It’s Time To Check Your CIP-009 Mandated Business Continuity Plan
It’s probably time to revisit your Business Continuity Plan(s) required under CIP-009.
Why? Because you’ve got less than a week until most facilities deemed to be Critical Assets have to be auditably compliant with the NERC CIP rules.
Around the country, natural disasters and man-made incidents and attacks have directly disrupted business operations across the power and utility industries. Having a definitive plan and response technique is essential to remain viable, especially in today’s rough economic climate.
Good continuity planning is vital to any critical industry. However, a rise in service interruptions due to natural disasters and other activities has underscored the need for business continuity plan development and maintenance. Even if you have completed your planning, you may want to revisit your plan one last time before you self-certify your compliance. One of the major areas that is not being addressed in most Business Continuity Plans are topics that were not of any significant concern until very recently, such as terrorist activities, Aurora events and surviving a pandemic flu.
We’ve talked with several regional auditors recently, and they suggest that the regions are looking for registered entities to directly address these areas in the Business Continuity Plans. Several registered entities have recently suffered monetary fines for failure to include these areas in their plans.
Our discussions with the regional auditors also suggest that roughly 70% of the Business Continuity Plans that were reviewed were not deemed adequate. Unfortunately, this suggests that registered entities are not carefully planning their strategies or they do not have a firm grasp of what is required for a comprehensive plan. Either way, the regional auditors are not going to be so forgiving next year as registered entities begin to certify that they are compliant.
As you wrap up 2010 and prepare for the new regulatory world in 2011, it’s time to review your plan again or have a specialist in this area review it and make the necessary modifications so that you are truly auditably compliant.
James Holler is founder of Abidance Consulting.