How Change Management Can Help Organizations Stay NERC CIP Compliant

These days, it's nearly impossible to imagine a single industry without an IT presence. Some, like the energy industry, are practically evolving around what technology can provide. Solar energy, for example, requires bilateral energy flow between end users and providers. Without an IT infrastructure to monitor and manage this transfer, solar might not be the green energy giant it has become in recent years.

The upcoming NERC CIP regulatory update set to take effect at the beginning of April offers enterprise IT a similar challenge. As the national energy infrastructure modernizes and grows to rely more on data-intensive operations to secure transmission, organizations charged with overseeing vital grid-connected cyberassets will need to constantly raise their standards. In the past, NERC CIP has provided strict baseline model for ideal IT solutions that both prevent infiltration and accidental system failure. A single line of code could upset megawatts of power distribution across the country, and it's up the the NERC to thwart these disasters.

That said, change management plays an important part in NERC CIP Version 5. In fact, in many ways, innovative change management tools and processes could mean the difference between compliance and a costly violation.

Change Management is the Perfect Tool for Complexity
Energy utilities, as well as those that supervise their physical and digital assets, do much more than flip a switch to make sure the lights stay on. In the wake of deregulation, the green energy movement and cyberattacks, these organizations must employ demand-based forecasting, efficiency upgrades and countless security measures simply to maintain service. As the grid continues to digitize, new vulnerabilities will arise and new solutions must be formulated in response.

From an IT service management perspective, accommodating these factors come second to ensuring internal operations don't cause blackouts first. Change management tools that effectively track, monitor and test alterations made to system configurations will be one of many litmus tests for IT compliance to NERC CIP - that's why NERC added a change management component to its newest CIP iteration. As energy technology develops and the role of change management scales up, utilities and their partners will need flexible tools capable of executing change to make the digital grid more resilient against whatever new threat might come about.

Change Management Removes Risk with Automation
Automation is one way IT service managers can stay a step ahead of actions that might put the grid in jeopardy, especially internal issues. According to a report by NERC and the Federal Energy Regulatory Commission, a review of IT-integrated energy assets shows a particular need for automation when it comes to load balancing and shedding, two processes integral to sustaining service in the event of a demand-based emergency. Instead of relying on the accuracy of a manual trigger, smarter assets should be able to analyze the nature of an energy imbalance and perform actions to mitigate their negative effects.

In a similar vein, automated regression testing for change management before deploying new applications or enhancing legacy software speeds up the development and release stages. Time cannot go to waste when national security is on the line. Automating key components to the change management process eschew time-intensive procedures while giving authorized personnel the ITSM tools necessary to make the right changes when they matter the most.

Previous Article
How Can Change Management Spruce Up Enterprise IT Before NERC CIP Updates?
How Can Change Management Spruce Up Enterprise IT Before NERC CIP Updates?

Twentieth-century American author and thinker Alvin Toffler once posited, "Change is not merely necessary...

Next Article
A Newer You: How DevOps Change Management Makes Business Sense Outside the Market
A Newer You: How DevOps Change Management Makes Business Sense Outside the Market

Traditionally, when businesses "change," they correct something gone awry. IT change management in a DevO...