipment(Articulated Boom Lifts, Telescopic Boom Lifts, Scissor Lifts), Material Handling ...

business

Raheja SCO Plots brings Commercial Space in Gurgaon

Being a financial and technology hub Gurgaon is a prominent place for commercial space. Raheja Developers just happens to be the most significant entities of the commercial real estate sector of India. Thanks to their outstanding construct ...

business

Find the Reliable and Qualified Packers and Movers

Have you decided to relocate somewhere in Mumbai and wanted to make a move? Well, you could be aware of the stress and hectic work associated with moving your things from one location to another. Either you make a move to the nearest locatio ...

business

Corporate video production and brand positioning

Corporate videos bring a touch to your marketing aspect. I have seen brands who are telling a compelling story in a more concise way. Here are some advantages to using corporate video for your brands.Videos are a fun way to describe your pro ...

business

Tips For Creating A Cleaning Company Logo

Your logo is the visual representation of your business and the first thing many potential customers will see. When global corporations are mentioned, people typically think of the company logo first. Nikes Swoosh, MacDonalds golden arches, ...

business

Learning from Five Common Accounting Mistakes

Most business owners spread practically all the nuts and bolts of business arranging aside from one significant angle that should be dangerous for their business-accounting. The idea among numerous new companies is that the accounting extens ...

business

Get To Know Everything About Kraft Bakery Boxes

Knowing the fact that all the bakery products ask fr durable and resilient packaging, you must also know that there are several ways to customize the right packaging. Now, for this, you have to team up with a packaging company that fulfils a ...

business

Here’s What Is The Purpose to Maintain Risk Register

Are you in need of knowing what a risk register is? Then you are here searching the result for your solution. It is sometimes known as the risk log. Corporate Risk Register is one of the project management tools that help the company and t ...

business

COVID-19: How it affects businesses and the economy

Updated Canadian economic forecastCanadas economic growth ground to a halt in the fourth quarter of 2019. With the economy already on precarious footing, the added shocks of the recent rail blockade protests, the arrival of COVID-19, and a c ...

business

How Secure is Internet of Things (IoT) - Experts Guide

IoT enables many new functionalities and possibilities to enhance living and business. However, more IoT leads to insecurity and responsibilities. IoT as a spectrum is growing and new technologies are implemented rapidly with an increase in ...

business

Reasons how company information saves your investments

What does company information include? Before you invest in a company or start a new business relationship with a client, it is vital to know everything relevant about them. Company information is any confidential data of a company that is ...