System and Organization Controls (SOC) reports
Elevate your organization in the marketplace by providing it confidence over your outsourcing services.
October 1, 2020, marked the end of COVID-19-related extensions for NERC standard, Cybersecurity – Supply Chain Risk Management (CIP-013-1).
The Federal Energy Regulatory Commission (FERC) has implemented a new regulatory requirement, NERC CIP-013-1, which places increased responsibility on Power & Utility (P&U) companies to evaluate the cybersecurity of their third-party vendors and partners. Failures carry significant financial penalties.
The supply chain risk management reliability standards are forward-looking and objective, requiring each affected entity to develop and implement a plan that includes security controls for supply chain management for industrial control system hardware, software, and services associated with system operations.
At the moment, this standard applies to the energy industry, but based on prior regulatory trends, will also be expanded to cover other utility-based sectors.
Implementing controls that limit exposure to malware Implementing controls that limit exposure to tampering | Conduct a SOC 2 readiness review and SOC 2 examination | Provide a SOC 2 report to submit to your customers and regulators that your organization has robust security, confidentiality, and/or privacy controls that are operating effectively |
Vendor procurement guidelines Vendor permissions Vendor monitoring | Conduct a Third-Party Risk Management Current State Assessment | Deliver a Third-Party Current State Assessment report summarizing gaps in, and recommendations for, your organization’s third-party risk management processes, including an evaluation of the following components:
|
This website uses cookies.
Some of these cookies are necessary, while others help us analyse our traffic, serve advertising and deliver customised experiences for you.
For more information on the cookies we use, please refer to our Privacy Policy.
This website cannot function properly without these cookies.
Analytical cookies help us enhance our website by collecting information on its usage.
We use marketing cookies to increase the relevancy of our advertising campaigns.