CIP Compliance: Reducing Your Risk

Deck: 

How utilities can navigate critical infrastructure protection requirements.

Fortnightly Magazine - May 2007
This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.

Operations personnel at many energy companies feel the pressure of achieving compliance with the North American Electric Reliability Council (NERC) Critical Infrastructure Protection (CIP) standards. Some worry that they are not aware of the problems and security incidents that have occurred within their critical infrastructures. Some know that they do not have the procedures in place to maintain CIP compliance. In many cases, significant system and procedural changes to their operational environment may be required—changes that may be extremely time- and resource-intensive to establish.

What most organizations may not realize is that their IT departments already have a head start on the process through a widely accepted approach to IT service management called the Information Technology Infrastructure Library (ITIL). By using the ITIL framework, companies may be able to achieve and maintain CIP compliance in a much simpler manner than if they did not use any established framework.

With regulatory deadlines looming, the challenge is to recognize synergies between ITIL and CIP and to begin the implementation process.

This full article is only accessible by current license holders. Please login to view the full content.
Don't have a license yet? Click here to sign up for Public Utilities Fortnightly, and gain access to the entire Fortnightly article database online.