CIMA+ services were retained by a confidential energy producer based in Québec to support a NERC-CIP (or North American Electric Reliability Corporation critical infrastructure protection) compliance upgrade. The project’s overarching objective is to audit the client’s current compliance posture and execute the necessary improvements to achieve full compliance with the NERC-CIP standard within a reduced time span. This standard governs critical infrastructure protection in the electricity generation sector, and adherence requires a deep understanding of generation-specific systems, activities and infrastructure.
CIMA+’s multidisciplinary team, which includes cybersecurity advisors, physical security engineer and project manager is working closely with the client’s information technology (IT), operational technology (OT) and cybersecurity teams. Key activities include auditing the client’s operations against the 150 requirements of the NERC-CIP standard, identifying gaps, prioritizing remediation initiatives, and implementing these in collaboration with the client’s staff. The work also involves alignment with other NERC standards and adapting to territorial variations in how NERC-CIP is applied and audited across provinces and countries.
Deliverables for this project include a comprehensive gap assessment report and the successful execution of over 150 compliance upgrade actions. The project is currently in progress, with CIMA+ leading both the strategic and technical aspects in order for the client to achieve sustained regulatory compliance.