As North American Electric Reliability Corp. (NERC) Critical Infrastructure Protection (CIP) enforcement deadlines and audit dates loom—notably, CIP-003-6 in April 2017, which addresses the development and implementation of cyber security policies, procedures, processes and plans—each “responsible entity” faces the daunting task of ensuring compliance and maintaining evidence of that compliance.
Transparency is critical: Compliance teams must not only meet deadlines but also ensure that their efforts are auditable. This requires considerable attention to organizing, maintaining, and revising evidence