Context

A local hydro and utilities company wanted to facilitate user access recertification for various departments in order to meet internal governance and NERC CIP compliance requirements. Existing manual provisioning process was very cumbersome and lacked the required auditing capabilities.

What we did

• – Built the full IGA server infrastructure for Dev, Test and Production
• – Enabled new processes surrounding NERC CIP role request and termination.
• – Provisioning raccess to NERC resources automatically based on request approvals.

Outcome

• – Resulting new process flows in the IAM solution led to a better posture for maintaining NERC CIP compliance.
• – The solution was extended to form a role repository and perform role-based certifications.
• – The solution facilitated detection of segregation of duty violations which were addressed as part of regular audit cycles.
• – User access request and certification process was automated, leading to significant cost savings and shifting focus of capital expenditure budgests to value-add projects.

 

Please contact us to discuss your Cybersecurity needs: