“Westar Energy purchased the CRSI NERC CIP Compliance Guide as a supplemental tool for our Compliance team and subject matter experts in preparation for our spring 2012 NERC CIP Audit. The Guide Book provides a one-stop reference to many aspects of NERC CIP compliance including NERC’s FAQ’s, potential auditor questions, expected documentation and evidence, problem areas, and best practices. The Compliance and SME Testimony Tips within the Guide Book provides valuable information used to coach the subject matter experts in their interaction with the Audit team. I highly recommend the CRSI NERC CIP Compliance Guide to CIP compliance personnel and subject matter experts.”
Eric R. Ervin, CISSP
Manager, NERC CIP
Westar Energy
“While we were initially leery of the price tag, CRSI’s NERC Compliance Guidebook is well worth the money. It has a clean and easy-to-follow layout. We especially like the Frequently Asked Questions, Best Practices, and questions that an Auditor might ask. We started using it immediately after receiving it and are already providing additional books to other Subject Matter Experts, such as our Director of Operations and Director of Engineering. As we have been working to revamp our CIP Compliance Program, this guidebook serves as an excellent resource and reference book to help us in this process.”
Rick Twigg
Chief Information Officer
Vermont Electric Power Company
“There has been an overwhelming response from those that have seen the Guide, and everyone that has seen it has asked when they can get a copy of their own. We wish we could have had a copy of this Guide when we first embarked on our Compliance program. We would not have struggled so much with trying to get the program off the ground.
What we have found in using CRSI is that with multiple prominent groups involved in the CIP program, we are rarely ever able to agree on what to do to be compliant. The value of CRSI and this Guide is that it quickly helps to identify who is right. This is a huge time saver because when we are debating things internally, we now have an excellent and well-organized resource to go to. We now consider this an expert in-house resource that we can readily go to for advice.”
Large Investor-Owned Utility
Confidential
“I strongly recommend CRSI’s NERC CIP Compliance Guide to peers responsible for compliance with the CIP standards. It is exceptionally well done and can be used as a reference to validate various aspects of a current CIP compliance program or as a problem solving tool to work through CIP compliance issues. Its use in preparing for a CIP audit will be great benefit to those organizations using it.
The Guide is laid out in a useful format with tabs for each CIP standard, applicable Appendices and other related sections. The consistent formatting for each CIP standard section, highlighting each requirement and drilling down into the various sub-requirements helps the reader quickly locate desired references. While the base price for the Guide may seem high at first, the value provided quickly offsets the price. Many hours of expensive external consulting can be precluded by utilizing the detailed knowledge documented in the Guide. We purchased a copy for each of our operating affiliates subject to the CIP standards to aid in their CIP compliance efforts.”
Robert Hoopes
Senior Director of FERC / NERC Compliance
PPL Corporation
“Dynegy hired CRSI to perform a CIP-002-4 Assessment largely based on positive references from other companies we interact with. CRSI lived up to their reputation by performing an outstanding job. They knew exactly what they wanted to do and did it.”
Dan Roethemeyer
Director - Electric System Operations and Compliance
Dynegy Inc.
“The selection of Corporate Risk Solutions, Inc. (CRSI) for a comprehensive security assessment and upgrade at multiple sites was an outstanding success for Kansas City Power & Light Company.
The project involved a variety of sites including substations, generating facilities, control centers, service centers and corporate headquarters. CRSI defined the assessment process, the project design, timelines, budgets and contractor and subcontractor selection criteria. CRSI also provided highly effective project oversight for the construction portion of the upgrades and comprehensive training to optimize the use of new security equipment.
CRSI proved to be exceptionally well qualified in the areas of project management and client communications with regular updates on project status. The expertise CRSI applied to this project resulted in the completion of this complex project on time and within budget.
I have no hesitation in recommending CRSI for similar projects.”
Larry Dolci, JD
Director Resource Protection, Retired
Kansas City Power & Light
“I found CRSI’s intimate knowledge of the electric industry, thorough understanding of the NERC CIP requirements, and professional cyber security expertise to be invaluable in performing an annual cyber vulnerability assessment that resulted in a set of deliverables directly addressing the associated CIP requirements.”
Larry Craddock
Senior Network Security Coordinator
Western Farmers Electric Cooperative
“Both Philip Sobol and Susan Tibbs were excellent in the role and expertise and it showed very well to both the SMEs and the management team. They both provided the full audit experience as well as insights on how to ensure the layer of compliance was thick enough to be above reproach. They also provided great coaching and had the necessary experience to back up what they taught. (On-Site NERC CIP Audit and SME Testimony Training Program)
Electric Utility Within NPCC Region
Company Name Undisclosed Due to Confidentiality Restrictions
“An independent mock audit of CIP compliance is an essential step in preparing for a CIP audit. Most companies just don’t have the independent technical expertise in house to perform an adequately thorough review. We also don’t have experience on how CIP audits will actually be conducted, and they are different than other on-site audits in the depth of review.
