Process Driven Compliance – Protecting the Grid
Recently I have been discussing how process thinking and process technology can be used to produce more effective and proactive compliance controls. In particular, I have been doing a lot of work around NERC compliance – the regulations for the Electric Utility Industry. NERC compliance includes cyber security (CIP – Critical Infrastructure Protection) and operational compliance, often referred to as 693.
What I am finding is that the more traditional approaches to compliance don’t add much value in respect to NERC compliance. The focus on Reliability in the standards encapsulates all manner of operational activities. That is not a good fit for traditional compliance tools that seek to enforce a modicum of compliance process on the high-level activities covered by the standards and a disconnected control approach that seeks to identify specific issues completely apart from work activities.
The better way (much better way!) is to embed compliance automation directly into controls that manage all of the details of work activities. This approach is the only proactive way to ensure compliance, and the only effective way to approach zero defects in respect to Reliability of the assets in our grid.
Want to learn more about this approach to compliance? Take a look at this short videos on the controls I have been helping develop for NERC compliance with SigmaFlow.