Risk Management and NERC Compliance

The more I look at NERC Compliance the more I see the need for Risk Management. The rationale for this statement is based on the reality for most utilities – they are compliant but have minimal program oversight and almost no Risk analysis. This is a big problem and right now there is no get-out-of-jail-free-card. Stated another way, the vast …

CIP Low

CIP Low: Compliance Program Guide This book is focused on protecting Low Impact only BES assets, and their associated BES Cyber Systems & Cyber Assets. Based on NERC CIP Standards CIP-002-5.1a and CIP-003-6, with relevant consideration for pending versions CIP-003-7 and CIP-003-TCA, the steps and actions needed to ensure NERC CIP compliance are laid out here in plain English. So …

Protecting Critical Infrastructure

Protecting Critical Infrastructure: A Guide to Critical Infrastructure Protection Based on the North American Electric Reliability Corporation Critical Infrastructure Protection Standards – Now Available! This book presents the approach to critical infrastructure protection taken by the North American Electric Reliability Corporation’s CIP Standards. These standards apply to the electric industry, and serve to protect our bulk electric grid from compromise …

Process Driven Compliance – Protecting the Grid

Recently I have been discussing how process thinking and process technology can be used to produce more effective and proactive compliance controls. In particular, I have been doing a lot of work around NERC compliance – the regulations for the Electric Utility Industry. NERC compliance includes cyber security (CIP – Critical Infrastructure Protection) and operational compliance, often referred to as …

Process Driven Compliance Controls

An interesting take on process is the role it can play in compliance. Internal compliance controls traditionally look to either enforce policies or monitor for compliance issues. While this approach has merits, it has several characteristics that fall short of the goals of the organization. First, the “process” portion of compliance controls often remains disconnected from the work people perform …

The New Frontier of Process Management

The latest BIG THING worth sharing is a remarkable evolution in process management – what I call “real-time process orchestration at the edge.” It’s big, really big, and companies that desire to remain relevant and successful need to pay attention. The concept is really the practical application of what I have being talking about for a long time – the …

The True Cost and Time of a Process

The time and cost of a process usually defaults to analysis that stems from time study practices of the past. In the good (bad?) old days, Industrial Engineers would flock to the manufacturing floor with funky looking clipboards crowned with stop watches. They would patiently observe the activities of workers, clicking away on their stop watches, timing each activity down …

Value Creation

There are many measures we can use to determine a process’s value. Cost and time are quantitative (are they really? – I will discuss this in my next blog) measures frequently used. Quality can certainly be a quantitative (production defects, returns, rework) measure but with knowledge worker products traditional production measures don’t have the same meaning; for example, what are …

Qualitative versus Quantitative Process Analysis

Assessment of processes and potential improvements can be done from a quantitative perspective or a qualitative perspective. Most process improvement methods are designed on quantitative assessments though many have adopted some qualitative assessment over time. An example of this is Six Sigma, which began as a purely quantitative approach to improvement but has adopted certain qualitative aspects such as Voice …

A Brave New Frontier – Process from the Perspective of the Human Experience

BPM should always seek to eliminate waste by paring processes down to just those activities that create value or meet a requirement of doing business. I am comfortable in stating that for all human-centric business processes improvement activities should eliminate things. Specifically: non-value added things. We can measure the current state of a process, and we can analyze improvements in …