Cybersecurity regulations in the energy industry create a constantly evolving challenge to efficiently monitor, manage, and report on compliance activities. The NERC CIP Evidence Request Tool (ERT) is an effort to bring structure to the documentation of data and evidence for the benefit of both registered entities and regulators.
Since reliability standard audit worksheets (RSAWs) can’t provide the level of CIP Reliability compliance detail needed, the CIP Evidence Request Tool (ERT) is available for use by all Regions. Standardizing on the data requested and how it is presented streamlines the efforts of both Registered Entities and auditors.
Without the proper preparation, the ERT will be a challenging and time-consuming exercise of hunting for data and evidence, extracting it from the source, and transposing it into expected format for the ERT.
However, with some advanced planning, entities can leverage techniques and software that will make ERT reporting much easier, as well as improve the overall quality of cybersecurity programs.
In this guide: