NERC Reliability Compliance

Automatically coordinate, track and assess activities to ensure compliance, maintain reliability and meet stringent NERC and Regional standards. The software is pre-loaded with NERC standards and requirements. Responsibility for requirements, analyses, compliance/mitigation plans and tasks are assigned, monitored and documented in a central repository. Monitor real-time progress and see status details instantly with management dashboards. Remain ready for regional NERC audits. Evidence, compliance narrative and applicable policies and procedures are linked to each requirement and are always instantly accessible. Easily manage changing compliance needs. The system quickly absorbs new/revised standards, notifications, and changes in internal procedures, practices or organization. Get instant, detailed understanding of “compliance status” and identify and manage risks at-a-glance with graphical management dashboards. The system easily scales to securely manage compliance for a single department or across multi-entity organizations.

Assessment-Certification Management

Assessing compliance can be a challenging task; with AssurX the complex activities are made simple. Choose the scope of the activities ranging from focused assessment of a single requirement to full certification and filing of all applicable standards. Select one or more standards/requirements, identify the region and registered entity, choose to focus on compliance by function, location, department, or business unit, whatever granularity your entity needs at that time, across any desired time span.

Monitor progress and see status details instantly with management dashboards. Keeps all assessment-certification related tasks on schedule with automated notification and escalation integrated with email.

Significantly reduce time invested in completing RSAW documentation using AssurX’s automated RSAW feature with auto-population of RSAW template and single-click download of an evidence package for a standard using the reviewed/approved content.

Evidence Management

Schedule and track evidence collection on a periodic basis for internal evidence collection or for required periodic report submittals. Set schedule frequency (weekly, monthly, quarterly, yearly, etc.) to collect evidence to meet one or more requirements. The system automatically assigns collection tasks and collected evidence is linked to applicable regulatory requirement(s). The software sends notification as tasks are due, alerts supervisors of late tasks and review requests, and documents regulatory submissions.

Internal Controls

Develop internal controls to prevent, detect, and correct issues. Associate controls to regulations for tracking activities and evidence by regulation. Assess the effectiveness of the controls at scheduled intervals. Perform control tests in multiple environments and assign to multiple assignees and approvers.

PRC System Maintenance Compliance

Provides a single hub for NERC PRC standards compliance by gathering data related to physical devices and assets affecting the BES—such as work orders, maintenance activities, test results and supporting evidentiary documentation—from across the organization and delivering real-time status of compliance. Dashboards visually indicate the state of PRC compliance status for all devices and assets across the utility while automated alerts and notifications to supervisors expose trends towards non-compliance well before it occurs. The system maintains a complete, audit-ready history of all devices, issues, and actions taken to maintain control and compliance. Retains all required PRC/Maintenance records and makes them accessible with the click of a button. Automated alerts and notifications warn staff before compliance lapses occur.

Patch Management

Stay on top of cybersecurity efforts with AssurX’s Patch Management solution. Begin with an asset repository for IT and OT assets maintained in AssurX or in an external system. Perform asset classification per CIP-002 with a decision tree questionnaire that guides the user through the assessment and then reassess the classification periodically or whenever relevant changes occur. Maintain asset baseline including information on software, firmware, patches and open ports. For each patch cycle or as needed, assign patch source review tasks for known software/firmware or seamlessly integrate with a patch discovery service. Create and monitor mitigation plans for patches that cannot be installed within the required timeframe. Assign and track patch installation tasks including verification/testing activities or integrate with an asset management software. Dashboards provide up-to-date status, access to relevant data, show compliance and more, to ensure nothing is overlooked.

CIP Access Management

Manage CIP Access Change Requests for granting, modifying, or revoking user access to one or more systems and/or security perimeters. Monitor user personnel risk assessment and CIP training dates. Change requests include justification for access and necessary approvals. Track access provisioning tasks through completion. Results in a comprehensive revision history of all access records, and generates access reports and metrics for managers.

Enterprise Risk Management

Assess and manage enterprise risk to ensure reliability, meet regulatory/compliance objectives, and drive operational excellence. Monitor and track risk related activities, and perform evaluations of financial, operational, and compliance impact. Determine risks for small and large projects, as well as state, FERC or NERC regulatory requirements. The software calculates probability, assigns priorities, and links risks to appropriate internal controls. Real-time graphical dashboards deliver risk and activity status, threat heat maps and detailed metrics for trending and analysis. The system seamlessly integrates with corrective action software to automatically launch and track the resolution of any issues—preventing avoidable threats and reducing overall risks. Risk parameters such as significance, likelihood, control, etc., can be flexibly defined for any activity. An automated system of notices and escalation alerts appropriate personnel of rising threats before they become problems.

Audit Management

Manage internal quality and compliance audits end-to-end. Audits are conducted after being planned and scheduled, findings are classified and follow-up activities assigned to managers. When all follow-up actions are addressed, a final report is issued and routed for closure—all in a closed-loop workflow. Automatically log audit findings, manage responses, and launch corrective actions. Reports and dashboards provide live data for instant status and metrics. Automatic task assignment, escalation and notifications to keep audits efficient and ensure important activities and issues are being properly handled. Fully integrated with other quality management processes such as CAPA, compliance tracking and change management, etc.

Corrective And Preventive Actions Management

Detect, correct and prevent recurrence of regulatory violations, cyber incidents, equipment and test failures, procedural lapses, and more with a closed-loop corrective action tracking system that automates and streamlines the entire CAPA process. Issues initiated from any department are investigated, root causes identified, corrective/preventive actions planned and implemented across operations, and then evaluated for effectiveness. An automated alert system instantly notifies the proper personnel when a current or potential problem is identified. Set up checklists that assign corrective action tasks to specific personnel with deadlines and automatic follow-up that reports directly to supervisors. Fosters a “culture of compliance” through a corrective action process that extends across operations from incident identification through disposition and root cause analysis. Dashboards with live metrics let you see at-a-glance what current or potential compliance or operational issues you may have. Fully integrates with other AssurX solutions such as risk management, compliance management, Internal Controls, etc.

Training Management

Ensure employees and contractors are up to date on training, and properly qualified to perform work at all times. Easily identify, assign and maintain unique training requirements and courses/materials for each employee or contractor. The software tracks training tasks, sends users notification of upcoming and late training, and escalates any issues to supervisors. It creates a permanent record and audit trail of personnel qualifications, training requirements, and histories, and other regulatory compliance obligations in one database. Simple-to-use dashboards deliver fast access for administrators and a user-friendly way for trainees to access their assignments, materials, and to register for training. Paired with AssurX Document Management (or other document control software), the system automatically assigns training and notifies appropriate staff as each new or revised document is ready. Seamlessly integrates with other AssurX applications such as CAPA or Compliance Management, so training can be automatically launched for events happening across operations.

Document Management

Creates a central library where key documents are stored, and manages the entire document lifecycle including change requests; redlining; approval routing; release; notification and training. Easily organize documents into groups/categories for quick search and recall, using familiar folder views. Access is controlled so that only those personnel who are allowed to view a given document can do so. Provides a central repository for key policies, procedures, instructions or any other documents. Used with the Compliance Management solution, it links specific documents to each requirement for fast, easy reference. Makes documents quickly accessible to prepare for, and during, audits. Paired with AssurX Training Management (or other learning management software), the system automatically assigns training tasks and notifies staff as each new or revised document is ready.