Corporate Risk Solutions - The #1 NERC CIP Consulting Firm

Services

NERC CIP Compliance (706)

Corporate Risk Solutions, Inc. (CRSI) is one of the industry leaders in providing NERC CIP Compliance consulting support to electric utilities. CRSI is a highly experienced and credentialed consulting firm that has provided and continues to support electric utilities with a full suite of services since 2001.

CRSI Has Provided NERC Consulting Support To More Than 100 Electric Utilities And Has Been Contracted By Multiple Regional Entities To Conduct NERC CIP Audits, RBAM Evaluations, Mitigation Plan Reviews and TFE Reviews

We have launched our Security Awareness Trial Program designed to assist utilities with their Security Awareness Program and Cyber Security Training Program for compliance with CIP-004 R1 and R2. Click here to sign up and try our free Trial Program.

CRSI has an unmatched level of experience, credentials, and expertise specialized in providing solutions to traditional electric utilities, wind generation, solar and smart grid systems. CRSI has performed work for cooperatives, municipalities, investor-owned utilities, merchant/market participants, and U.S. government contracted facilities, and has worked within and interacted with all 8 of the NERC Regional Entities.

Corporate Risk Solutions’ professional, credentialed, and experienced consultants have in-depth knowledge and extensive experience to address each of the specific requirements of the NERC CIP-002 through CIP-009 Reliability Standards as well as the NERC 693 Operational Standards.

Here are just a few of the reasons why more than 100 electric utilities and have made the decision to partner with CRSI for their NERC CIP Compliance needs:

1. CRSI has extensive experience within each of the 8 NERC Regions, where we have performed NERC CIP consulting for more than 100 electric utilities.
2. CRSI has technical expertise in presenting best practices and in evaluating electric utility evidence for compliance with the NERC CIP Reliability Standards.
3. CRSI has been contracted by multiple Regional Entities to conduct NERC CIP Audits, RBAM Evaluations, Mitigation Plan Reviews and TFE Reviews.
4. As part of our contracts with the Regional Entities, CRSI’s consultants have successfully completed the Fundamentals of NERC Auditing coursework and required regional training programs and are also experienced in US GAGAS Audit Methodologies.
5. CRSI has been a member of the NERC CIP Standards Drafting Team for Versions 1-5.
6. CRSI participated on the drafting team for the Violations Risk Factors.
7. CRSI participated on the drafting team for the UA-1200 Standards.
8. CRSI participated on the drafting team for the ES-ISAC Working Group
9. CRSI is a registered balloting member in Category 1 Transmission Operations.
10. CRSI has been embedded within the electric utility industry for years in both internal and external capacities. In demonstration of this, we were contracted by one of our clients (a large, investor-owned utility company spanning across 7 states) to work within the utility for 5+ years, which consisted of deep involvement with the day-to-day operations. Because of this experience, our consultants are able to share in the unique perspectives of utility personnel.
11. CRSI is an active participant in quarterly NERC CIPC meetings and various Regional Entities’ CIPWG Teams.
12. CRSI helped prepare numerous clients for NERC UA 1200 Readiness Audits which resulted in Examples of Excellence and Positive Observations.
13. CRSI is a regular attendee at NERC CIP Cyber Security Standards Training Workshops.
14. CRSI is a regular presenter and participant at Regional NERC CIP “How To” Workshops.
15. CRSI is certified in NSA/DHS/Electric Industry-Recognized Risk Assessment Methodologies, including: NSA’s InfoSec Assessment Methodology, Sandia National Laboratories Risk Assessment Methodologies – Transmission Systems [RAM-T]), Crime Prevention Through Environmental Design, and ASIS International – Risk Assessment Methodologies

NERC CIP Compliance Consulting Service Offerings

Gap Analysis
Mock Audit
Cyclical Audit Programs
Compliance Program Reviews
On-Site NERC CIP Audit Support
Cyber Vulnerability Assessments for NERC CIP Compliance
NERC Training & Awareness Programs
Subject Matter Expert (SME) Witness Testimony Training Programs
Personnel Risk Assessment Screening Programs
Project Management
Managed Services Support Contracts
Learning Management Systems
NERC CIP Compliance Guide Book
Staff Augmentation
Annual Requirements Reviews and Exercises for Recovery Plans and Sabotage Incidents

CCAI, CCA, Annual CSIR Review
Compliance Documentation Development / Reviews / Revisions
Compliance Plan Studies
Compliance Program Development
Document Standardization
Evidentiary Documentation Development and Mapping
Internal Compliance Plan Review / Assessment
Interpretative Consulting
Mitigation Plan Reviews
Performance Metrics
Policy and Procedural Development
Reliability Standard Audit Worksheet (RSAW) & Evidence Reviews / Audits
Risk-Based Assessment Methodology (Development & Implementation)
Technical Consulting and Writing
Technical Feasibility Exception (TFE) Reviews
Workflow Process Development

SCADA Security Architecture Design
Security System Implementation Support
Systems Review & Validation
Security Systems Technical Requirements, Design, Specifications and Budgeting

Click here to order your NERC CIP Compliance Guide.

IT / Cyber Security Solutions

Cyber Security Training
Cyber Vulnerability Assessments for NERC CIP Compliance
Cyber Penetration Testing
SCADA Security Architecture Design
Systems Review & Validation

Physical Security Solutions for Substations, Control Centers and Power Plants

Physical Security Risk & Vulnerability Assessments
Security Design Solutions
Applications Engineering
Construction Management
Physical Systems Technical Requirements, Design, Specifications and Budgeting
Project Management, Security Build Out/Implementation and Vendor Vetting
Security Master Planning (Information, Logical/Cyber, Physical and Personnel)

Smart Grid & Alternative Energy Solutions

Design & Evaluate Cyber Security Controls
Penetration Testing of Cyber Controls
Cyber, Information & Physical Security Solutions for AMI Infrastructure

Representative Client Listing

Note: Due to confidentiality agreements, the below list is not an all-inclusive listing of CRSI’s experience within the industry but is merely a sampling of our clients across the various Regions.

