Purpose of a Gap Analysis
CRSI is your go-to resource for a Gap Analysis. While gap analyses and mock audits are similar in nature, a Gap Analysis provides an entity the ability to present its compliance program in a pressure-free environment. CRSI understands this stipulation and works with entities to present their findings and plan through informal question and answer sessions, SME presentations, policy and program review, and an evidence review. Additionally, CRSI’s goal in providing its gap analysis services is to bolster our client’s confidence with it’s compliance program.
Companies that must adhere to NERC Reliability Standards often are in need of a third-party review of aspects of their internal compliance program to identify strengths and weaknesses. In order for electric utilities to fully prepare themselves and to avoid being caught unawares during a self-certification, a spot check, or an audit, it is highly recommended that each utility undergo a Gap Analysis so that there is ample time for the practice of evidence gathering and submission, Subject Matter Expert (SME) interviews, and general company-wide preparation.
A Gap Analysis can take place anywhere from 12 to 18 months before the actual audit and offers the entity the platform to present evidence of its internal compliance program and defend its compliance actions pertaining to the NERC Standards.Read More
To prepare your entity with the best tools necessary for a Gap Analysis, CRSI works alongside you to:
- Gather and prepare evidence – ensure the evidence per Standard is correct, relevant, and easily accessible for the auditor’s study
- Recommend revisions to policies and procedures – creates a stronger compliance position
- Study and enhance RSAWs – narratives are succinct and clear in how the entity maintains its compliance
- Coach SMEs – SMEs are adept in their field and can readily prove their entity’s compliance without hesitation
Additional services that CRSI offers that can further prepare the client for a Compliance Monitoring and Enforcement Program (CMEP) compliance action include:
CRSI strategically partnered with more than 250 electric utilities in the last five (5) years for their NERC CIP Compliance Solutions. To find out more about how to create your Security Compliance Roadmap, call us today to schedule a free, no obligation consultation.