Internal Controls Procedure
|
|
- Karin Booker
- 5 years ago
- Views:
Transcription
1 Internal Controls Procedure September 30, 2017 MON Bayport Drive, Suite 600 Tampa, Florida (813) Phone (813) Fax
2
3 Table of Contents Page 3 of 7 Page 1.0 Purpose and Scope Purpose Scope Background Terms and Definitions Responsibilities Procedure Owner Procedure Reference Section... 7
4 Page 4 of Purpose and Scope 1.1 Purpose This procedure provides the steps to be taken by FRCC s Compliance Staff necessary to perform an internal controls review during compliance monitoring activities of a Registered Entity (entity). This review may inform FRCC s development of the entity Compliance Oversight Plan (COP). It will use the output of the Inherent Risk Assessment (IRA) to determine the potential standards and requirements for review. This document covers tools to be used. 1.2 Scope 2.0 Background This procedure applies to the performance of internal controls review by the Compliance Monitoring team within FRCC. 2.1 Terms and Definitions Preventive controls controls established as the first line of defense since they are designed to prevent the fault/error from occurring. This type of controls will prevent a determined consequence, issue, threat, loss, or harm from occurring Detective controls controls designed to detect the potential error condition or fault after it has occurred, or identify instances where practices or procedures were not followed Corrective controls controls designed to correct the error condition or fault after it has been detected. These controls restore the system or the process back to a stable state prior to the error condition. They fix the problem during, or immediately after, the issue has occurred minimizing the impact Compliance Oversight Plan (COP) A plan consisting of the oversight strategy for a registered entity, including the list of Standard requirements for monitoring, the CMEP tool to be used, and the interval of monitoring. 1 NERC ERO Enterprise Guide for Internal Controls Version 2
5 Page 5 of Responsibilities 3.1 Procedure Owner This procedure is the responsibility of the FRCC Manager of Critical Infrastructure Protection (CIP) and FRCC Manager of Operations and Planning (O&P) to maintain as necessary to keep the procedure current with the latest North American Electric Reliability Corporation (NERC) Rules of Procedure - Compliance Monitoring and Enforcement Program Appendix 4C and established FRCC procedures The review of this procedure will be performed when changes to departmental or NERC Rules of Procedure occur and have a potential impact to this processing. In addition, a review will be performed at least once every three (3) years from the last update. The review shall be documented in the Review/Modification section of this document This procedure will be approved by the FRCC Manager of CIP Monitoring, the FRCC Manager of O&P Monitoring, and the VP Compliance, Enforcement and Reliability Performance. 4.0 Procedure 4.1 At least ninety days before the audit start date, the Audit Team Lead (ATL) in concert with the manager, will review the entity s COP to determine the Standards/Requirements to be included for internal control review during the audit. 4.2 The ATL shall ensure that the Audit Notification letter (ANL) includes the Standard(s) /Requirement(s) selected for internal controls review. 4.3 The day after the ANL is sent to entity, the ATL will conference with the entity s Primary Compliance Contact (PCC) on the expectations of the internal controls review and suggest the entity upload any internal controls supporting documentation for those Standard(s)/Requirement(s) selected for review. 4.4 The audit team shall review internal controls supporting documentation during the time period allowed for pre-audit review and on-site audit review. The review of internal controls may include inquires, on-site interviews, observations,
6 Page 6 of 7 inspection of documentation and records, review the work of others and direct tests. 4.5 The ATL may issue an appropriate information request if additional information is required. 4.6 The ATL and audit team should complete an assessment of the entity s internal controls using the Internal Control Review Worksheet to determine the effectiveness of the controls. The assessment may include, but is not limited to, a review of the following: Automation of the internal controls Compensating and supporting internal controls Entity identification of key controls Level of available internal controls documentation Peer review of key controls within the registered entity Feedback on controls design processes (are there reviews of the control design from others in the entity) Registered entity s internal review and testing of existing internal controls Frequency of execution Maturity of internal controls (length of time in use)
7 Page 7 of The audit team will use a binary effective/not effective method for assessing internal control implementation effectiveness. 4.8 The initial on-site internal control assessment will be included in the Audit Exit presentation. 4.9 On completion of the on-site audit, the ATL in coordination with the FRCC Risk Assessment and Mitigation (RAM) representative will finalize the assessment The ATL will call the entity and coordinate the method of delivery (face-to-face, WebEx, etc.) of the final Internal Controls assessment 4.11 The ATL will provide a copy of the final Internal Controls assessment to the RAM group for consideration for the entity s next Inherent Risk Assessment. 5.0 Reference Section 5.1 NERC ERO Enterprise Guide for Internal Controls Version 2, September, 2017.
