Clients look to us because of our hands-on resources, insight, and a successful track record of providing data and regulatory compliance solutions for the North American energy sector.
Our team provides utilities with audit-proven, experienced regulatory professionals that have relationships with current regional auditors to provide feedback and ensure compliance. With PFES, you are able to stay ahead of the changing compliance landscape.
THE SOLUTION PROCESS
NERC CIP Compliance
PFES provides NERC CIP consulting services by utilizing industry-leading professionals. Our NERC CIP consultants have years of experience within ICS/OT environments, professional credentials, and audit knowledge to provide industry best-in-class services.
NERC CIP Program Development
Our Subject Matter Experts will work with support personnel to develop processes to meet compliance demands. To ensure that compliance is sustainable, PFES' SMEs will build a resource plan to identify where time and energy should be focused to maintain a strong compliance program.
NERC CIP Gap Analysis
Our Gap Assessments will identify potential problem areas in your compliance program allowing you to identify gaps and avoid potential areas of non-compliance. Our Gap Assessments are scalable, allowing for the review of single or multiple requirement areas and internal controls evaluations. PFES provides expert mitigation recommendations that will aid in the fostering of solid compliance program performance.
NERC CIP Audit Preparation
Audits are intimidating, yet a necessary measure of success for a compliance program. Preparing for an audit can place a heavy burden on support staff. PFES can alleviate that burden by preparing your RSAWs, validating evidence, and educating your Subject Matter Experts for a positive audit outcome.
NERC CIP Mock Audit
PFES' Mock Audit services can prepare you for a real audit with a regional entity. We are able to simulate the stress of an actual audit to gauge your company’s preparedness. Mock audits are an important tool for audit preparation and give a valuable experience for regulatory compliance and Subject Matter Expert staff.
Physical Security Assessments
Security assessments of your organization’s facilities are critical to evaluate existing physical security programs and safeguard your people and assets. PFES' Subject Matter Experts have years of experience in ICS/OT environments and expertise in the latest technologies to implement solutions and access controls without impacting production.
Compliance Frameworks: NERC CIP-006, NERC CIP-014, FERC D2SI, NRC, NIST 800-82, NIST 800-53, ONG-C2M2
NERC CIP Supply Chain Risk Management
Effective Oct.1 2020, CIP-013 addresses Supply Chain Risk Management. The purpose of this requirement is to mitigate cybersecurity risks and potential threats to the reliable operation of the Bulk Electric System (BES) through the implementation of security controls for supply chain risk management of BES Cyber Systems. PFES' Cybersecurity services can assess your CIP-013 program, identify areas of concern, and provide recommendations to build and sustain a robust Supply Chain Risk Management Program.
NERC CIP Vulnerability Assessment
PFES can meet your annual CIP-010 R3 Cyber Vulnerability Assessments (CVA). Our Subject Matter Experts can perform both paper and active vulnerability assessments without impact to your production environment due to our extensive industry experience within ICS/OT networks. Our CVA offerings are scalable to meet minimum CVA requirements or provide a deeper dive into your Industrial Controls Systems (ICS). PFES will provide mitigation plans to meet both regulatory compliance needs and industry best practices for ICS environments.
FERC Security Program for Hydropower Projects
We have experienced professionals to perform cybersecurity assessments of hydro facilities to address both Division of Dam Safety and Inspections (D2SI) and NERC CIP compliance requirements. PFES provides services for assessing programs, performing remediation to improve your existing program, and aiding you in completing your annual checklist.