Periodic auditing is a critical part of ensuring reliability compliance. A measurable record of performance for your organization is established through periodic internal and external evaluations of your cyber security procedures, systems, and personnel training.
For medium to high risk violations, NERC has authority to fine responsible entities up to $1 million per noncompliant event, per day. This represents a significant consequence to many organizations who do not adequately maintain cyber security systems and proper documentation. In support of your organization’s audit goals, WFPA offers consulting services for both internal and NERC CIP audit preparation.
Internal Audit Preparation
WFPA provides your organization with expert independent guidance as you navigate an internal audit of your CIP Program. Additionally, as a third party auditor, WFPA will only report to your team, without the involvement of any regulatory organization.
A trained auditor from WorkForce Planning can act as Lead Performance/Compliance Analyst for your organization’s internal audit team, or provide support to an individual in this role. WFPA also provides expert training for individuals seeking to lead performance verifications, assessments, and reviews within their own organization.
NERC CIP Audit Preparation
Preparation for NERC CIP compliance audits can be a significant investment for your organization, and it is essential that all stakeholders and key players are prepared for evaluation by a NERC audit team.
WorkForce Planning works with your organization’s CIP team members to evaluate policy and procedure documentation and identify areas of improvement in preparation for the official NERC audit. It is vital to ensure that all documentation and audit materials have been thoroughly developed in advance of the audit date.
WFPA applies advanced Gap Analysis to your organization’s CIP Program and identifies any compliance issues before the audit. Based on this analysis, WFPA provides your organization with recommendations to improve compliance and close any identified compliance gaps before the audit begins.