Skip to content

Menu Smart Grid Solutions | Utilities Management Services

In-depth experience, NERC CIP and security credentials

Grid Security is much more of a continuing process than a singular event, as evidenced by the evolution of the NERC CIP standards and the plethora of threats and risks facing the cyber assets of any utility.

BRIDGE NERC CIP consultants have unsurpassed backgrounds in OT and IT systems, in addition to NERC CIP and security credentials.  This in-depth experience allows us to operate across traditional organizational boundaries, quickly comprehend your needs, build achievable NERC CIP Compliance plans, and provide support for implementations.  Working with your compliance and cybersecurity leadership team, BRIDGE will establish strategies and roadmap plans, which are efficient, clear and effective for building sustainable solutions.  Implementation activities are supported through tactical placement of individuals with specific OT and IT NERC CIP skills or strategic placement of complete solution teams with full PMO support.

Projects & Implementation, Vendor Management.

NERC CIP Program Strategy Development and Execution

The loss or short disruptions in electric services can compromise the health, safety and productivity of individuals and businesses throughout a region. Recognizing the magnitude of such a disruption, the U.S. Federal government has sought to harden the utility infrastructure through the enactment of NERC CIP regulatory policy, which mandates compliance to a set of operational standards.

BRIDGE NERC CIP consultants will help guide a utility organization through the development of a NERC CIP program that is realistic, achievable, and effective by:

  • Analyzing organizational policy, process and procedure support of compliance
  • Creating a phased roadmap to achieve compliance with changes in regulations
  • Performing BES Cyber Asset/System classification
  • Establishing internal compliance review processes and schedules
  • Creating quarterly reporting processes and content
  • Documenting evidentiary criteria and artifacts


Schedule a Conversation

Projects & Implementation, Quality Assurance.

NERC CIP Health Check and Audit Support

The intent of the Health Check process is to ensure compliance and validate the organizational processes supporting continued compliance. Given the evolving nature of the NERC CIP standards the resulting recommendations and remediation actions can sometimes be far-reaching, costly and stressful to any organization. Our proven Health Check process provides accuracy, efficiency, and comprehensive alignment of recommendations with key business and technical stakeholders.

BRIDGE OT/IT NERC CIP consultants prepare a utility organization for NERC audit by:

  • Performing a Health Check of existing Compliance Plans, Policies, and Processes with utility staff to identify missing or erroneous content and provide recommendations for key elements.
  • Executing a Mock Audit of the organization or subarea as a dry run prior to a formal audit.
  • Providing SME Witness Support through development and training of witness responses prior to an audit.
  • Guiding the utility’s SMEs through the monitoring, control, operation, and reliability process with a consistent framework so they can respond appropriately during an audit.

Schedule a Conversation

Work & Asset Management, Asset Reliability.

NERC CIP v5 Asset Classification and Policy/Procedure Implementation

CIP v5 leverages the Bright Line Criteria from v4 for the definition of in-scope assets and cyber assets and characterizes them as “Bulk Electric System (BES) Cyber Systems.”  This generally leads to a much larger scope of assets, requiring a much deeper level of analysis of systems and their interactions/processes.  The v5 asset classification process and supporting policies and procedures determine the costs, risks, and timeframes involved in meeting V5 compliance.

BRIDGE NERC CIP consultants will guide a utility organization through the critical process of BES Cyber Asset and BES Cyber System classification by:

  • Characterizing the assets/systems used for monitoring, control or operation of the BES by evaluating the full utility asset inventory and documenting the features, configuration and purpose of each
  • Categorizing BES Assets and Systems through a detailed, facilitated workshop-style review with utility operations experts as to the monitoring, operations or control functions performed and overall reliability impact
  • Documenting and reporting on Inventory for the BES Cyber Assets and BES Cyber Systems with the defined Impact Ratings in accordance with CIP-002-5
  • Documenting the discussion and decisions of the utility’s technical experts that can be used as a knowledge base and evidence for audits

Schedule a Conversation

Schedule a Conversation

Type the characters you see in the picture: