Guide for Planning a Successful Preparation of the NERC CIP Evidence Request Tool (ERT)
Cybersecurity regulations in the energy industry create a constantly evolving challenge to efficiently monitor, manage, and report on compliance activities. The NERC CIP Evidence Request Tool (ERT) is an effort to bring structure to the documentation of data and evidence for the benefit of both registered entities and regulators.
Since reliability standard audit worksheets (RSAWs) can’t provide the level of CIP Reliability compliance detail needed, the CIP Evidence Request Tool (ERT) is available for use by all Regions. Standardizing on the data requested and how it is presented streamlines the efforts of both Registered Entities and auditors.
Without the proper preparation, the ERT will be a challenging and time-consuming exercise of hunting for data and evidence, extracting it from the source, and transposing it into expected format for the ERT.
However, with some advanced planning, entities can leverage techniques and software that will make ERT reporting much easier, as well as improve the overall quality of cybersecurity programs.
In this guide:
- An overview of the CIP Evidence Request Tool (ERT)
- Utilizing software for the management of data in alignment with NERC CIP ERT regulations
- The importance of process automation technology to create a consolidated perspective of data and evidence
- Best practices for the centralization of CIP-related data
- How automation simplifies NERC CIP reporting