Itegriti logo

We Secure Critical Infrastructure™

Inc 5000
Itegriti logo

We Secure Critical Infrastructure™

Cybersecurity  +  Compliance  +  Managed Services

How an electric utility deployed experienced and trusted resources to complete key projects on their To-Do Lists and Get Stuff Done (GSD)2023-08-17T02:54:31+00:00
Loading...

Client:

A Fortune 150 utility with electric and natural gas operations that serve over nine million customers.

Solution:

Originally contracted to assess the audit readiness of their newly completed NERC CIP program, the ITEGRITI team was repeatedly asked to address a wide variety of projects and challenges over many years because of our ability to GSD.

We worked with our client to design an approach to assessing these projects:

  • Obtaining a prioritized list of projects.
  • Developing clarity on scope, objectives, and deliverables.
  • Performing discovery, reporting observations and feasibility, estimating effort and timeline.
  • Providing weekly status reports to monitor progress, barriers, budget, and timeline.
  • Performing a “Check and Adjust” with stakeholders at key milestones.
  • Training and transitioning process and responsibility to client teams.

Results:

Our client stated they received tremendous benefit from working with ITEGRITI’s experienced and trusted resources that consistently deliver high-quality results.  Some of the joint team successes include:

  • Development and facilitation of GSD workshops where teams from across departments discussed control design, process (including handoffs), and identified efficiency opportunities. This resulted in improved security and auditability.
  • Identification of multiple improvement recommendations across their recently designed NERC CIP program. Collaborated with teams to implement recommendations, including the standardization of procedures across business areas.
  • Assistance in the design and deployment of an Organizational Change Management program to support enterprise awareness, training, and adoption of security and compliance programs. Provided role specific training to remote vendors and contractors across their entire footprint.
  • Development and performance of assessments using a compliance validation process for newly constructed high impact control centers.
  • Design of a Risk and Controls Matrix (RCM) and risk-based internal assessment process informed by stated risk levels (e.g., VRF), past performance issues, industry concerns, new or changed requirements, and technology or environment changes.
  • CIP Standard lead and proud member of the team that delivered multiple successful audits.
  • Design and implementation of a Jira-based Kanban board to manage activities for their IT/OT compliance team.
  • Continued assistance in the interpretation and design of NERC CIP and TSA SD02 programs, utilization of lessons learned and best practices from NERC CIP, and leveraging of enterprise tools and procedures wherever possible.

Conclusion:

“Michael and the ITEGRITI team has partnered with us to advance and mature our cyber security capabilities across the technology that operates our critical energy infrastructure, in the midst of an evolving regulatory environment and threat landscape. ITEGRITI seamlessly integrated into our team, providing valuable industry expertise and practical solutions to imbed these new capabilities into the way we work at Duke Energy. Fantastic insights, tangible results. Thank you for the partnership!”

Talk to an expert today

Related Case Studies

How an electric utility deployed experienced and trusted resources to complete key projects on their To-Do Lists and Get Stuff Done (GSD)

By |August 15th, 2023|

Client: A Fortune 150 utility with electric and natural gas operations that serve over nine million customers. Solution: Originally contracted to assess the audit readiness [...]

Comments Off on How an electric utility deployed experienced and trusted resources to complete key projects on their To-Do Lists and Get Stuff Done (GSD)

How an innovative electric power producer is reducing compliance burden through process improvements, efficiencies, and automation

By |August 14th, 2023|

Client: Our client operates ~80 power plants across the United States and protects thousands of cyber assets.  Like many other entities required to comply with [...]

Comments Off on How an innovative electric power producer is reducing compliance burden through process improvements, efficiencies, and automation
Go to Top