A large investor-owned generation and transmission entity in WECC wanted their internal controls locked and loaded before their next audit. Plus, CIP-013 was on the horizon. NST led both projects simultaneously.
NST began work in 2020 and worked closely on capturing and developing the entity’s Internal Controls. The work consisted of documentation review, SME and leadership interviews, workbook creation, and several rounds of reviews by staff designated as owners of each CIP Standard. The final deliverable was a multi-tabbed workbook that captured all of the entity’s required and internal controls. The entity used this deliverable to show advancement on aspects of their previous audit, including those areas specifically called out as recommendations from WECC. The deliverable can also be used to assist SMEs during a live audit to show how the CIP Standards and Requirements are being met.
Concurrent to this engagement, NST was retained to lead the completion of a re-write of the entire Supply Chain Risk Management Plan. NST performed a readiness review of the supply chain plans, processes, procedures and related evidence created for CIP-005-6, CIP-010-3, and CIP-013-1, then identified compliance gaps and potential risks, and finally fulfilled the role of Project Manager to ensure processes and documents were appropriately revised to meet the compliance requirements. Most importantly, NST worked across multiple business units to ensure the supply chain processes and documentation aligned with the client’s overall compliance and corporate (Procurement, Legal, Cyber Security) policies. This led to the discovery of opportunities for procedural/technical automation and enterprise scalability of processes which were then implemented by both NST and the client.