RSAWs – From Preparation to Submission
CRSI understands that it is very easy to dismiss the importance of RSAWs and submit a sub-par RSAW to the Regional Entity. During the preparation for a NERC audit (CIP or 693), many entities are focused on evidence gathering, self-reports, and documentation tasks. The RSAW itself is not necessarily a compliance document, but serves as more of a roadmap of an entity’s compliance program.
CRSI has been involved in numerous audits throughout all eight (8) NERC Regions and has assisted multiple entities with audit preparations, including RSAW drafting and revisions. CRSI urges entities to spend more time on updating and creating RSAWs as these documents are the first to be reviewed by the audit teams. These documents have the ability to set the tone for an upcoming audit as well as additional data requests. A good RSAW can result in a much easier, more efficient NERC audit.
Our personnel have been involved in all stages of RSAW completion including: development, review, revisions, and submission. With the robust, complex NERC compliance programs in today’s compliance environment, it can be very difficult to track down all appropriate documents that need to be referenced within RSAWs. It is a best practice to keep RSAWs updated every time there is a modification to a NERC policy, program, process, procedure, or evidence artifact.
Without this practice, RSAWs tend to become outdated and no longer accurately depict the compliance posture created by an organization’s NERC compliance program. CRSI reviews all documentation related to the applicable requirements from the perspective of an audit team when first viewing the documents. Having a fresh-look approach, CRSI personnel can identify gaps that have the potential to highlight problem areas or require additional information. CRSI’s goal of RSAW creation is to produce a complete, accurate narrative supported by appropriate documentation to convince the auditors that the entity exceeds the applicable NERC Requirements and encourages the audit team to request very little or no further information.
CRSI strategically partnered with more than 250 electric utilities in the last five (5) years for their NERC CIP Compliance Solutions. To find out more about how to create your Security Compliance Roadmap, call us today to schedule a free, no obligation consultation.