5 Steps to Using Change Management for Compliance in Energy Sector (NERC CIP)

03/11/2014 by: The SunView Team

NERC-CIP Energy Sector Compliance

Energy companies are facing a wave of new challenges as smart grid solutions gain prominence across the sector. The transition to the smart grid has led to many changes across the entire energy sector, with utility organizations and energy providers facing the brunt of new challenges. Smart grid solutions completely revolutionize utility operations. Organizations using the technology become more dependent on data, customer-facing applications and IT infrastructure than they have been in the past.

Transitioning to an IT-focused operational model can be incredibly challenging, especially in industries like energy where operating technologies are so prominent. Regulatory compliance, in this case NERC CIP compliance, is particularly challenging in the sector. Utility companies can use change management platforms to overcome some of these challenges. Following these steps will help energy providers get started down the path of better compliance:

1. Find a Scalable Service Desk Solution
Utility providers are often operating with a limited budget. At the same time, the pace of innovation create by the smart grid will likely continue to escalate over an extended period. This means that, on one hand, utility providers cannot afford to overspend on an overly complex service management suite. On the other hand, however, energy companies need to be ready to expand operations for the future. A scalable, high-value service desk is a key first step to better change management.

2. Establish a Change Management Module
Incident, problem, release and change management modules are all important for utility companies. Such solutions enable IT teams to handle a wide range of service requests. Change management platforms, however, are an especially important part of the service desk because the move toward smart grid systems is creating significant demand for change. Furthermore, change management modules ease the regulatory burden placed on utilities by creating a built-in auditing trail.

3. Implement Basic Process Automation
Change management platforms are capable of supporting some process automation. Implementing this aspect of the change management platform is vital for utility providers that want to ensure regulatory compliance. Automation is a prime compliance enabler because the basic scripting solutions used to streamline day-to-day operations inherently create an audit trail. The times when a machine performs operations or the software makes a decision are all documented and trackable. Furthermore, this sets a framework for automatically recording user operations, ensuring there is a clear audit trail in place with minimal documentation from users.

Click me

4. Train Your Staff
Human error is a major roadblock to regulatory compliance success, and efforts to use technology to improve compliance depend on training staff to handle operations effectively. Just introducing new technological tools into the environment is not going to solve all of a utility organization's problems. Instead, energy companies need to get their workers on board with change management plans and ensure they understand the limitations put in place by NERC CIP regulatory standards.

5. Self Audit
At this point, you have a flexible service desk and a good change management platform. You also are automating processes and have trained your employees. The time has come to self audit your environment and do what you can to assess your compliance to NERC CIP standards. This process is critical because you don't want to be left having an official auditor come in, only to tell you that you've forgotten some small, but critical, detail.

Smart grid solutions are forcing utility providers to handle more data and become much more dependent on IT operations. This results in new security challenges and a heightened awareness of regulatory compliance in the sector. A good change management platform is a critical compliance tool because there are so many devices and end users involved in an energy provider's configuration.

|