“PG&E was extremely impressed with the whole process and support from AssurX. They were open and honest from day one and demonstrated exactly what we were looking for.”

pg&e-135x133

AssurX Delivers Compliance & Control for a Constantly Changing Energy & Utilities Landscape

It’s no secret that businesses are facing increased pressure in the energy and utilities industry. In addition to more complex operations and tougher competition, there’s more enforcement, bigger fines and a higher, constantly shifting bar for compliance. Avoiding blackouts and ensuring the reliability of the power system is also mission critical for today’s regulated electric, nuclear and other power entities.  Failure to meet key federal (NERC/FERC) and regional regulations can mean significant financial and even criminal penalties. In some cases, fines can reach $1 million per day.  Companies must organize, track and coordinate a gauntlet of corporate and compliance challenges—from asset management, to maintenance and ensuring cyber security system-wide.  AssurX provides an end-to-end, automated NERC compliance software solution that expands seamlessly to address all industry regulations.  One enterprise-wide, flexible system consistently manages operations, identifies risks, and demonstrates compliance across all critical operations.

Ensure compliance, manage risks and better govern your enterprise in one reliable system.

Track, Report and Document Compliance

Manage Enterprise Risk

Manage NERC / FERC, Security and Regional Standards Including BES Cyber Security (CIP) Management and PRC and Maintenance Management

Automated Import / Update of Standards

Prepare / Perform Self-Assessments & Certifications

Perform Internal Audits

Develop / Manage Mitigation Plans and Corrective Actions

Integrate Automated Document and Training Management

Gain Live, Global Oversight with Management Dashboards and Reports

ASSURX_INFOGRAPHIC_E&U_M

“We’re finding new ways to use the tool all the time to manage compliance activities. The system has grown with us to help in ways we hadn’t even imagined.”

Alyeska-pipeline-logo-350x170

Compliance-Central Enterprise Management Software for Energy & Utilities

AssurX is a highly versatile software platform that links and organizes compliance and risk data with schedules; tasks and activities; and compliance requirements and evidence, from every area of an organization. It automatically tracks and communicates about activities and coordinates efforts between groups. Using AssurX, you’re always in control of activities and data; you know immediately when an issue that could impact compliance arises; and the appropriate staff shares the information needed to quickly evaluate, prioritize and resolve problems. AssurX software is easiest on the market to deploy, configure, use, and modify. Mapping precisely to your real-world operations, the software creates an electronic workflow and history of tasks, alerts, escalations and approvals that can be automated to the level you prefer. Dashboards with intelligent trending and analytics make it easy to identify and control risk exposure, avoid noncompliance problems, and improve business operations.

FEATURES

AssurX delivers central control and improved compliance and business performance:

Integrated

Creates an integrated approach to compliance and business operations with a single source of information so you KNOW all requirements are being met, all risks are being managed, and resources are properly prioritized.

PROACTIVE COMPLIANCE

Proactively identifies compliance gaps or rising risks and sends alerts to initiate quick remediation, avoiding fines, negative publicity and legal actions associated with compliance failure.

Centralized

Creates a central repository for data, history, and compliance evidence, enabling quicker and more thorough response to investigations, inquiries, and audits.

Visibility

Provides central oversight while allowing each group / division / entity to efficiently manage their own local activities, making compliance and business operations consistent and manageable—even for the most complex, multi-entity organizations.

FLEXIBILITY

Built for changing business and regulatory landscapes. Quickly incorporate changes in requirements and standards, directives, or process improvements. AssurX reduces the cost of staying current and increases business competitiveness.

Visibility

Delivers at-a-glance status of compliance and business operations with management dashboards. Track real-time metrics, and identify trends.

KEY FUNCTIONALITY

One reliable platform delivers every solution you need to consistently maintain and demonstrate compliance, identify risks and prioritize and track activities across your enterprise.

“Alyeska personnel are now able to hit deadlines, monitor assignments and better communicate. Better still, performance metrics have been raised to 99% of all Management Actions and Commitments completed in a timely manner, an order of magnitude improvement.”

Alyeska-pipeline-logo-350x170

Regulatory Compliance Management

Automate to consistently track, measure and demonstrate compliance for an array of requirements (federal, state, regional or local)—from simple annual policy reviews, to asset management, and ensuring cyber security in a single versatile system. The software is pre-loaded with NERC standards and requirements. Easily initiate and monitor compliance and mitigation plans, assign tasks to document rationale for each requirement and close any discovered compliance gaps. Evidentiary documentation is compiled and reporting tasks are scheduled and tracked to ensure every regulatory deadline is met. Perform self-reporting, inquiries and audits with the click of a button. A system of automatic escalation, notices and reminders keep the process moving and prevents compliance gaps and tasks from falling through the cracks. Powerful built-in analytics/reporting and dashboards give a detailed real-time view into compliance status and trends. The system includes ready-to-use automated compliance solutions for:

