Utility companies are taking advantage of the latest technology to improve customer service. This means accepting credit card payments for services over the Internet or allowing consumers to manage their accounts online. The collection of credit card data and personally identifiable information such as social security numbers and birthdates creates a need to protect that data and comply with government and industry regulations related to data security.
Additionally, the risk of system downtime resulting from hackers, insider threats, or inadequate business continuity and disaster recovery plans create significant exposure to utility companies today. The North American Electric Reliability Corporation’s (NERC) mission is to ensure the reliability of the North American bulk power system. NERC is the electric reliability organization (ERO) certified by the Federal Energy Regulatory Commission to establish and enforce the Critical Infrastructure Protections (CIP) standards. These standards increase the security of our nation’s essential utilities.
Compliance with these standards is mandatory and failure to comply could result in fines and penalties of up to $1M per day.
CompliancePoint offers consulting services and technology products to help utility companies fortify their security infrastructure and ensure the safety of sensitive data. We can identify web site or network security issues and provide options for remediation.
The following are some of the services and products that we offer to the utilities industry.
Compliance Assessments:
- NERC CIP - We help bulk power system owners, operators and users comply with the NERC Critical Infrastructure Protection program.
- Security Risk Assessment - A baseline assessment includes your existing information systems, policies, procedures, critical business processes, network infrastructure, and communication systems
- PCI DSS Assessment - Ensures compliance with the Payment Card Industry Data Security Standard
Security Consulting:
- Policy & Procedure Development - Defines your company's policies for protecting information and data assets
- Network Security Review - Uncovers Network and application vulnerabilities to make your IT environment more secure
- Application Security Code Review - Ensures application security through Web Application Scanning, Firewall and
Security Code Reviews - Security Incident Response - Understand how to prepare your organization in the event of an attack or data breach
- Business Continuity / Disaster Recovery- Use our multi-phase consulting approach to protect your business
Managed Services
- Network & Security Monitoring - Effective monitoring is essential to ensure data security. Our full range of services helps automate this process.
- Vulnerability Scanning & Penetration Testing - Identifies vulnerabilities in network devices such as firewalls and then tests the identified vulnerabilities.
- Wireless Rogue Detection - CompliancePoint offers the most advanced and cost-effective tools for wireless rogue detection.
Technology Products:
- Compliance Automation Portal – Centralizes, automates and correlates all compliance activities
- PIIFinder – Scans files and databases for critical PHI data
- Security Awareness Training – Provides a variety of online and onsite security training
- Information Security
- Data Loss Prevention – We assist with the selection and implementation of software solutions to identify, monitor and protect data
- Encryption & Key Management - Minimize the IT effort required to guard against data loss and theft with the appropriate solution for your organization.
- Logging & Monitoring - Maintain compliance and protect your environment against intrusions or security breaches. Our expertise includes cloud-based applications.
- Network Security Devices - We can help you select and configure a wide range of devices and solutions for highly complex environments such as firewalls, intrusion detection systems and email encryption.
- Identity & Access Management - CompliancePoint can help you find the precise tools and solutions to create and implement a program for your organization
For more information about our services and solutions for the utilities industry, contact CompliancePoint at security@compliancepoint.com or (800) 585-4888.