Internal Controls Evaluation (ICE) Processing
Internal Controls Evaluation (ICE) September 28, 2017 RAM-102 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8411 (813) 289-5644 - Phone (813) 289-5646 Fax www.frcc.com Table of Contents Page 3 of
More informationWECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017
WECC Internal Controls Evaluation Process WECC Compliance Oversight Effective date: October 15, 2017 155 North 400 West, Suite 200 Salt Lake City, Utah 84103-1114 WECC Internal Controls Evaluation Process
More informationRisk-Based Compliance Monitoring & Enforcement Oversight Framework. FRCC Spring Compliance Workshop April 14 16, 2015
Risk-Based Compliance Monitoring & Enforcement Oversight Framework FRCC Spring Compliance Workshop April 14 16, 2015 Upcoming Events FRCC is Conducting Individual Outreach NERC CIP Version 5 Workshop &
More information2018 MRO Regional Risk Assessment
MIDWEST RELIABILITY ORGANIZATION 2018 MRO Regional Risk Assessment Ben Lewiski, Risk Assessment and Mitigation Engineer November 28, 2017 Improving RELIABILITY and mitigating RISKS to the Bulk Power System
More informationMulti-Region Registered Entity Coordinated Oversight Program
Multi-Region Registered Entity Coordinated Oversight Program Ken McIntyre, Vice President and Director of Standards and Compliance Compliance Committee Open Meeting February 7, 2018 Coordinated Oversight
More informationPhysical Security Reliability Standard Implementation
Physical Security Reliability Standard Implementation Attachment 4b Action Information Background On March 7, 2014, the Commission issued an order directing NERC to submit for approval, within 90 days,
More informationFRCC Disturbance Monitoring Equipment Outage Reporting
FRCC Disturbance Monitoring Equipment Outage FRCC-RE-OP-004-I Effective Date: May 30, 2018 Version: Inactive 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8410 (813) 289-5644 - Phone (813) 289-5646
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationCyber Security Reliability Standards CIP V5 Transition Guidance:
Cyber Security Reliability Standards CIP V5 Transition Guidance: ERO Compliance and Enforcement Activities during the Transition to the CIP Version 5 Reliability Standards To: Regional Entities and Responsible
More informationNERC Staff Organization Chart Budget 2018
NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More information2017 MRO Performance Areas and an Update on Inherent Risk Assessments
MIDWEST RELIABILITY ORGANIZATION 2017 MRO Performance Areas and an Update on Inherent Risk Assessments Adam Flink, Risk Assessment and Mitigation Engineer November 16, 2016 Improving RELIABILITY and mitigating
More informationNORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION NARUC Energy Regulatory Partnership Program The Public Services Regulatory Commission of Armenia and The Iowa Utilities Board Janet Amick Senior Utility
More informationCritical Infrastructure Protection Version 5
Critical Infrastructure Protection Version 5 Tobias Whitney, Senior CIP Manager, Grid Assurance, NERC Compliance Committee Open Meeting August 9, 2017 Agenda Critical Infrastructure Protection (CIP) Standards
More informationBoard of Trustees Compliance Committee
Board of Trustees Compliance Committee August 13, 2014 10:00 a.m. 11:00 a.m. Pacific The Westin Bayshore 1601 Bayshore Drive Vancouver, BC V6G 2V4 Reliability Assurance Initiative (RAI) Progress Report
More informationNew Brunswick 2018 Annual Implementation Plan Version 1
New Brunswick Energy and Utilities Board Reliability Standards, Compliance and Enforcement Program New Brunswick 2018 Annual Implementation Plan Version 1 December 28, 2017 Table of Contents Version History...
More informationQuébec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan
Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan 2017 Annual Implementation Plan Effective Date: January 1, 2017 Approved by the Régie: December 1, 2016 Table
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate
More informationNERC Staff Organization Chart Budget
NERC Staff Organization Chart 2013 2014 President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Senior Vice President and Chief Operating Officer (Dept. 2100) Senior Vice President General Counsel
More informationGrid Security & NERC
Grid Security & NERC Janet Sena, Senior Vice President, Policy and External Affairs Southern States Energy Board 2017 Associate Members Winter Meeting February 27, 2017 Recent NERC History Energy Policy
More informationCyber Threats? How to Stop?