Ameren Services
American Electric Power (4 Separate Business Units)
American Transmission Company
Aquila
Associated Electric Cooperative
ATCO Electric
City of Glendale Water & Power
City of Tallahassee – Electric Utility
Colorado Electric
Colorado Public Service
Colorado Springs Utilities
CURRENT Group
Dayton Power & Light
DOW Chemical
Duquesne Light
Dynegy
FirstEnergy Corporation
Fluor Hanford
GE Energy
General Public Utilities, Inc.
Great Lakes Energy
Green Country Energy
Holyoke Gas & Electric
Independence Power & Light
JEA
Kansas City Power & Light
In demonstration of our abilities to design and implement security system design builds, KCPL’s Command & Control Center was featured in a video from KCTV 5 that Corporate Risk Solutions designed and implemented for Kansas City Power & Light. This control center was used to catch a thief attempting to steal copper from a substation. This is just one of the many projects that CRSI performed for KCPL.
Kelson Holdings (4 Separate Entities)
Michigan Gas & Electric
Michigan Gas Utilities
MidAmerican Energy
Midwest ISO
Missouri Public Service
Nebraska Public Power District
OGE
Pedernales Electric Cooperative
People’s Natural Gas – Minnesota
People’s Natural Gas – Nebraska
PJM Interconnection
PPL Corporation
Seminole Electric Cooperative
Sunflower Electric Power Corporation
Texas Municipal Power Agency
Tucson Electric Power
VELCO
Vestas Wind Energy
We Energies
West Plains Energy
Western Farmers Electric Cooperative
Wisconsin Public Services

To receive a quote for services and/or to hold a specific date for your project, please contact Travis Emerson at 913-322-5404 or via email at temerson@corprisk.net. Alternatively, you can contact Corporate Risk Solutions through our contact page.

“Dynegy hired CRSI to perform a CIP-002-4 Assessment largely based on positive references from other companies we interact with. CRSI lived up to their reputation by performing an outstanding job. They knew exactly what they wanted to do and did it.”

Dan Roethemeyer
Director - Electric System Operations and Compliance
Dynegy Inc.

“Both Philip Sobol and Susan Tibbs were excellent in the role and expertise and it showed very well to both the SMEs and the management team. They both provided the full audit experience as well as insights on how to ensure the layer of compliance was thick enough to be above reproach. They also provided great coaching and had the necessary experience to back up what they taught. (On-Site NERC CIP Audit and SME Testimony Training Program)

Electric Utility Within NPCC Region
Company Name Undisclosed Due to Confidentiality Restrictions

“An independent mock audit of CIP compliance is an essential step in preparing for a CIP audit. Most companies just don’t have the independent technical expertise in house to perform an adequately thorough review. We also don’t have experience on how CIP audits will actually be conducted, and they are different than other on-site audits in the depth of review.

CRSI had both the technical expertise and actual audit experience to perform a realistic mock audit for us. They provided valuable insights which allowed us to avoid potential violations due to incomplete evidence, and identified the need to self report an issue. Both of those alone likely saved the company more than the cost of the service (without even considering the possible negative effects investor perceptions of violations). Additionally every single employee involved in the mock audit felt that it helped better prepare them and give them more confidence to present to auditors. This was important because confidence and command of material by the subject matter experts is also a key factor in achieving good audit results. I highly recommend using CRSI to conduct a mock audit, several months before an actual audit. In my experience the benefit far outweighs the cost.”

Henry Stevens
Manager, Reliability Compliance; FERC Policy & Compliance Development
FirstEnergy

“Corporate Risk gave our subject matter experts an excellent introduction to what they will experience in a real audit, which we anticipate will smooth the audit process significantly. They are extremely knowledgeable, and highly professional.” (Mock Audit)

“It has been our experience that having a knowledgeable consultant available during an audit is of considerable value in responding to the many, sometimes unexpected, questions and concerns raised by an audit team. Scott was a tremendous asset to us during our recent CIP audit. Because I couldn’t be in the room with my SME’s the whole time, it was great to have someone knowledgeable on the standards and the audit process to be there with them. Scott also helped formulate some rough drafts of responses for the auditors which significantly decreased the amount of time it took for me to complete these. I would strongly recommend this service offered by CRSI to any utility undergoing a NERC Audit.” (NERC Audit Assistance)

Virginia Cook
Director, Electric Compliance
JEA

“CRSI performed an onsite gap analysis of PPL’s CIP compliance program in advance of the required compliance date of 12/31/09. Consultants Mike Tibbs and Phil Sobol provided outstanding consulting service in a highly professional manner. They worked extremely well with the various PPL Subject Matter Experts and Counsel staff, patiently answering many questions and educating the staff on various CIP issues. Their knowledge and understanding of the CIP standards and related industry implementation issues enabled them to guide PPL in improving our CIP implementation strategies and our evidence of compliance to the many CIP requirements.

CRSI provided a detailed report of the gap analysis, providing PPL the opportunity to review the draft report and provide comments, prior to finalizing the report. CRSI also separately provided written responses to numerous written observations documented by Counsel and internal auditing during the course of the gap analysis. This was an unexpected benefit and was very helpful in addressing these internal comments. PPL is highly satisfied with the results of this CIP gap analysis and with the conduct and professionalism of the CRSI staff.”

Robert Hoopes
Senior Director of FERC / NERC Compliance
PPL Corporation