Have a question? 713-777-3522

Services

Compliance Gap Analysis

We find the Gaps, let’s fill them.

The quality of a NERC Gap Analysis is measured upon how well evidence is accounted for by a solid, proven framework.

For instance, by the DL2C method, CIP-001-1, R1 has exactly 4 elements which are critical for compliance. If one or more of these items is missing, this constitutes a compliance gap. The numbers of elements are extracted directly from the NERC Requirement.

Auditor: “We can’t tell you how to be compliant…”

Heard this before? When using the DL2C Color-Coded Compliance System™ Gap Analysis, you literally tell your Regional Auditors, “This is how we plan to be compliant…” After providing them your itemized Gap Analysis, Regional Auditors will be able to comment on any items that you will still need up to 90 days before your audit occurs. This is the definitive strategy not to be surprised at evidence requests during your audit.


Entity: What do we get as a “Leave Behind?”

The DL2C GAP Analysis provides the opportunity for a customized look into compliance status, without the stress and expense of a pass/fail inspection. Reliable results are compiled instantly during the process.

Are you ready to get compliant?

DL2C GAP Analysis Deliverables:

  • >>>Analysis of existing evidence by using DL2C Color-Coded Compliance System™ data.
  • >>>Scoring of compliance to percentage points to the Requirement level.
  • >>>Prioritization of Compliance Activities by Risk Level.
  • >>>Review of your company’s current Internal Compliance Program.
  • >>>Evaluation of your company’s audit status, e.g., BW (Begun Work), SC (Substantially Compliant), C (Compliant), AC (Audibly Compliant) to the requirement level.
  • >>>A Gap Analysis report, documenting recommendations for achieving compliance.
  • >>>A Gap log to manage the remediation of gaps, with DL2C recommendations for remediation towards achieving compliance.

Audit ready CIP documentation

NERC CIP standards require centralized access, information on field components, and the ability to provide access and security of these components. These standards also require documentation and auditing of all critical infrastructure protection programs.

DL2C’s team of project managers and Compliance Audit Specialists will accurately and quickly document all evidence of your Critical Infrastructure Protection programs.

The Cost of Non-Compliance

Due to the importance of securing the North American power supply, financial penalties for NERC non-compliance are detrimental – entities can be fined up to $1 million per day until they have brought themselves back into a compliant state.

Although NERC audits are regularly scheduled, additional NERC audits can result if there is a power outage or other incident.

Therefore, DL2C’s clients are taking a proactive approach to vulnerability management, endpoint and data protection to ensure continuous NERC compliance.

Are you ready to get compliant?

DL2C CIP Documentation Deliverables:

  • >>> CVA (Cyber Vulnerability Assesment) ability assessment.
  • >>> Development of a Cyber Security Plan.
  • >>> We perform passive penetration tests on your infrastructure.
  • >>> We perform an overall evaluation of your network security design.
  • >>> We perform passive penetration tests on your infrastructure.
  • >>> PXP (Physical Security Perimeter) and DPB (Designed Perimeter Boundry) controls evaluation and anlaysis.

 

Your cyber assets, secure.

The quality of a NERC Gap Analysis is measured upon how well evidence is accounted for by a solid, proven framework.

For instance, by the DL2C method, CIP-001-1, R1 has exactly 4 elements which are critical for compliance. If one or more of these items is missing, this constitutes a compliance gap. The numbers of elements are extracted directly from the NERC Requirement.

NERC Region: “We can’t tell you how to be compliant…”

Heard this before? When using the DL2C Color-Coded Compliance System™ Gap Analysis, you literally tell your Regional Auditors, “This is how we plan to be compliant…” After providing them your itemized Gap Analysis, Regional Auditors will be able to comment on any items that you will still need up to 90 days before your audit occurs. This is the definitive strategy not to be surprised at evidence requests during your audit.


Entity: What do we get as a “Leave Behind?”

The DL2C GAP Analysis invites the opportunity for a friendly look into compliance status, without the stress and expense of a pass/fail inspection. Reliable results are assured within 72 hours.

DL2C GAP Analysis Deliverables:

  • Analysis of existing evidence by using DL2C Color-Coded Compliance System™ data
  • US Dollar-Based Risk Exposure Calculation
  • Scoring of compliance to percentage points to the Requirement level
  • Prioritization of Compliance Activities by Risk Level
  • Review of your company’s current Internal Compliance Program
  • Evaluation of your company’s audit status, e.g., BW (Begun Work), SC (Substantially Compliant), C (Compliant), AC (Audibly Compliant) to the requirement level
  • A Gap Analysis report, documenting recommendations for achieving compliance
  • A Gap log to manage the remediation of gaps, with DL2C recommendations for remediation towards achieving compliance

Direct Line 2 Compliance can generally complete a GAP Analysis within three days, with a cost range of $10,000 to $18,000 plus any travel expenses, making it a service well worth engaging.

Inquire About This Service

Compliance Gap Analysis

We find the Gaps, let’s fill them.

The quality of a NERC Gap Analysis is measured upon how well evidence is accounted for by a solid, proven framework.

For instance, by the DL2C method, CIP-001-1, R1 has exactly 4 elements which are critical for compliance. If one or more of these items is missing, this constitutes a compliance gap. The numbers of elements are extracted directly from the NERC Requirement.

NERC Region: “We can’t tell you how to be compliant…”

Heard this before? When using the DL2C Color-Coded Compliance System™ Gap Analysis, you literally tell your Regional Auditors, “This is how we plan to be compliant…” After providing them your itemized Gap Analysis, Regional Auditors will be able to comment on any items that you will still need up to 90 days before your audit occurs. This is the definitive strategy not to be surprised at evidence requests during your audit.


Entity: What do we get as a “Leave Behind?”

The DL2C GAP Analysis invites the opportunity for a friendly look into compliance status, without the stress and expense of a pass/fail inspection. Reliable results are assured within 72 hours.

DL2C GAP Analysis Deliverables:

According to CIP-005-1 NERC standards DL2C can gather your mandatory documentation and review all procedures and policies each yearly.
We also help develop processes for maintaining and archiving access logs for a defined period of time.

Direct Line 2 Compliance can generally complete a GAP Analysis within three days, with a cost range of $10,000 to $18,000 plus any travel expenses, making it a service well worth engaging.

Inquire About This Service