32. What are FERC and NERC, why are information security policies and procedures so important, and do you offer comprehensive I.T. security documentation?

FERC and NERC Cyber Security | Growing Threats Facing North America

FERC is the Federal Energy Regulatory Commission, a US federal agency with broad oversight and jurisdiction over the energy sector as a whole. As for NERC – the North American Electric Reliability Corporation – it’s an organization charged with reliability standards, enforcement and compliance, assessment, infrastructure security, training, certification, and numerous other initiatives. They’re “joined at the hip”, so to speak in that NERC is the electric reliability organization (ERO) certified by the Federal Energy Regulatory Commission to establish and enforce reliability standards for the bulk power system within the United States.

In late September, 2012, FERC announced the creation of the new Office of Energy Infrastructure Security (OEIS), that provides, according to ferc.gov, leadership, expertise and assistance in identifying, communicating and seeking comprehensive solutions for any potential risks to FERC-jurisdictional facilities from cyber-attacks and related threats. The formation of this office is yet just another example of how the federal Critical Infrastructure Protection (CIP) initiatives are continuing to unfold throughout North America.

FERC and NERC and the Importance of Security Policies 

As for the North American Electric Reliability Corporation (NERC), it has in place a well-known and comprehensive cyber security program known as the NERC Critical Infrastructure Protection (CIP) standard. The NERC CIP program outlines broad and expansive requirements for ensuring the safety and security of critical infrastructure assets for electrical utilities and all related and associated entities. As for FERC, especially the NERC CIP standards – or any other cybersecurity initiatives – it’s important to note that a large part of compliance with any stated standard or framework is always dependent upon documented operational and information security policies and procedures.

From the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2 to NERC CIP – just to name a select few – a large and ever-growing number of documented policies, procedures, and processes need to be in place. Security awareness training, incident response handling, change management, access rights – the list goes on and on – but the message is very clear – policies and procedures are a vital fabric of any of the numerous – and growing - cybersecurity initiatives.

Hundreds of Operational and Information Security Policies and More

Trust the nationally recognized cyber security experts at FLANK and the FLANK21 set of operational, business specific, and information security policies, procedures –and more – for helping with essential compliance documentation needs. With hundreds of templates included, organizations are sure to find useful material that’s been professionally developed and authored by leading security and technology experts.