HOME

Proven Compliance Solutions is more than just our company name. It is, in fact, a statement made with confidence and backed by our team’s successful work to date with over 100 electric utility clients in the United States and Canada. Our client references attest to our successful approach to NERC / Regional audits, our commitment to first-rate, long-term relationships, and our extensive experience spanning all facets of the energy industry. Our company's sole focus is NERC and Regional Compliance, whether assisting in audit preparation, sculpting corporate compliance documentation, or managing ongoing compliance activities for all aspects of NERC compliance including preparation for NERC CIP Version 5/6. PCS also has extensive experience in renewable energy and understands the unique compliance challenges faced by power producers in this rapidly evolving market.

Services include:

  • NERC Compliance Mock Audits – CIP and O&P
  • Internal Controls
  • Gap Analysis
  • Due Diligence
  • Assist in the preparation of Interconnection Agreements
  • Nuclear Plant Interface Requirements Assessments
  • Complete Program Development
  • RSAW Review and Preparation
  • Training
  • Oversight of the OATI webCDMS portal and reporting requirements
  • Internal Compliance Programs
  • Monitor Monthly FERC/NERC/Regional Developments and prepare individualized reports
  • NERC Alert Support

 

Contact Proven Compliance Solutions today to find out how the PCS Team can help your organization with its NERC and regional compliance needs.

Latest News

January 2020 Deadline Approaching for Compliance with NERC Reliability Standard CIP-003-7

Proven Compliance Solutions Inc. (PCS) reminds Registered Entities that the deadline of January 1, 2020 is fast approaching for transitioning their North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance programs to meet the latest version of CIP-003. 

As the deadline swiftly approaches for transitioning CIP compliance programs to the meet the new CIP-003-7 cyber security standard requirements, entities will need to document and implement some important changes.  As part of this transition, each program must now incorporate the following:

Policy statements for:

1.     Transient Cyber Assets and Removable Media malicious code risk mitigation.

2.     Declaring and responding to CIP Exceptional Circumstances.

In addition, entities are required to:

1.     Document and implement a Physical Security Controls Plan to protect their low impact BCS and the Cyber Assets, providing electronic access controls for those devices to only those personnel who are deemed to need access.

2.     Document and implement an Electronic Access Controls Plan.

3.     Document all necessary inbound and outbound electronic access for any communications that meet all of the following criteria:

4   Between a low impact BCS and a Cyber Asset outside the low impact facility

4   Using a routable protocol when entering or leaving the low impact facility

4   Not used for real-time sensitive protection or control functions between intelligent electronic devices (note that SCADA communications are not to be considered “real-time sensitive”)

4.     Document and implement a Transient Cyber Asset and Removable Media Plan to mitigate the risk of malicious code to low impact BCS.

PCS believes that developing and implementing your program to transition from CIP-003-6 to CIP-003-7 well in advance of the January 1, 2020 deadline is prudent and has been encouraging and supporting its clients with numerous program updates underway.  Ryan Carlson, CISSP-PSP and PCS Vice President – Critical Infrastructure Protection Services explained, “The time is now to complete transition efforts to CIP-003-7.  Last minute development and implementation carries with it a significantly higher risk of noncompliance.”

PCS CIP staff members have been in the business of CIP program development, implementation, technical procedure writing, staff training, and mock audit/gap analysis projects since the inception of NERC CIP mandatory compliance.  Having two former Regional CIP auditors on staff, PCS CIP team members fully understand the ramifications of CIP compliance and are working with numerous clients in multiple NERC Regions throughout the U.S. and Canada to implement their CIP programs.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide clients with confidence in the compliance status of their organization.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Proven Compliance Solutions Inc. Instructing at the October 2019 EUCI NERC Courses

Proven Compliance Solutions Inc. (PCS) is pleased to announce that Ryan Carlson, CISSP-PSP and Mitchell E. Needham, P.E. will be the instructors for the EUCI “NERC Fundamentals and Compliance” and “NERC Critical Infrastructure Protection” courses in Atlanta, Georgia on October 15-17, 2019.

Understanding how to comply with the NERC Reliability Standards often creates anxiety for many newcomers, as companies hire them into new operational environments where the expectation also includes the application of compliance protocols.  Likewise, personnel who have been in the compliance arena for some time can also experience anxiety because the rules are constantly changing, and their concerns heighten over missing those changes and/or knowing how to apply them.  Ryan and Mitchell bring an extensive history of the industry and both NERC CIP and O&P compliance knowledge to these classes.  Understanding and instructing on the interpretation of the standards, vetted by years of real-time operations and compliance work and successful regional audits strengthens Ryan’s and Mitchell’s ability to help attendees understand best practice methods for accomplishing their work effectively and efficiently.

