NEWS

Proven Compliance Solutions Inc. (PCS) is pleased to announce the recognition of Best Practices for its development of policies, plans and procedures for the NERC Critical Infrastructure Protection (CIP) Reliability Standards CIP-002 Cyber Security - BES Cyber System Categorization and CIP-003 Cyber Security - Security Management Controls.

PCS has developed comprehensive, easy to follow, manageable CIP low impact policies, plans and procedures for its clients that allow site personnel to follow the Requirements and applicable attachments of CIP-002 and CIP-003.  The documents are written so that responsible personnel clearly understand their roles, can easily implement the program, and are able to produce the necessary evidence to prove compliance with the Standards.

During a client’s recent compliance monitoring event, CIP-002 and CIP-003 were in scope.  Following their review, the Regional Entity’s validation letter indicated it found no evidence of non-compliance for the Standards and Requirements, and included in its letter a statement that “… [Entity]’s program demonstrated one of the Best Practices in the region.”  PCS also received recognition from the client who indicated, “Excellent work by PCS on the CIP-002 and CIP-003 procedures and guidance… No violations!  The results speak for themselves.  Thanks again for your high quality of work.”

PCS has written CIP impact assessments and low impact policies and plans for multiple clients and has assisted with their implementation, as well as writing and leading Cyber Security Incident Response table top exercises, and creating awareness materials for dissemination throughout the client’s organization, all with successful outcomes.  Pleasing its clients and providing expert quality work is one of PCS’ highest goals.

In addition to the CIP low impact programs, PCS has also developed medium and high impact programs for its clients.  CIP Reliability Standards compliance is a main focus of the PCS team, along with the Operations and Planning (O&P) Standards.  PCS staff is committed to the success of its clients’ programs and providing guidance, information, and exceptional NERC consulting services that will foster that success.  If you would like to receive more information on how PCS can assist you with your Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

Proven Compliance Solutions Inc. is a privately owned NERC Reliability Standards Consulting Firm specializing in all aspects of compliance to the NERC Reliability Standards.  Collectively, the PCS team has over 300 years of industry experience in literally all aspects of the power system, including generator and transmission system operations, technical writing, marketing, and regulatory compliance, all from an industry standpoint.  PCS is industry recognized for the first-class services and the exceptional care it provides to its clients.  #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Proven Compliance Solutions Inc. (PCS) reminds Registered Entities that the deadline of January 1, 2020 is fast approaching for transitioning their North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) compliance programs to meet the latest version of CIP-003. 

As the deadline swiftly approaches for transitioning CIP compliance programs to the meet the new CIP-003-7 cyber security standard requirements, entities will need to document and implement some important changes.  As part of this transition, each program must now incorporate the following:

Policy statements for:

1.     Transient Cyber Assets and Removable Media malicious code risk mitigation.

2.     Declaring and responding to CIP Exceptional Circumstances.

In addition, entities are required to:

1.     Document and implement a Physical Security Controls Plan to protect their low impact BCS and the Cyber Assets, providing electronic access controls for those devices to only those personnel who are deemed to need access.

2.     Document and implement an Electronic Access Controls Plan.

3.     Document all necessary inbound and outbound electronic access for any communications that meet all of the following criteria:

4   Between a low impact BCS and a Cyber Asset outside the low impact facility

4   Using a routable protocol when entering or leaving the low impact facility

4   Not used for real-time sensitive protection or control functions between intelligent electronic devices (note that SCADA communications are not to be considered “real-time sensitive”)

4.     Document and implement a Transient Cyber Asset and Removable Media Plan to mitigate the risk of malicious code to low impact BCS.

PCS believes that developing and implementing your program to transition from CIP-003-6 to CIP-003-7 well in advance of the January 1, 2020 deadline is prudent and has been encouraging and supporting its clients with numerous program updates underway.  Ryan Carlson, CISSP-PSP and PCS Vice President – Critical Infrastructure Protection Services explained, “The time is now to complete transition efforts to CIP-003-7.  Last minute development and implementation carries with it a significantly higher risk of noncompliance.”

