THE BIG IDEA INTRODUCING… NERC COMPLIANCE SIMPLIFICATION “ MAKE
7 Slides5.84 MB
THE BIG IDEA INTRODUCING NERC COMPLIANCE SIMPLIFICATION “ MAKE EVERYTHING AS SIMPLE AS POSSIBLE, BUT NO SIMPLER ALBERT EINSTEIN
WHY SIMPLIFY? 1 COMPLIANCE CATEGORY 11 COMPLIANCE STANDARDS 30 REQUIREMENTS 200 SUB-REQUIREMENTS 150 COMPLIANCE TASKS NERC CIP 100 EVIDENCE TYPES 1000 EVIDENCE DOCUMENTS COLLECTED SCHEDULING, OVERSIGHT, TRANSPARENCY COMPLEXITY IS TO HIGH!
THE COST OF COMPLEXITY 20% 30% 5% Mitigation Plans 5% Compliance Findings 5% 20% 5% Scheduling Nightmares 10% OPPORTUNITY
THE SOLUTION SIMPLIFY Evidence Management SIMPLIFY Compliance SIMPLIFY Success 39 Internal Controls Human-Readable Folders Orchestrates Compliance Program Maintenance Standards as MetaData Culture of Compliance Covers Sub Managed Evidence Collection Step 1 Step 2 Requirements Step 3 Step 4 Compliance Step Maturity SIMPLIFY User Experience SIMPLIFY Management Common Task Design Simple Task Structure Reinforce Compliance Rules Recurring Control Schedules Built-in Control Reports Notifications 5
THE BENEFITS OF SIMPLICITY 10% 3% 1% Continuous Human Resource Drain 10% 3% 1% 72% Scheduling Nightmares Lack of Visibility Compliance Firefighting Compliance Findings Mitigation Plans Audit Failure Everything Else SIMPLIFY TO SUCCEED
THE COMPLIANCE PROBLEM 11 Standards 1000 Documents Security Training 39 Req. PRAs Cyber Security Functions NERC CIP 100 Evidence Types 206 SubReq. Ports and Services CIP Internal Controls Compliance Compliance Checklists Checklists Electronic Security Physical Security 150 Tasks Prebuilt Prebuilt workflow workflow ESPs Recurring Recurring Scheduling Scheduling Program Simplification Evidence Simplification Pre-mapped Pre-mapped Compliance Compliance Roles Roles HumanHumanReadable Readable Folders Folders Standards Standards map map to to Folders Folders as as metadata metadata Evidence Evidence Inherits Inherits Folder Folder Standards Standards Standards Standards prepreloaded/ loaded/ mapped mapped to to Folders Folders CIP CIP Compliance Compliance Coordinator Coordinator Group Group Simple, Simple, consistent consistent User User Experience Experience Protected Protected Information Information Built-in Built-in Streamlined Streamlined Deployment Deployment
