Corporate Risk Solutions - The #1 Consulting Firm in NERC CIP Compliance

Services

NERC CIP Compliance

Corporate Risk Solutions is excited to announce that we are now a part of GSA Advantage! Corporate Risk Solutions is on GSA Schedule 70, Special Item 132-51 for IT Professional Services, which covers most of our NERC CIP Compliance Service Offerings.

Corporate Risk Solutions Has Provided Consulting Support To More Than 50 Electric Utilities And Is Contracted By Multiple Regional Entities To Conduct NERC CIP Audits, RBAM Evaluations, Mitigation Plan Reviews, and TFE Part B Reviews

Corporate Risk Solutions is the industry leader in providing NERC CIP Compliance support to electric utilities. We have an unmatched level of experience, credentials, and expertise specialized in providing solutions to the electric utility industry, including traditional electric, wind generation, and smart grid systems. CRSI has performed work for cooperatives, municipalities, investor-owned utilities, merchant/market participants, and U.S. government contracted facilities, and has worked within and interacted with all of the Regional Entities, including: WECC, MRO, SPP, ERCOT, SERC, FRCC, RFC, and NPCC.

Corporate Risk Solutions’ professional, credentialed, and NERC experienced consultants have in-depth knowledge and extensive experience to address each of the specific requirements of the NERC CIP-002 through NERC CIP-009 Reliability Standards. Our consultants work every day with electric utility clients, helping them to achieve NERC CIP Compliance by conducting Mock Audits and Gap Analysis projects, developing requirements documents such as RSAWs and supporting evidence, developing and implementing RBAMs, conducting TFE (Part A and Part B) reviews, developing comprehensive security plans that meet best practices for the industry, and designing and installing integrated physical, cyber, personnel, and information protection systems. We also have experience assisting our electric utility clients with on-site support during NERC CIP Audits (See Testimonial from Virginia Cook at JEA at right).

While other firms may appear to be similar to Corporate Risk Solutions because they share one or two of our credentials, it is important to note that we surpass our competitors in our knowledge, credentials, and experience with the NERC CIP Standards. Here are just a few of the reasons why more than 50 electric utilities have made the decision to partner with Corporate Risk Solutions for their NERC CIP Compliance needs:

Contracted by Multiple Regional Entities to Conduct NERC CIP Audits, RBAM Evaluations, Mitigation Plan Reviews, and TFE Reviews (Part A and Part B)
6 Consultants who have Successfully Completed the NERC Fundamentals of Auditing Course
Represent Electric Utilities at NERC CIP Audits as Functional Experts
Drafting Team Member for the NERC CIP 002-1 thru 009-1 Standards
Drafting Team Member of the Violations Risk Factors
Drafting Team Member of the UA-1200 Standards
Member of the NERC Security Guidelines ES-ISAC Reporting Drafting Team
Participation in Numerous NERC UA 1200 Readiness Audits Resulting in Examples of Excellence and Positive Observations
Attendees at NERC CIP Cyber Security Standards Training Workshops
Presenter/Participant at Regional NERC CIP “How To” Workshops
Active Participant in Quarterly NERC CIPC Meetings
Active Participant in Various Regional Entities’ CIPWG Teams
Certified in NSA/DHS/Electric Industry-Recognized Risk Assessment Methodologies, including: NSA’s InfoSec Assessment Methodology, Sandia National Laboratories Risk Assessment Methodologies – Transmission Systems [RAM-T]), Crime Prevention Through Environmental Design, ASIS International – Risk Assessment Methodologies

Corporate Risk Solutions also offers expert support with the operational requirements through our strategic partnership with Utility Compliance Services, another premier security consulting firm that specializes in providing solutions with the operational standards of NERC.

Electric Utility Service Offerings

NERC CIP Compliance
Mock Audits (specifically designed to help utilities prepare for a scheduled NERC CIP Audit or Spot Check)
Gap Analysis (typically utilized by utilites that have a “Good Compliance Program” but that want a third-party review and recommendations of how to improve their program to include industry best practices and standards in addition to the NERC CIP Standards)
On-Site NERC Audit Assistance
Risk Based Assessment Methodology Development & Implementation Support
Compliance Documentation Development (Policies, Procedures, RSAWs, Supporting Evidence)
Cyber Vulnerability Assessments
Cyber Penetration Testing
Physical Risk & Vulnerability Assessments
Personnel Risk Assessment Screening Programs
Business Continuity Planning and Testing
Employee Security Training Programs
Physical Systems Technical Requirements, Design, Specifications and Budgeting
Project Management, Security Build Out/Implementation and Vendor Vetting
Security (Information, Logical/Cyber, Physical and Personnel) Master Planning
Managed Consulting Services