PCS CIP staff members have been in the business of CIP program development, implementation, technical procedure writing, staff training, and mock audit/gap analysis projects since the inception of NERC CIP mandatory compliance.  Having two former Regional CIP auditors on staff, PCS CIP team members fully understand the ramifications of CIP compliance and are working with numerous clients in multiple NERC Regions throughout the U.S. and Canada to implement their CIP programs.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide clients with confidence in the compliance status of their organization.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Whether you’re a new player, just reaching the threshold requiring NERC registration, or a long standing NERC registered entity, the facts clearly reveal that a strong NERC compliance program is more sustainable, more effective, and far more efficient when it reflects your operations.

When reviewing your policies and procedures for NERC Reliability Standards compliance, do you clearly identify your actual operations or do you see documents that simply regurgitate the NERC Standards with no application to how you perform your business? Compliance procedures and policies that simply regurgitate the Standards may be far less expensive to put in place, but are more costly to maintain and are rarely understood by those tasked with following them. Proven Compliance Solutions Inc. (PCS) firmly believes that operations personnel relate far better to an operations procedure that includes reliability compliance as part of their normal tasks. Compliance should simply be a natural output of good operations and properly developed policies and procedures, which are the key to generating evidence.

PCS staff members have been in the business of NERC O&P and CIP compliance program development, implementation, technical procedure writing, internal controls, staff training, program management, and mock audit/gap analysis projects since the inception of NERC mandatory compliance. PCS develops each of its client’s NERC compliance programs individually, utilizing its team of industry recognized compliance managers, NERC and Regional trained compliance auditors, operations experts, documentation and management specialists, and respected compliance implementation experts. Our team’s expertise, combined with our in-depth industry experience and methodologies, provides each Entity with confidence that their program is being developed appropriately and efficiently.

Another service that PCS has developed is the Standards Compliance intelligence Portal (SCIP). This product is a customized, user friendly, real-time application developed and managed by PCS’ Reliability Compliance Professionals. Users simply log into the web-based portal to view their entity-specific Reliability Standards Under Development, recently Approved Standards and implementation dates, changes to NERC Rules of Procedure, regional criteria and protocols, industry news, as well as hot topics and other reliability compliance related items. PCS team members provide entity-specific comments regarding impacts and recommended actions based on the User’s Region and NERC registrations. SCIP addresses the full range of NERC O&P and CIP Standards.

For information on how PCS can support your NERC Compliance Programs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com.  #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Proven Compliance Solutions Inc. (PCS) is pleased to announce that Ryan Carlson, CISSP-PSP and Mitchell E. Needham, P.E. will be the instructors for the EUCI “NERC Fundamentals and Compliance” and “NERC Critical Infrastructure Protection” courses in Atlanta, Georgia on October 15-17, 2019.

Understanding how to comply with the NERC Reliability Standards often creates anxiety for many newcomers, as companies hire them into new operational environments where the expectation also includes the application of compliance protocols.  Likewise, personnel who have been in the compliance arena for some time can also experience anxiety because the rules are constantly changing, and their concerns heighten over missing those changes and/or knowing how to apply them.  Ryan and Mitchell bring an extensive history of the industry and both NERC CIP and O&P compliance knowledge to these classes.  Understanding and instructing on the interpretation of the standards, vetted by years of real-time operations and compliance work and successful regional audits strengthens Ryan’s and Mitchell’s ability to help attendees understand best practice methods for accomplishing their work effectively and efficiently.

