A large, multi-state, multi-region transmission company that NST has worked with since day 1. We've touched every part of this CIP program, and continue to support them to this day.
NST began work in 2003 and has continued to provide services since then. Our projects include development of cyber-security policies for each business unit, identification of SME teams, creation of a centralized CIP compliance office supporting the responsibilities of the CIP Senior Manager, staff training and augmentation, and audit support. NST’s integration with this program is substantial. Over the past 18 years, NST has been involved in nearly every part of the program, from the very foundation of the NERC Compliance team through every audit cycle across multiple regions and versions of the standards.
In 2003 NST was part of the inaugural committee to create the compliance program and organize a response to NERC Urgent Action 1200.
In 2006, NST hosted a “CIP Summit” in which the new version of CIP was introduced to a wide audience of stakeholders and the plans to develop a robust program were laid out.
In 2010 NST created a CIP Charter focused on sustainability and continuous improvement models for compliance and security.
In 2013 NST led a remediation project for challenges with the implementation of Physical Access Control Systems.
In 2014 NST supported the preparation for a NERC CIP v3 regional entity audit, and separately for the implementation of NERC CIP v5 compliance program transition.
In 2017 NST provided long term staff augmentation resources to develop and implement process updates and facilitate the transfer of knowledge about newly created processes and documentation to new hires after they were onboarded.
Recently NST provided “audit leadership” on two separate audits spanning multiple states and regions. During the first phase, NST reviewed formal documentation, requested and reviewed sample data, assisted in updates to RSAWs to reflect the procedures and data, and toured areas housing in-scope BES cyber systems. During the second phase, NST prepared the SMEs for a formal audit by leading training sessions on approaches to responding to questions from auditors as well as playing the roles of auditors to enable SMEs to practice presenting their materials. NST provided feedback to SMEs on their ability to incorporate the advice introduced in the training to respond to questions with targeted responses.