Utility Client Listing

Ameren Services
American Electric Power (4 Separate Business Units)
American Transmission Company
Aquila
Associated Electric Cooperative
ATCO Electric
City of Glendale Water & Power
City of Tallahassee – Electric Utility
Colorado Electric
Colorado Public Service
Colorado Springs Utilities
CURRENT Group
Dayton Power & Light
DOW Chemical
Duquesne Light
FirstEnergy Corporation
Fluor Hanford
GE Energy
General Public Utilities, Inc.
Great Lakes Energy
Green Country Energy
Holyoke Gas & Electric
Independence Power & Light
JEA
Kansas City Power & Light
In demonstration of our abilities to design and implement security system design builds, here is a video from KCTV 5, which features the KCPL Command & Control Center that Corporate Risk Solutions designed and implemented for Kansas City Power & Light. This control center was used to catch a thief attempting to steal copper from a substation. This is just one of the projects that CRSI performed for KCPL.
Kelson Holdings (4 Separate Entities)
Michigan Gas & Electric
Michigan Gas Utilities
MidAmerican Energy
Midwest ISO
Missouri Public Service
Nebraska Public Power District
OGE
Pedernales Electric Cooperative
People’s Natural Gas – Minnesota
People’s Natural Gas – Nebraska
PJM Interconnection
PPL Corporation
Seminole Electric Cooperative
Sunflower Electric Power Corporation
Texas Municipal Power Agency
Tucson Electric Power
VELCO
Vestas Wind Energy
We Energies
West Plains Energy
Western Farmers Electric Cooperative
Wisconsin Public Services

To receive a quote for services and/or to hold a specific date for your project, please call Travis Emerson at 913-322-5404 or contact Corporate Risk Solutions here.

“An independent mock audit of CIP compliance is an essential step in preparing for a CIP audit. Most companies just don’t have the independent technical expertise in house to perform an adequately thorough review. We also don’t have experience on how CIP audits will actually be conducted, and they are different than other on-site audits in the depth of review.

CRSI had both the technical expertise and actual audit experience to perform a realistic mock audit for us. They provided valuable insights which allowed us to avoid potential violations due to incomplete evidence, and identified the need to self report an issue. Both of those alone likely saved the company more than the cost of the service (without even considering the possible negative effects investor perceptions of violations). Additionally every single employee involved in the mock audit felt that it helped better prepare them and give them more confidence to present to auditors. This was important because confidence and command of material by the subject matter experts is also a key factor in achieving good audit results. I highly recommend using CRSI to conduct a mock audit, several months before an actual audit. In my experience the benefit far outweighs the cost.”

Henry Stevens
Manager, Reliability Compliance; FERC Policy & Compliance Development
FirstEnergy

“Corporate Risk gave our subject matter experts an excellent introduction to what they will experience in a real audit, which we anticipate will smooth the audit process significantly. They are extremely knowledgeable, and highly professional.” (Mock Audit)

“It has been our experience that having a knowledgeable consultant available during an audit is of considerable value in responding to the many, sometimes unexpected, questions and concerns raised by an audit team. Scott was a tremendous asset to us during our recent CIP audit. Because I couldn’t be in the room with my SME’s the whole time, it was great to have someone knowledgeable on the standards and the audit process to be there with them. Scott also helped formulate some rough drafts of responses for the auditors which significantly decreased the amount of time it took for me to complete these. I would strongly recommend this service offered by CRSI to any utility undergoing a NERC Audit.” (NERC Audit Assistance)

Virginia Cook
Director, Electric Compliance
JEA

“CRSI performed an onsite gap analysis of PPL’s CIP compliance program in advance of the required compliance date of 12/31/09. Consultants Mike Tibbs and Phil Sobol provided outstanding consulting service in a highly professional manner. They worked extremely well with the various PPL Subject Matter Experts and Counsel staff, patiently answering many questions and educating the staff on various CIP issues. Their knowledge and understanding of the CIP standards and related industry implementation issues enabled them to guide PPL in improving our CIP implementation strategies and our evidence of compliance to the many CIP requirements.

CRSI provided a detailed report of the gap analysis, providing PPL the opportunity to review the draft report and provide comments, prior to finalizing the report. CRSI also separately provided written responses to numerous written observations documented by Counsel and internal auditing during the course of the gap analysis. This was an unexpected benefit and was very helpful in addressing these internal comments. PPL is highly satisfied with the results of this CIP gap analysis and with the conduct and professionalism of the CRSI staff.”

Robert Hoopes
Senior Director of FERC / NERC Compliance
PPL Corporation