Your Most Important Data: The Event Log

When managing NERC-related compliance issues your most important data is your event log. Having a detailed log of all compliance related events ensures your on-the-spot NERC compliance, and it also protects your entity from cyber and physical plant threats.

What is An Event Log?

For bulk power operators, an event log records all compliance related events ranging from potential security attacks to capacity capabilities to outage events. This data is extremely complex and bulky in nature. In the past, event logs have been managed manually whether with old-school pen and paper or with electronic data sets that later have to be audited, reviewed and merged.

Event logs can also be generated automatically using a comprehensive software program like Versify’s Portal Compliance, which is specifically designed for the energy industry.

All event logs should include:

  • Date and time stampingshutterstock_142535839

  • Each and every instance secure data, cyber assets and networks are accessed; with user log information

  • All NERC compliance related events

  • Fluctuations in capacity

  • Outage events

  • Resolution measures to security breaches

  • Records of staff training and credentialing

Your event log will give you an accurate picture of your facilities operations, capacity and cyber security status.  It must also include all data as dictated by the NERC and NERC CIP Reliability Standards.

NERC and NERC CIP Reliability Standards

There are over 90 NERC Reliability Standards, including the NERC CIP or NERC Critical Asset Protection Standards. Both NERC and NERC CIP standards are required and enforcement. Any entity found in violation of the Reliability Standards can be subject to fines of up to $1 million and suffer plant shut downs.

The NERC and NERC CIP Reliability Standards are enforced by one of the eight regional entities that cover regions throughout the United States, Canada and part of Baja-California Mexico.  The Regional Entities are authorized by NERC to perform all compliance audits—whether scheduled or spot-checks.

When your Regional Entity knocks on your door for an audit, the first thing they will want to see is your event log.

Automated Event Logging

Now, Verify Solutions has found a way to merge and capture events and related data in real-time through its comprehensive software solution, Versify’s Portal Compliance. When a potential attack, breach outage or other notable operations event is detected Versify’s Portal Compliance automatically records the required details of the event, as well as provides suggested remediation measures. Portal Compliance captures compliance data in real-time and matches that data with the NERC and NERC CIP Reliability Standards.

For more information about event logs and Portal Compliance, contact Versify Solutions, today!