NERC Compliance Services
CIP v5 Services

The challenges that CIP Version 5 present are daunting at best. A former SERC CIP Auditor leads the Epoch team in providing expert CIP consulting services to utilities with those responsibilities. Whether they need their policies reviewed, facility services, or help understanding and implementing the new Version 5 standards and requirements, Epoch Technical Solutions can tailor a service program to the specific needs of each utility.

The professionals at Epoch Technical Solutions can help assist the utility making their transition to CIP Version 5 much easier. This saves the utility time, resources, and money by avoiding potentially costly fines and having a better understanding of their new responsibilities.

The head of Epoch’s CIP team is a former CIP Auditor in the SERC region where he has been on both sides of the auditing process. He has conducted on-site audits and has been on the team that assesses fines.

  • Industry expertise to ease the transition to CIP-005
  • Tailored services to fit the utilities specific needs
  • Serving the utility Industry for forty years

Epoch is a leader in the regulatory compliance arena focusing on providing solutions for issues associated with NERC Compliance. Epoch has expertise in NERC CIP and 693 compliance. As a result, our professionals understand the complexity of the different issues associated with meeting compliance.

Epoch employees possess real-world industry expertise in all areas of NERC 693 and CIP compliance. Due to its strong involvement in the NERC Compliance arena, Epoch has been involved in the development and enforcement of the NERC CIP Reliability Standards, the NERC 693 Reliability Standards and the Compliance Monitoring Enforcement Program (CMEP) development process from the beginning. We understand both the letter and spirit of the standards and the CMEP. Our team has experience providing compliance services including audit preparation, administration and performance of audits, and audit pre and post documentation. We also have significant experience in developing, implementing, and evaluating all sections of client compliance programs.

Epoch Technical Solutions is a privately held consulting and software firm focused on providing consulting services and software solutions to clients in the energy industry. Epoch’s workforce is composed of a diverse group offering the following services:

  • Compliance Program Development and Preparation
  • Internal Compliance Plan Review and Development
  • Compliance Policy/Procedure Review and Development
  • Audit Readiness Assessment
  • Gap Analysis/Mock Audit
  • Complete Compliance Management/Facilitation Service
  • Maintenance Scheduling Programs (PRC-005, FAC-003)
  • Regional Compliance Submittals
Standard Explanation Services Offered
CIP-002-5.1a Requires the identification, categorization ,and documentation of the BES Cyber Systems and their associated BES Cyber Assets that support the reliable operation of the Bulk Electric System.
  • Review and development of:
    • Processes and procedures
  • Asset Identification
  • Gap Analysis
  • Mock Audits
CIP-003-6 Specify consistent and sustainable security management controls that establish responsibility and accountability to protect BES Cyber Systems against compromise.
  • Review & development of:
    • Cyber security policy
    • Processes and procedures
  • Gap Analysis
  • Mock Audits
CIP-004-6 Minimize the risk against compromise from individuals accessing BES Cyber Systems by requiring an appropriate level of personnel risk assessment, training, and security awareness.
  • Review and development of:
    • Cyber security awareness program
    • Processes and procedures
    • Training program
  • Monitor training implementation
  • Monitor PRA's
  • Gap Analysis
  • Mock Audits
CIP-005-5 Manage electronic access to BES Cyber Systems by specifying a controlled Electronic Security.
  • Review and development of:
    • Processes and procedures
    • Electronic Security Perimeter Drawings
    • Intermediate Server
    • Two Factor Authentication (2FA)
  • Gap Analysis
  • Mock Audits
CIP-006-6 Manage physical access to BES Cyber Systems by specifying a physical security plan.
  • Review and development of:
    • Processes and procedures
    • Physical Security Perimeter Drawings
    • Physical Access Control Systems
  • Gap Analysis
  • Mock Audits
CIP-007-6 Manage system security by specifying select technical, operational, and procedural requirements.
  • Review and development of:
    • Processes and procedures
    • Ports and Services
    • Security Patches Management
    • Methods for detecting or preventing malicious code
  • Setup for Account Management Controls
  • Gap Analysis
  • Mock Audits
CIP-008-5 Mitigate the risk to the reliable operation of the BES as the result of a Cyber Security Incident by specifying incident response requirements.
  • Review the development of:
    • Processes and procedures
    • Paper drills or tabletop exercise of a Reportable Cyber Incident
  • Collecting of forensic evidence of an actual Cyber Incident
  • Assist in report preparation from an actual Cyber Incident
  • Gap Analysis
  • Mock Audits
CIP-009-6 Recover reliability functions performed by BES Cyber Systems by specifying recovery plan requirements.
  • Review and development of:
    • Processes and procedures
    • Recovery Plan Specifications
    • Processes for backup and storage of information
    • Lessons learned
    • Processes for data preservation
  • Assist in annual exercises
  • Gap Analysis
  • Mock Audits
CIP-010-2 Prevent and detect unauthorized changes to BES Cyber Systems by specifying configuration change management and vulnerability assessment requirements.
  • Review and development of:
    • Processes and procedures
    • Preparation of the equipment baseline
  • (CVA) Cyber Vulnerability Assessment (Paper and Active)
  • Gap Analysis
  • Mock Audits
CIP-011-2 Prevent unauthorized access to BES Cyber System specifying information protection requirements.
  • Review and development of:
    • Processes and procedures
    • Information protection programs
  • Assis in identifying DoD processes for equipment disposals
  • Assis in identifying best practices per National Institute of Standards and Technology
  • Gap Analysis
  • Mock Audits
CIP-014-2 Protect Transmission facilities from physical attack.
  • Review and development of:
    • Processes and procedures
    • Risk Assessments
  • Review of the Physical Security Measures
  • Assist in the identification and verification of the transmission substations
  • Gap Analysis
  • Mock Audit
Service Bundles
Bronze Service Bundle
Auditing Services
Regulation Sentinel
Targeted Customer
This bundle is recommended for those companies that need a third party review of their audit readiness.
Bundle Description
This service is designed to assist customers with everything associated with a NERC audit. Services cover the assessment, preparation, presentation, and representation phases of the process.
Each bronze bundle sold comes with a one year subscription to our newsletter and community gateway.
Silver Service Bundle
Software Management
 Regulation Sentinel
Targeted Customer
This bundle is recommended for those companies that need help getting started and updating their Towerline software.
Bundle Description
This service is designed to assist customers with everything associated with the startup and updating of their Towerline software.
Each silver bundle sold comes with a one year subscription to our newsletter and community gateway.
Gold Service Bundle
Software Management
Document Preparation
 Evidence Management
 Regulation Sentinel
Targeted Customer
This bundle is recommended for those companies that have iComply and need help getting started, preparing their documents, and updating their Towerline software.
Bundle Description
This service is designed to get our customers up and running with their program and getting the software populated and operational utilizing the "Left Side" of the program. Services will also include preparing the customer for migration to the "Right Side" of the software.
Each gold bundle sold comes with a two year subscription to our newsletter and community gateway.
Advanced Service Bundle
Software Management
Document Preparation
Evidence Management
Monitoring Service
Report Management
Regulation Sentinel
Targeted Customer
This bundle is recommended for those companies that really would like someone to come in and administer their compliance program.
Bundle Description
This service is designed to get our customers up and operational and to keep them in compliance by being responsible for administering the program under their rules. We essentially do all the setup, get all documents prepared, load the software, and follow up with ensuring all evidence is kept and recorded properly, updated as needed, and generally be in audit ready posture. Customers will need to have Towerline's software or we will provide it for them.
Each advanced bundle sold comes with a subscription to our newsletter and community gateway for the life of the contract.
Premium Service Bundle
Software Management
Document Preparation
Evidence Management
Monitoring Service
Report Management
Auditing Services
Regulation Sentinel
Targeted Customer
This bundle is recommended for those companies that really would like someone to come in and administer their compliance program.
Bundle Description
This service is designed to get our customers up and operational and to keep them in compliance by being responsible for administering the program under their rules. Customers will need to have Towerline's software or we will provide it for them. We have a set list of solely responsible and jointly responsible duties we will follow that can be negotiated in advance. This service includes the work done in the Managed Services group plus a "gap Analysis".
Customer needs to provide the "Enforcement" services.
Each premium bundle sold comes with a subscription to our newsletter and community gateway for the life of the contract.
NERC Compliance!
Specializing in total Turn-Key Solutions!  We even provide all the software. Any questions? Contact us today!
Phone: (517) 669-8888
Email Us!
Epoch jumpstarts your solutions!
Epoch Technical Solutions provides a variety of services that can get you started or get you back on track. If our Compliance Service Bundles aren't for you, check out our other great services.
Learn More...