Ryan has over 25 years of experience in Cyber Security, IT project management, network system engineering, and network/server system administration.  His career has been devoted exclusively to assisting clients with their NERC Critical Infrastructure Protection (CIP) compliance program needs since 2008.  Ryan has conducted hundreds of CIP mock audit/gap analysis projects over the last 10 years and participated in dozens of regional CIP audits as an expert advisor, observer, and embedded Subject Matter Expert.  He is actively involved in monitoring the CIP Standards development process by monitoring/attending NERC Critical Infrastructure Protection Committee (CIPC) meetings, as well as numerous NERC/regional CIP user group meetings and conferences.  Ryan is an active member of the NERC CIPC Compliance Input Working Group (CEIWG) and the NERC Supply Chain Working Group.  He is a Certified Information Systems Security Professional (CISSP) and Physical Security Professional (PSP) and holds a Bachelor’s Degree in Economics, International Relations and Marketing from the University of Minnesota.

Mitchell’s industry experience spans over 40 years in the electric power industry, including 28 years with the Tennessee Valley Authority prior to working for NERC.  He is a former NERC Readiness Auditor and Regional Compliance Oversight Liaison for two NERC Regions and received NERC and FERC training in reliability compliance auditing.  He has extensive experience conducting mock audits of BES O&P Reliability Standards with specific expertise in protective relays, process development, power system operations, reliability benchmarking, and compliance management.  Mitchell is a registered Professional Engineer in the State of Tennessee and holds a Master of Science Degree in Electrical Engineering (University of Tennessee - Chattanooga), and a Bachelor of Science Degree in Electrical Engineering (University of Tennessee – Knoxville).

PCS has provided training instructors for EUCI classes since 2018 and encourages industry leaders to consider the value these classes can add to their personnel.  PCS also provides NERC training directly to organizations and can tailor the training, as required, to achieve the most benefit for your organization.

PCS NERC Compliance Consulting Services has an unsurpassed track record in Regional NERC Audit success.  Whether your need for support is in the area of Operations and Planning Standards or Critical Infrastructure Protection Standards for your Utility, Generation Facility, Solar Facility or Wind Facility, PCS provides the technical expertise and program management support you desire.  PCS delivers compliance interpretations based on extensive auditing experience, coupled with programs and processes that provide you confidence in the compliance status of your organization.

To sign up for these classes visit WWW.EUCI.COM.

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Proven Compliance Solutions Inc. (PCS) is celebrating its nine year anniversary in the field of NERC Reliability Compliance Consulting.  PCS has firmly established itself as one of the leading compliance consultants in both the (FERC Order 693) Operations and Planning (O&P) Reliability Standards and the (FERC Order 706) Critical Infrastructure Protection (CIP) Reliability Standards.

PCS was formed in July of 2010 by a team of seasoned electric industry technical experts, former NERC and Regional auditors, and compliance management professionals.  PCS services include audit support and preparation, compliance assessments, mock audits, gap analyses, internal controls, staff training, due diligence support, development and implementation of reliability compliance documentation, including Internal Compliance Programs, and on-call reliability compliance expertise.  PCS supports clients in all regions in both the US and Canada.

PCS supports Registered Entities of all shapes and sizes from small generating sites to the largest Utilities and Reliability Coordinators/Independent System Operators in North America.  PCS clients have received and continue to receive the same excellent care, attention to detail, and timely responses year after year.  When asked about PCS’ support, a long time client responded:

The staff at PCS is very easy to work with.  They are very knowledgeable; they give the right advice, and are available when we need their guidance.”

Crystal Musselman, PCS President and CEO stated: “It is hard to believe how fast the past nine years have come and gone. We have seen an emergence of wind and solar generation that require NERC compliance program support, which has added to our extensive client list.  Year after year we have repeat clients, which demonstrate the confidence they have in our team.  Our staff is committed to educating itself on evolving industry issues so we can continue to provide the quality services that are recognized by both our clients and Regional auditors.”

For information on how PCS can support your organization’s NERC Reliability Standards compliance needs, please contact Dale Zahn at (262) 436-4116 or visit our website at www.provencompliance.com. #NERCcompliance #NERC #criticalinfrastructureprotection #weccreliability #SPPorg #ReliabilityFirst #Texas_RE_Inc

Our Services