Cyber Threats? How to Stop? North American Grid Security Standards Jessica Bian, Director of Performance Analysis North American Electric Reliability Corporation AORC CIGRE Technical Meeting, September
More informationNERC Overview and Compliance Update
NERC Overview and Compliance Update Eric Ruskamp Manager, Regulatory Compliance August 17, 2018 1 Agenda NERC Overview History Regulatory Hierarchy Reliability Standards Compliance Enforcement Compliance
More informationNERC Staff Organization Chart Budget 2017
NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel
More informationMisoperations Information Data Analysis System (MIDAS)
Misoperations Information Data Analysis System (MIDAS) End User Guide June 2016 NERC Report Title Report Date I Table of Contents Preface... iii Chapter 1 Reporting Obligations...1 Entities Obligated to
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCyber Security Standards Drafting Team Update
Cyber Security Standards Drafting Team Update Michael Assante, VP & Chief Security Officer North American Electric Reliability Corp. February 3, 2008 Overview About NERC Project Background Proposed Modifications
More informationStandard CIP 007 3a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-3a 3. Purpose: Standard CIP-007-3 requires Responsible Entities to define methods, processes, and procedures for
More informationERO Enterprise Strategic Planning Redesign
ERO Enterprise Strategic Planning Redesign Mark Lauby, Senior Vice President and Chief Reliability Officer Member Representatives Committee Meeting February 10, 2016 Strategic Planning Redesign Current
More informationStandard CIP 005 2a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-2a 3. Purpose: Standard CIP-005-2 requires the identification and protection of the Electronic Security Perimeter(s)
More informationCIP Version 5 Evidence Request User Guide
CIP Version 5 Evidence Request User Guide Version 1.0 December 15, 2015 NERC Report Title Report Date I Table of Contents Preface... iv Introduction... v Purpose... v Evidence Request Flow... v Sampling...
More informationInteractive Remote Access FERC Remote Access Study Compliance Workshop October 27, Eric Weston Compliance Auditor Cyber Security.
Interactive Remote Access Compliance Workshop October 27, 2016 Eric Weston Compliance Auditor Cyber Security 2 Agenda Interactive Remote Access Overview Review of Use Cases and Strategy 1 Interactive Remote
More informationComprehensive Mitigation
Comprehensive Mitigation Jenny Anderson Compliance Engineer - CIP janderson.re@spp.org 501.614.3299 July 25, 2013 Goals and Benefits of Mitigation Mitigation should lessen the risk of unintended consequences
More informationFRCC Disturbance Reporting Processes and Procedures
Page 1 of 13 FRCC Disturbance Reporting Processes and FRCC RE OP 001-3.2 Effective Date: September 29, 2016 Version: 3.2 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8410 (813) 289-5644 - Phone (813)
More informationEEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1,
EEI Fall 2008 Legal Conference Boston, Massachusetts Stephen M. Spina November 1, 2008 www.morganlewis.com Overview Reliability Standards Enforcement Framework Critical Infrastructure Protection (CIP)
More informationGrid Security & NERC. Council of State Governments. Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016
Grid Security & NERC Council of State Governments The Future of American Electricity Policy Academy Janet Sena, Senior Vice President, Policy and External Affairs September 22, 2016 1965 Northeast blackout
More informationCyber Security Incident Report
Cyber Security Incident Report Technical Rationale and Justification for Reliability Standard CIP-008-6 January 2019 NERC Report Title Report Date I Table of Contents Preface... iii Introduction... 1 New
More informationSummary of FERC Order No. 791
Summary of FERC Order No. 791 On November 22, 2013, the Federal Energy Regulatory Commission ( FERC or Commission ) issued Order No. 791 adopting a rule that approved Version 5 of the Critical Infrastructure
More informationLee County Electric Cooperative, Inc.
