Electric companies face a variety of security and compliance challenges. In 2006, the Northern American Electric Reliability Council (NERC) developed eight new mandatory critical infrastructure protection (CIP) standards to protect the nation’s power system against potential disruptions from cyber security breaches. Today, electric companies are being audited and can be fined as much as a $1 million a day for non compliance. In addition, many electric companies are also required to comply with COBIT, ISO and SOX.
TraceSecurity’s solution for the Electric sector helps you meet specific regulatory challenges from NERC CIP and others. We help you demonstrate compliance to security policies, guidelines and best practices. At the same time, we help protect the personal financial information of your customers and ensure the integrity of your data.
The new CIP standards, CIP-002 through CIP-009, have been in development since July 2003. They address the need to protect the computer infrastructure supporting the continuous, secure operation of the Bulk Electric System in North America. Responsible entities must begin implementing these standards by the end of second quarter 2007 and complete implementation by demonstrating compliance to an auditor by the end of second quarter 2010.
A complete list of NERC's new CIP standards and the requirements on when to implement them can be found on NERC's Web site at www.nerc.com.
