AlertEnterprise FERC Standards of Conduct Compliance Automation Solution

Overview

Utilities today are struggling to keep up with the demands for regulatory compliance. With fines skyrocketing and audits getting more invasive, organizations are trying to sort out the needs of de-regulation, avoid engaging in restrictive trade practices and staying abreast of best practices to remain in compliance. FERC Order 717 (A-C) mandates independent functioning rules that require the transmission and marketing functions to operate independently of each other. This rule requires that Transmission and Distribution operators not only separate logical access to operational systems, but also enforce separation of physical access to assets and facilities. This poses a huge challenge for power companies as they must now bridge the gap between functions that exist in different organizations. The manual processes put into place to address this cannot scale and are not adequate to ensure the protection.

AlertEnterprise Delivers a Security Convergence Solution for FERC Standards of Conduct

The AlertEnterprise FERC Standards of Conduct Compliance Solution delivers enterprise-level access management that extends from IT applications into physical security. Additionally AlertEnterprise monitors employees who have access to Power Generation, SCADA, protective relay and substation assets.

AlertEnterprise monitors and enforces preventive and detective controls to eliminate FERC SoC compliance violations. Built-in workflow, notification and evidence gathering provides consolidated management of compliance for all IT assets, physical access and training requirements. AlertEnterprise is seamlessly integrated with ERP applications like SAP and Oracle. Human Resources (HR) management systems are linked in as well as the physical access badge systems to automatically enforce both system access restrictions as well as physical lockouts.

Inherent in the solution is audit readiness and support provided through built-in periodic access review procedures. AlertEnterprise validates FERC SoC controls by providing for automated periodic reviews of all relevant access and training requirements.

Significantly streamline the audit process by creating a single system of record for FERC SoC compliance AlertEnterprise goes one step further and enables security, risk and compliance professionals within the organization to not only detect and identify compliance violations, but to remediate them in real time. This unique capability to remove physical access to systems and facilities with a single click, or invoke mitigating controls like additional video surveillance or proximity tracking is a result of a capability known as Active Policy Enforcement. Compliance combined with Active Policy Enforcement that extends across IT security, Physical Security and Industrial Controls is the only way to ensure true security.

AlertEnterprise delivers a complete command and control dashboard to effectively address the critical areas of NERC CIP compliance. The Solution incorporates effective controls and security protocols to help automate compliance and improve efficiency. AlertEnterprise enhances security while ensuring compliance by expanding to cover Critical Assets, Security Management, Controls, Personnel and Training, Electronic Security Perimeter, Physical Security of CAs, System Security Management, Incident Response Management, and Recovery Planning.

Solution Features

• Consolidate and manage FERC SoC  compliance requirements
• Document specific policies and controls that address FERC SoC compliance requirements
• Actively enforce of FERC SoC compliance policies
• Automate the assessment and classification of Marketing and Transmission employees
• Monitor granting of physical and logical access by privileged users
• Automate scheduling and management of FERC SoC compliance tasks
• Automate assessments, schedules, approval workflows and evidence collection
  
  

Benefits

• Automate the complete compliance, assessment and evidence collection process
• AlertEnterprise complements existing infrastructure and compliance solutions
• Lowers compliances costs through management of physical access control system, applications and data
• Reduced audit preparation time and cost by utilizing our solution as a “single system of record” for reportable compliance activities.
• Integrated solution that combines enforcement of physical and logical access