Lee County Electric Cooperative, Inc. BUILDING A Compliance Program Background A Not-For-Profit Florida Corporation Providing electric service in Southwest Florida since 1940 Five Counties (Lee, Collier,
More informationCompliance Exception and Self-Logging Report Q4 2014
Agenda Item 5 Board of Trustees Compliance Committee Open Session February 11, 2015 Compliance Exception and Self-Logging Report Q4 2014 Action Information Introduction Beginning in November 2013, NERC
More informationStandard CIP 007 4a Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4a 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for
More informationCompliance Enforcement Initiative
Compliance Enforcement Initiative Filing and Status Update November 2, 2011 Rebecca Michael Status of the Filings NERC filed several components of the Compliance Enforcement Initiative on September 30,
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-4 3. Purpose: Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing
More informationRegistered Entity Self-Report and Mitigation Plan User Guide
Registered Entity Self-Report and Mitigation Plan User Guide June 2018 NERC Report Title Report Date I Table of Contents Preface...1 Disclaimer...2 Document Revisions...3 Introduction...4 Chapter 1: Description
More informationStandard CIP-006-3c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3c 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security
More informationCertification Program
Certification Program Ryan Stewart, Manager of Registration, NERC FRCC Reliability Performance Workshop September 20, 2017 Purpose of the Certification Program Rules of Procedure (ROP) Section 500: The
More informationCCC Compliance Guidance Task Force. Patti Metro, Manager, Transmission & Reliability Standards, NRECA Compliance Committee May 4, 2016
CCC Compliance Guidance Task Force Patti Metro, Manager, Transmission & Reliability Standards, NRECA Compliance Committee May 4, 2016 Key CCC Compliance Guidance Task Force Deliverables Developed procedure
More informationImplementation Plan for Version 5 CIP Cyber Security Standards
Implementation Plan for Version 5 CIP Cyber Security Standards April 10September 17, 2012 Note: On September 17, 2012, NERC was alerted that some references in the Initial Performance of Certain Periodic
More informationAppendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S.
Appendix A3 - Northeast Power Coordinating Council (NPCC) 2015 CMEP Implementation Plan for Entities within the U.S. This Appendix contains the CMEP Implementation Plan (IP) for the registered entities
More informationRELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO
RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO June 27, 2016 Training provided for Ontario market participants by the Market Assessment and Compliance Division of the IESO Module 1 A MACD training presentation
More informationStandard CIP Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-1 3. Purpose: Standard CIP-005 requires the identification and protection of the Electronic Security Perimeter(s)
More informationStandard CIP Cyber Security Systems Security Management
A. Introduction 1. Title: Cyber Security Systems Security Management 2. Number: CIP-007-1 3. Purpose: Standard CIP-007 requires Responsible Entities to define methods, processes, and procedures for securing
More informationStandard CIP 005 4a Cyber Security Electronic Security Perimeter(s)
A. Introduction 1. Title: Cyber Security Electronic Security Perimeter(s) 2. Number: CIP-005-4a 3. Purpose: Standard CIP-005-4a requires the identification and protection of the Electronic Security Perimeter(s)
More informationRegistration & Certification Update
Registration & Certification Update Processes, Procedures and Responsibilities September 9, 2011 Topics Purpose and Background Organization Certification New Entity Provisional Certification Change/Expanding
More informationNERC Staff Organization Chart Budget 2019
NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate
More informationAnalysis of CIP-006 and CIP-007 Violations
Electric Reliability Organization (ERO) Compliance Analysis Report Reliability Standard CIP-006 Physical Security of Critical Cyber Assets Reliability Standard CIP-007 Systems Security Management December
More informationReliability Standard Audit Worksheet 1
Reliability Standard Audit Worksheet 1 CIP-012-1 Cyber Security Communications between Control Centers This section to be completed by the Compliance Enforcement Authority. Audit ID: Registered Entity:
More informationTOP-010-1(i) Real-time Reliability Monitoring and Analysis Capabilities
A. Introduction 1. Title: Real-time Reliability Monitoring and Analysis Capabilities 2. Number: TOP-010-1(i) 3. Purpose: Establish requirements for Real-time monitoring and analysis capabilities to support
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationNERC Request for Data or Information: Protection System Misoperation Data Collection August 14, 2014
Request for Data or Information Protection System Misoperation Data Collection August 14, 2014 3353 Peachtree Road NE Suite 600, North Tower Atlanta, GA 30326 404-446-2560 www.nerc.com 1 of 15 Table of
More informationStandard CIP-006-4c Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-4c 3. Purpose: Standard CIP-006-4c is intended to ensure the implementation of a physical security
More informationCompliance: Evidence Requests for Low Impact Requirements
MIDWEST RELIABILITY ORGANIZATION Compliance: Evidence Requests for Low Impact Requirements Jess Syring, CIP Compliance Engineer MRO CIP Low Impact Workshop March 1, 2017 Improving RELIABILITY and mitigating
More informationCritical Cyber Asset Identification Security Management Controls
Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.