  • NERC RELIABILITY COMPLIANCE AND STANDARD MANAGEMENT
  • ASSESSMENT-CERTIFICATIONS
  • RECURRING & REPORTED EVIDENCE MANAGEMENT
  • PRC SYSTEM MAINTENANCE
  • CIP SYSTEM & ACCESS MANAGEMENT

“AssurX offered a solution that would meet our need to maintain and demonstrate NERC compliance with many changing requirements and assist us in achieving our continuous improvement goals into the future.”

velco-logo

NERC Reliability Compliance

Automatically coordinate, track and assess activities to ensure compliance, maintain reliability and meet stringent NERC standards. The software is pre-loaded with NERC standards and requirements. Responsibility for requirements, gap analyses, compliance/mitigation plans and tasks are assigned, monitored and documented in a central repository. Perform internal balloting and surveys with the click of a button. Monitor real-time progress and see status details instantly with management dashboards. Remain ready for regional NERC audits. Evidentiary documentation, compliance rationale and applicable policies and procedures are linked to each requirement and are always instantly accessible. Easily manage changing compliance needs. The system quickly absorbs new/revised standards, notifications, codes of conduct (federal, state, regional or local), and changes in internal procedures, practices or organization. Get instant, detailed understanding of “compliance status” and identify and manage risks at-a-glance with graphical management dashboards. The system easily scales to securely manage compliance for a single department or across multi-entity organizations.

View the NERC Reliability Standards Update Service Brochure

NERC Reliability Standards Update Service

The easiest way to stay current, this AssurX service monitors the NERC website for new or revised reliability standards, then parses the information, including PDFs and RSAWs (Reliability Standard Audit Worksheets), into AssurX-ready form so your system can be brought up to date in minutes. Customers receive e-notification and the ability automatically update/import everything needed to keep current. Reduces the burden of tracking and identifying newly posted NERC standards and RSAW documents on the NERC website. Automatically import NERC Standard, Requirement, Measures and Compliance Level records data, RSAWs and standard PDFs.

“It makes my life a lot easier and the end users are loving it!”

Portland-GE-logo

Assessment-Certification Management

Perform self-assessments and automate meeting NERC and regional self-certification requirements for registered entities. Master Schedules are created to set and manage assessment-certification tasks by standard and entity. Schedule activities for single or multiple standards, entities or regions across any desired time span. Automatically assign gap analysis tasks based on functional responsibilities, measure activities for compliance, and keep track of certification reviews and regional filings for each standard. Monitor progress and see status details instantly with management dashboards. Keeps all assessment-certification related tasks on schedule with automated escalation and notification integrated with email. Master Schedules keep track of tasks, events and submission deadlines in an organized fashion.

“The system’s flexibility allows us to configure it to meet our company-specific processes and workflows and it has strong reporting and data drill down capabilities for both users and managers.”

first-energy-logo-500x121

Recurring Evidence Management

Schedule and track internal evidence collection on a periodic basis. Set schedule frequency (weekly, monthly, quarterly, yearly, etc) to collect evidence to meet one or more requirements. The system automatically assigns collection tasks and collected evidence (or confirmation that no evidence is required) is linked to applicable regulatory requirement(s). The software sends alerts as tasks become due, and notifies supervisors of late tasks and review requests.

“AssurX continues to be a strong software system used to maintain compliance with less effort, allowing our workforce to focus more of its attention on reliability and system security.”

velco-logo

Reported Evidence Management

Schedule and track evidence collection and document required periodic regulatory report submittals. Set schedule frequency (weekly, monthly, quarterly, yearly, etc) to collect evidence to meet one or more requirements. The system automatically assigns collection tasks and collected evidence is linked to applicable regulatory requirement(s). The software sends notification as tasks are due, alerts supervisors of late tasks and review requests, and documents regulatory submissions.

“What I love as a ‘non-technical’ administrator of the system is how easy it is to make changes to the AssurX product. It’s very configurable.”

Portland-GE-logo

PRC System Maintenance Compliance

Provides a single hub for NERC PRC standards compliance by gathering data related to physical devices and assets affecting the BES—such as work orders, maintenance activities, test results and supporting evidentiary documentation—from across the organization and delivering real-time status of compliance. Dashboards visually indicate the state of PRC compliance status for all devices and assets across the utility while automated alerts and notifications to supervisors expose trends towards non-compliance well before it occurs. The system also maintains a complete, audit-ready history of all devices, issues, and actions taken to maintain control and compliance. Maintains all required PRC/Maintenance records and makes them accessible with the click of a button. Automated alerts and notifications warn staff before compliance lapses occur.

Download the CIP System Management Brochure

CIP System Management

Stay on top of compliance with NERC Bulk Electric System (BES) Critical Infrastructure Protection (CIP) standards for Version 5 and beyond. Manage configuration and changes for high, medium and low impact BES cyber systems and cyber assets. The software links the Physical Security Perimeter (PSP) and Electronic Security Perimeter (ESP) to each associated cyber system. Manage baseline configuration of cyber devices and automatically maintain a complete device inventory. Meet minimum requirements for evidence sufficiency for CIP assets and report historical changes to an asset over the asset’s lifecycle. The system provides a single aggregated view of all organizational and regulatory related cyber assets with their appropriate classifications. Schedule, monitor, and send alerts on time-based compliance requirement deadlines.

Download the CIP Access Management Brochure

CIP Access Management

Grant, modify or revoke individual access to cyber systems using role based security and permissions that meet NERC Bulk Electric System (BES) Critical Infrastructure Protection (CIP) standards. The software automatically sends notifications when a CIP access is changed or revoked, creates a comprehensive revision history of all access records, and generates access reports and metrics for managers. Grant, modify, or revoke user access to one or many systems and/or security perimeters at a time. Make multiple access changes at a time, and give approvals/rejections by line item. Document managed user access by personnel risk assessment and CIP training dates.

“With the industry heading towards an internal controls focus, AssurX offers the ability to successfully meet the new expectations of auditors.”

velco-logo

Enterprise Risk Management

Assess and manage enterprise risk to ensure reliability, meet regulatory/compliance objectives, and drive operational excellence. Monitor and track risk related activities, and perform evaluations of financial, operational, and compliance impact. Determine risks for small and large projects, as well as state, FERC or NERC regulatory requirements. The software calculates probability, assigns priorities, and links risks to appropriate internal controls. Real-time graphical dashboards deliver risk and activity status, threat heat maps and detailed metrics for trending and analysis. The system seamlessly integrates with corrective action software to automatically launch and track the resolution of any issues—preventing avoidable threats and reducing overall risks. Risk parameters such as significance, likelihood, control, etc., can be flexibly defined for any activity. An automated system of notices and escalation alerts appropriate personnel of rising threats before they become problems.

Download the Audit Management Brochure

Audit Management

Manage internal quality and compliance audits end-to-end. Audits are conducted after being planned and scheduled, findings are classified and follow-up activities assigned to managers. When all follow-up actions are addressed, a final report is issued and routed for closure—all in a closed-loop workflow. Automatically log audit findings, manage responses, and launch corrective actions. Reports and dashboards provide live data for instant status and metrics. Automatic task assignment, escalation and notifications to keep audits efficient and ensure important activities and issues are being properly handled. Fully integrated with other quality management processes such as CAPA, compliance tracking and change management, etc.

“If you’re looking to manage your compliance activities, or need a corrective action management system, I would not hesitate recommending AssurX.”

first-energy-logo-500x121

Corrective And Preventive Actions Management

Detect, correct and prevent recurrence of regulatory violations, cyber incidents, equipment and test failures, procedural lapses, and more with a closed-loop corrective action tracking system that automates and streamlines the entire CAPA process. Issues initiated from any department are investigated, root causes identified, corrective/preventive actions planned and implemented across operations, and then evaluated for effectiveness. An automated alert system instantly notifies the proper personnel when a current or potential problem is identified. Set up checklists that assign corrective action tasks to specific personnel with deadlines and automatic follow-up that reports directly to supervisors. Fosters a “culture of compliance” through a corrective action process that extends across operations from incident identification through disposition and root cause analysis. Dashboards with live metrics let you see at-a-glance what current or potential compliance or operational issues you may have. Fully integrates with other AssurX solutions such as risk management, compliance management, Internal Controls, etc.

“We’re using AssurX for a number of compliance processes. It’s exciting because our end users—even outside of the Compliance Department—are coming up with ideas on their own for new ways to use the system and they’re loving it.”

Portland-GE-logo

Training Management

Ensure employees and contractors are up to date on training, and properly qualified to perform work at all times. Easily identify, assign and maintain unique training requirements and courses/materials for each employee or contractor. The software tracks training tasks, sends users notification of upcoming and late training, and escalates any issues to supervisors. It creates a permanent record and audit trail of personnel qualifications, training requirements, and histories, and other regulatory compliance obligations in one database. Simple-to-use dashboards deliver fast access for administrators and a user-friendly way for trainees to access their assignments, materials, and to register for training. Paired with AssurX Document Management (or other document control software), the system automatically assigns training and notifies appropriate staff as each new or revised document is ready. Seamlessly integrates with other AssurX applications such as CAPA or Compliance Management, so training can be automatically launched for events happening across operations.

“The flexibility of AssurX software allows us to leverage it to support VELCO’s growing tracking & compliance needs.”

velco-logo

Document Management

Creates a central library where key documents are stored, and manages the entire document lifecycle including change requests; redlining; approval routing; release; notification and training. Easily organize documents into groups/categories for quick search and recall, using familiar folder views. Access is controlled so that only those personnel who are allowed to view a given document can do so. Provides a central repository for key policies, procedures, instructions or any other documents. Used with the Compliance Management solution, it links specific documents to each requirement for fast, easy reference. Makes documents quickly accessible to prepare for, and during, audits. Paired with AssurX Training Management (or other learning management software), the system automatically assigns training tasks and notifies staff as each new or revised document is ready.

AssurX OnDemand Solutions

Learn How AssurX Works

View the Energy & Utilities Brochure

Request a Live Demo