CRSI had both the technical expertise and actual audit experience to perform a realistic mock audit for us. They provided valuable insights which allowed us to avoid potential violations due to incomplete evidence, and identified the need to self report an issue. Both of those alone likely saved the company more than the cost of the service (without even considering the possible negative effects investor perceptions of violations). Additionally every single employee involved in the mock audit felt that it helped better prepare them and give them more confidence to present to auditors. This was important because confidence and command of material by the subject matter experts is also a key factor in achieving good audit results. I highly recommend using CRSI to conduct a mock audit, several months before an actual audit. In my experience the benefit far outweighs the cost.”
Henry Stevens
Manager, Reliability Compliance; FERC Policy & Compliance Development
FirstEnergy
“Corporate Risk gave our subject matter experts an excellent introduction to what they will experience in a real audit, which we anticipate will smooth the audit process significantly. They are extremely knowledgeable, and highly professional.” (Mock Audit)
“It has been our experience that having a knowledgeable consultant available during an audit is of considerable value in responding to the many, sometimes unexpected, questions and concerns raised by an audit team. Scott was a tremendous asset to us during our recent CIP audit. Because I couldn’t be in the room with my SME’s the whole time, it was great to have someone knowledgeable on the standards and the audit process to be there with them. Scott also helped formulate some rough drafts of responses for the auditors which significantly decreased the amount of time it took for me to complete these. I would strongly recommend this service offered by CRSI to any utility undergoing a NERC Audit.” (NERC Audit Assistance)
Virginia Cook
Director, Electric Compliance
JEA
“… After using Corporate Risk Solutions, Inc. (CRSI) for the past few years, we have come to appreciate the quality and dedication that is portrayed by your consultants. I have recommended CRSI to others knowing CRSI will deliver the same quality services.”
William H. Sanders, Jr.
Law Firm Partner
Sanders Conkright and Warren
“When Corporate Risk Solutions began developing a security awareness-training program for OGE, I never imagined the impact it would have on our organization. As a result of the training, the security department experienced an increase in the number of suspicious activity reports, demonstrating a greater vigilance by our members concerning the company’s security and their own personal safety.”
Tom Hoskins
Corporate Security Manager
OGE Energy Corporation
“I have found everyone at Corporate Risk Solutions to be extremely knowledgeable and easy to work with. Their help has been invaluable in developing and implementing sound security strategies for OGE. By working with Corporate Risk Solutions for several key projects, my own security knowledge has broadened immensely.”
Chris Bell
OGE Energy Corporation
“… I can truly state that you will never find a more professional, knowledgeable, responsive, capable, and driven group of consultants anywhere. Corporate Risk Solutions’ tremendous commitment to their customers’ excellence truly defines the term ‘Strategic Partnership’.”
John Breckenridge, CPP
Senior Manager of Corporate Security for Kansas City Power & Light; Former Director of Corporate Security & Chief Security Officer for Aquila, Inc.
“CRSI performed an onsite gap analysis of PPL’s CIP compliance program in advance of the required compliance date of 12/31/09. Consultants Mike Tibbs and Phil Sobol provided outstanding consulting service in a highly professional manner. They worked extremely well with the various PPL Subject Matter Experts and Counsel staff, patiently answering many questions and educating the staff on various CIP issues. Their knowledge and understanding of the CIP standards and related industry implementation issues enabled them to guide PPL in improving our CIP implementation strategies and our evidence of compliance to the many CIP requirements.
CRSI provided a detailed report of the gap analysis, providing PPL the opportunity to review the draft report and provide comments, prior to finalizing the report. CRSI also separately provided written responses to numerous written observations documented by Counsel and internal auditing during the course of the gap analysis. This was an unexpected benefit and was very helpful in addressing these internal comments. PPL is highly satisfied with the results of this CIP gap analysis and with the conduct and professionalism of the CRSI staff.”
Robert Hoopes
Senior Director of FERC / NERC Compliance
PPL Corporation
“Corporate Risk Solutions is not simply a service provider; rather their team of consultants creates a strategic alliance for mutual success, providing clients and business associates with a professional, holistic, commitment to excellence that makes all the difference.”
Michael Sikora
Executive Vice President
Bukaty Companies Property and Casualty