More informationDRAFT. Cyber Security Communications between Control Centers. March May Technical Rationale and Justification for Reliability Standard CIP-012-1
DRAFT Cyber Security Communications between Control Centers Technical Rationale and Justification for Reliability Standard CIP-012-1 March May 2018 NERC Report Title Report Date I Table of Contents Preface...
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationNERC Staff Organization Chart
NERC Staff Organization Chart President and CEO Administrative Associate Director to the Office of the CEO Associate Director, Member Relations and MRC Secretary Senior Vice President and Chief Reliability
More informationSecure Development Lifecycle
Secure Development Lifecycle Strengthening Cisco Products The Cisco Secure Development Lifecycle (SDL) is a repeatable and measurable process designed to increase Cisco product resiliency and trustworthiness.
More informationProject Retirement of Reliability Standard Requirements
Project 2013-02 Retirement of Reliability Standard Requirements Unofficial Comment Form for Paragraph 81 (P81) Project Retirement of Reliability Standard Requirements This form is provided in a Word format
More informationStandard Development Timeline
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard is adopted by the NERC Board of Trustees (Board).
More informationStandard CIP Cyber Security Physical Security
A. Introduction 1. Title: Cyber Security Physical Security of Critical Cyber Assets 2. Number: CIP-006-3 3. Purpose: Standard CIP-006-3 is intended to ensure the implementation of a physical security program
More informationIT Audit Process Prof. Liang Yao Week Six IT Audit Planning
Week Six IT Audit Planning IT Audit Planning Process Institute of Internal Audit Standards - Section 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities
More informationNERC Staff Organization Chart 2015 Budget
NERC Staff Organization Chart President and CEO (Dept. 2100) Executive Assistant (Dept. 2100) Associate Director, Member Relations and MRC Secretary (Dept. 2100) Senior Vice President and Chief Reliability
More information2017 ERO Enterprise Compliance Monitoring and Enforcement Implementation Plan
2017 ERO Enterprise Compliance Monitoring and Enforcement Implementation Plan Version 2.4 March 2017 NERC Report Title Report Date I Table of Contents Revision History... iv Preface... v Introduction...1
More informationStandard CIP 004 3a Cyber Security Personnel and Training
A. Introduction 1. Title: Cyber Security Personnel & Training 2. Number: CIP-004-3a 3. Purpose: Standard CIP-004-3 requires that personnel having authorized cyber or authorized unescorted physical access
More informationProject Physical Security Directives Mapping Document
Document Background In Order No. 802 (final order on CIP-014-1 Physical Security), issued on November 20, 2014, FERC directed NERC to remove the term widespread from Reliability Standard CIP-014-1 or,
More informationViolation Risk Factor and Violation Severity Level Justifications Project Modifications to CIP Standards
Violation Risk Factor and Violation Severity Level Justifications Project 2016-02 Modifications to CIP Standards This document provides the standard drafting team s (SDT s) justification for assignment
More informationStandard CIP Cyber Security Security Management Controls
A. Introduction 1. Title: Cyber Security Security Management Controls 2. Number: CIP-003-4 3. Purpose: Standard CIP-003-4 requires that Responsible Entities have minimum security management controls in
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationStandard CIP Cyber Security Incident Reporting and Response Planning
A. Introduction 1. Title: Cyber Security Incident Reporting and Response Planning 2. Number: CIP-008-4 3. Purpose: Standard CIP-008-4 ensures the identification, classification, response, and reporting
More informationCIP Cyber Security Physical Security of BES Cyber Systems
A. Introduction 1. Title: Cyber Security Physical Security of BES Cyber Systems 2. Number: CIP-006-5 3. Purpose: To manage physical access to BES Cyber Systems by specifying a physical security plan in
More informationNB Appendix CIP NB-0 - Cyber Security Recovery Plans for BES Cyber Systems
This appendix establishes modifications to the FERC approved NERC standard CIP-009-6 for its specific application in New Brunswick. This appendix must be read with CIP-009-6 to determine a full understanding
More informationDisclaimer Executive Summary Introduction Overall Application of Attachment Generation Transmission...
CIP-002-4 Cyber Security Critical Cyber Asset Identification Rationale and Implementation Reference Document September, 2010 Table of Contents TABLE OF CONTENts Disclaimer... 3 Executive Summary... 4 Introduction...
More informationNERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM September 6, 2013
NERC Management Response to the Questions of the NERC Board of Trustees on Reliability Standard COM-003-1 September 6, 2013 At the August 14-15, 2013 meeting of the Board of Trustees ( Board ) of the North
More informationCIP-014. JEA Compliance Approach. FRCC Fall Compliance Workshop Presenter Daniel Mishra
CIP-014 JEA Compliance Approach FRCC Fall Compliance Workshop Presenter Daniel Mishra Acronyms & Terminologies DHS Department of Homeland Security JEA It s not an acronym JSO Jacksonville Sheriff's Office
More informationComment Form Revised FRCC Regional Reliability Standard Development Process Document (FRCC-RE-STD-001)
Please use this form to submit comments on Version 1 of the FRCC Regional Reliability Standard Development. Comments must be submitted by February 9, 2016. You must submit the completed form by emailing
More informationThis section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective.
Standard Development Timeline This section is maintained by the drafting team during the development of the standard and will be removed when the standard becomes effective. Description of Current Draft
More informationERO Compliance Enforcement Authority Staff Training
ERO Compliance Enforcement Authority Staff Training Vision Comprehensive ERO CEA staff training program that promotes high quality and consistency in the conduct of audits The methods to accomplish the
More informationBERGRIVIER MUNICIPALITY
BERGRIVIER MUNICIPALITY PATCH MANAGEMENT POLICY APRIL 2012 C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Patch Management Policy.docx/cmd 1 CONTENTS Version Control.. Document History.
More informationGridEx IV Initial Lessons Learned and Resilience Initiatives
GridEx IV Initial Lessons Learned and Resilience Initiatives LeRoy T. Bunyon, MBA, CBCP Sr. Lead Analyst, Business Continuity 2017 GridEx IV GridEx is a NERC-sponsored, North American grid resilience exercise
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationBryan Carr PMP, CISA Compliance Auditor Cyber Security. Audit Evidence & Attachment G CIP 101 Salt Lake City, UT September 25, 2013
Bryan Carr PMP, CISA Compliance Auditor Cyber Security Audit Evidence & Attachment G CIP 101 Salt Lake City, UT September 25, 2013 About Me Joined WECC in August 2012 Before WECC CIP Compliance Program
More informationFERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC
: ERO Performance and Initiatives June 4, 2015 Chairman Bay, Commissioners, and fellow panelists, I appreciate the opportunity to address the topics identified for the third panel of today s important
More informationTexas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13
Texas Reliability Entity, Inc. Strategic Plan for 2017 TEXAS RE STRATEGIC PLAN FOR 2017 PAGE 1 OF 13 I. Vision A highly reliable and secure bulk power system in the Electric Reliability Council of Texas
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationBetter Practice Elements for Audit Preparation
Better Practice Elements for Audit Preparation David Cerasoli, CISSP Manager, CIP Audits John Muir Director, Compliance Monitoring 3/23/2018 1 This presentation will cover the major milestones of an audit,
More informationEPICK your GRC platform MAIN REFERENCES. EPICK REFERENCES EN Pag. 1/6
MAIN REFERENCES EPICK REFERENCES EN Pag. 1/6 FOREWORD This document illustrates some of the most significant past performances regarding the use of the EPICK platform and the associated expert consulting
More informationInternal Controls Evaluation (ICE) Tony Eddleman, P.E. NERC Compliance Manager Nebraska Public Power District
Internal Controls Evaluation (ICE) Tony Eddleman, P.E. NERC Compliance Manager Nebraska Public Power District 2 Topics NPPD Overview Reliability Controls NPPD Internal Control Evaluation (ICE) Sample Controls
More informationConsideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015
Federal Energy Regulatory Commission Order No. 791 January 23, 2015 67 and 76 67. For the reasons discussed below, the Commission concludes that the identify, assess, and correct language, as currently
More informationInformation System Security. Nguyen Ho Minh Duc, M.Sc
Information System Security Nguyen Ho Minh Duc, M.Sc 2 Lecture 04 AUDITING, TESTING AND MONITORING Topics What security auditing and analysis are How to define your audit plan What auditing benchmarks
More informationNovember 9, Revisions to the Violation Risk Factors for Reliability Standards IRO and TOP
!! November 9, 2016 VIA ELECTRONIC FILING Jim Crone Director, Energy Division Manitoba Innovation, Energy and Mines 1200-155 Carlton Street Winnipeg MB R3C 3H8 RE: Revisions to the Violation Risk Factors
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More information