Ryan has over 25 years of experience in Cyber Security, IT project management, network system engineering, and network/server system administration.  His career has been devoted exclusively to assisting clients with their NERC Critical Infrastructure Protection (CIP) compliance program needs since 2008.  Ryan has conducted hundreds of CIP mock audit/gap analysis projects over the last 10 years and participated in dozens of regional CIP audits as an expert advisor, observer, and embedded Subject Matter Expert.  He is actively involved in monitoring the CIP Standards development process by monitoring/attending NERC Critical Infrastructure Protection Committee (CIPC) meetings, as well as numerous NERC/regional CIP user group meetings and conferences.  Ryan is an active member of the NERC CIPC Compliance Input Working Group (CEIWG) and the NERC Supply Chain Working Group.  He is a Certified Information Systems Security Professional (CISSP) and Physical Security Professional (PSP) and holds a Bachelor’s Degree in Economics, International Relations and Marketing from the University of Minnesota.

Mitchell’s industry experience spans over 40 years in the electric power industry, including 28 years with the Tennessee Valley Authority prior to working for NERC.  He is a former NERC Readiness Auditor and Regional Compliance Oversight Liaison for two NERC Regions and received NERC and FERC training in reliability compliance auditing.  He has extensive experience conducting mock audits of BES O&P Reliability Standards with specific expertise in protective relays, process development, power system operations, reliability benchmarking, and compliance management.  Mitchell is a registered Professional Engineer in the State of Tennessee and holds a Master of Science Degree in Electrical Engineering (University of Tennessee - Chattanooga), and a Bachelor of Science Degree in Electrical Engineering (University of Tennessee – Knoxville).

PCS has provided training instructors for EUCI classes since 2018 and encourages industry leaders to consider the value these classes can add to their personnel.  PCS also provides NERC training directly to organizations and can tailor the training, as required, to achieve the most benefit for your organization.

PCS NERC Compliance Consulting Services has an unsurpassed track record in Regional NERC Audit success.  Whether your need for support is in the area of Operations and Planning Standards or Critical Infrastructure Protection Standards for your Utility, Generation Facility, Solar Facility or Wind Facility, PCS provides the technical expertise and program management support you desire.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide you confidence in the compliance status of your organization.

To sign up for these classes visit WWW.EUCI.COM.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Effective and Efficient NERC Compliance Programs Reflect Actual Operations

Whether you’re a new player, just reaching the threshold requiring NERC registration, or a long standing NERC registered entity, the facts clearly reveal that a strong NERC compliance program is more sustainable, more effective, and far more efficient when it reflects your operations.

When reviewing your policies and procedures for NERC Reliability Standards compliance, do you clearly identify your actual operations or do you see documents that simply regurgitate the NERC Standards with no application to how you perform your business? Compliance procedures and policies that simply regurgitate the Standards may be far less expensive to put in place, but are more costly to maintain and are rarely understood by those tasked with following them. Proven Compliance Solutions Inc. (PCS) firmly believes that operations personnel relate far better to an operations procedure that includes reliability compliance as part of their normal tasks. Compliance should simply be a natural output of good operations and properly developed policies and procedures, which are the key to generating evidence.

PCS staff members have been in the business of NERC O&P and CIP compliance program development, implementation, technical procedure writing, internal controls, staff training, program management, and mock audit/gap analysis projects since the inception of NERC mandatory compliance. PCS develops each of its client’s NERC compliance programs individually, utilizing its team of industry recognized compliance managers, NERC and Regional trained compliance auditors, operations experts, documentation and management specialists, and respected compliance implementation experts. Our team’s expertise, combined with our in-depth industry experience and methodologies, provides each Entity with confidence that their program is being developed appropriately and efficiently.

Another service that PCS has developed is the Standards Compliance intelligence Portal (SCIP). This product is a customized, user friendly, real-time application developed and managed by PCS’ Reliability Compliance Professionals. Users simply log into the web-based portal to view their entity-specific Reliability Standards Under Development, recently Approved Standards and implementation dates, changes to NERC Rules of Procedure, regional criteria and protocols, industry news, as well as hot topics and other reliability compliance related items. PCS team members provide entity-specific comments regarding impacts and recommended actions based on the User’s Region and NERC registrations. SCIP addresses the full range of NERC O&P and CIP Standards.

For information on how PCS can support your NERC Compliance Programs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com.  #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc