Facing the pressures of more complex operations, stricter enforcement, severe fines and constantly shifting compliance requirements, energy and utility companies must organize, track and coordinate a gauntlet of corporate and compliance challenges—from maintenance to ensuring reliability and cybersecurity enterprise-wide. They need a flexible system that can help consistently manage activities, identify risks, and demonstrate compliance across the entire organization. Energy & Utilities Enterprise Management (EUEM) Compliance-central Control in a Changing Landscape Use AssurX to: track, report & document compliance control enterprise risks manage NERC / FERC, security & regional standards, including: • Cybersecurity (CIP) • PRC & Maintenance • Automated Import / Update of Standards • prepare / perform self-assessments & certifications perform internal audits develop / manage mitigation plans & corrective actions integrate automated document & training management gain oversight / control of operations & compliance programs A highly versatile set of software solutions in one compliance-central system, AssurX enables energy and utilities businesses to ensure compliance, manage risks and better govern their enterprise. The software links and organizes compliance data with schedules; tasks and activities; and requirements and evidence; across your operations. It automatically tracks and communicates about activities and coordinates efforts between groups. Using AssurX, you stay in control of risks, priorities, activities and evidence. You know when an issue impacting compliance or business arises, and you’re set to quickly resolve any problems. Incredibly easy to deploy, configure and modify, AssurX is ideal for energy and utilities businesses of every type. E n e r g y & U t i l i t i e s E n t e r p r i s e M a n a g e m e n t S o l u t i o n CIP Access Mgmt. Assessment Certifications Corrective Actions CIP System Mgmt. Risk Mgmt. Document Mgmt. Reported Evidence PRC System Maintenance Training Recurring Evidence Reliability Standards Mgmt. Audits C o r p o ra te • R i s k • C o m p l i a n c e • M a i n t e n a n c e • Q u a l i t y • A u d i t • H u m a n R e s o u rc e • O p e r a ti o n s • P l a n n i n g • A n y F a c i l i t y • I n f o r m a ti o n T e c h n o l o g y • The AssurX Industry Solution AssurX delivers clear views of coordinated activities and information across all areas of a business, letting you easily orchestrate operations; detect, correct and prevent problems; improve compliance; and better govern your enterprise.
Transcript
Facing the pressures of more complex operations, stricter enforcement, severe fines and constantly shifting compliance requirements, energy and utility companies must organize, track and coordinate a gauntlet of corporate and compliance challenges—from maintenance to ensuring reliability and cybersecurity enterprise-wide. They need a flexible system that can help consistently manage activities, identify risks, and demonstrate compliance across the entire organization.
Energy & Utilities Enterprise Management (EUEM)Compliance-central Control in a Changing Landscape
integrate automated document & training management
gain oversight / control of operations & compliance programs
A highly versatile set of software solutions in one compliance-central system, AssurX enables energy and utilities businesses to ensure compliance, manage risks and better govern their enterprise.
The software links and organizes compliance data with schedules; tasks and activities; and requirements and evidence; across your operations. It automatically tracks and communicates about activities and coordinates efforts between groups.
Using AssurX, you stay in control of risks, priorities, activities and evidence. You know when an issue impacting compliance or business arises, and you’re set to quickly resolve any problems.
Incredibly easy to deploy, configure and modify, AssurX is ideal for energy and utilities businesses of every type.
En
ergy &
Utilit
ies Enterprise Management Solution
CIPAccessMgmt.
AssessmentCerti�cations
CorrectiveActions
CIPSystemMgmt.
RiskMgmt.
DocumentMgmt.
ReportedEvidence
PRC SystemMaintenance
Training
RecurringEvidence
ReliabilityStandards
Mgmt.
Audits
Corporate • Risk • Comp
liance • M
ainten
ance • Q
uality • Audit • Human Resource •
O
peratio
ns
•
Pla
nn
ing
•
A
ny
Faci
lity
•
Info
rmation Technology •
The AssurX Industry Solution
AssurX delivers clear views of coordinated activities and information across all areas of a business, letting you easily orchestrate operations; detect, correct and prevent problems; improve compliance; and better govern your enterprise.
I N D U S T R YI N D U S T R YENERGY & UTILITIES S O L U T I O NS O L U T I O N
Regulatory Compliance Management One system consistently tracks, measures and demonstrates compliance for an array of requirements (federal, state, regional or local). Easily initiate and monitor compliance and mitigation plans, assign tasks to document rationale for each requirement and close any compliance gaps. Evidentiary documentation is compiled and reporting tasks are scheduled and tracked to ensure every deadline is met. Specific compliance solutions for:
NERC Reliability Compliance Automatically coordinate, track and assess activities to ensure compliance, maintain reliability and meet stringent NERC standards.The software is pre-loaded with NERC standards and requirements. Responsibility for requirements, compliance analyses, mitigation plans and tasks are assigned, monitored and documented in a central repository.
NERC Standards Update Service This service constantly monitors the NERC website for new or revised standards, then integrates the information, including PDFs and RSAWs, into AssurX-ready form and notifies subscribers. Update/import everything needed to bring your system current in minutes.
Assessment-certification ManagementPerform automated self-assessments and meet NERC and regional self-certification requirements for registered entities. Set and manage master schedules by standard, entity or region across any desired time span. Automatically assign, monitor and measure activities for compliance, and track certification reviews and regional filings for each standard.
Recurring Evidence Management Schedule and track internal evidence collection on a periodic basis. Set schedule frequency (weekly, annually, etc.) to collect evidence to meet multiple requirements. The system automatically assigns collection tasks and the collected evidence is linked to applicable regulatory requirement(s). The software sends alerts as tasks become due and notifies supervisors of late tasks.
Reported Evidence Management Schedule and track evidence collection, and document required periodic regulatory report submittals. Set schedule frequencies to collect evidence to meet one or more requirements. The system automatically assigns collection tasks and collected evidence is linked to applicable regulatory requirement(s). The software sends notification as tasks are due, alerts supervisors of late tasks, and documents regulatory submissions.
Improve Compliance & Business Performance With One System
Key Features and FunctionalityMapping precisely to your real-world operations, AssurX creates an electronic workflow and history of tasks, alerts, escalations and approvals that can be automated to the level you prefer. Implement solutions into the AssurX system easily, as you need them. Including:
��Integrates compliance and business operations creating one source of information. Ensures all requirements are being met, risks are managed, and resources are properly prioritized
��Built for fluid business and regulatory landscapes. Quickly absorbs changes to requirements and standards, directives, or processes, lowering the cost of staying current and increasing competitiveness
��Delivers at-a-glance status of compliance and activities. Track real-time metrics and identify trends
��Gain central oversight while allowing each group/division/entity to manage their own activities, making compliance and business operations consistent and manageable—even in complex organizations
��Proactively identifies noncompliance or rising risks and sends alerts to initiate remediation—avoiding fines, negative publicity and legal actions
��Creates a central repository for data, history and compliance evidence for quicker, more thorough response to investigations, inquiries and audits
“AssurX ensures
that we maintain
compliance with
regulatory standards
and manages
our corrective
action program. Its
flexibility allows us
to configure it to
meet our company-
specific processes and
workflows and it
has strong reporting
and data drill down
capabilities for both
users and managers.”
Reliability Compliance Manager
FirstEnergy
I N D U S T R YI N D U S T R YENERGY & UTILITIES S O L U T I O NS O L U T I O N
PRC System Maintenance Compliance Dashboards visually deliver the current state of PRC compliance for physical devices or assets affecting the BES, while automated alerts to supervisors expose trends towards noncompliance well before it occurs. In a single hub, the system maintains a complete, audit-ready history of devices/assets, issues and actions taken to maintain control and compliance; along with the required PRC/maintenance records, keeping them accessible with the click of a button.
CIP System Management Stay in compliance with NERC Bulk Electric System (BES) Critical Infrastructure Protection (CIP) standards for Ver. 5 and beyond. Manage configuration and change for high to low impact BES cyber systems and assets. The software links the Physical and Electronic Security Perimeters to each associated cyber system. Manage baseline configuration of cyber devices and automatically maintain a complete device inventory. Meet evidence requirements for CIP assets and report historical changes to assets over their life cycle.
CIP Access Management Grant, modify or revoke individual access to cyber systems using role based security and permissions that meet NERC BES CIP standards. The software automatically sends notifications when a CIP access is changed or revoked, creates a detailed revision history of all access records; and generates access reports and metrics for managers.
Document Management Creates a central library where key documents are stored and manages the document life cycle including: change requests, redlining, approval routing, release, notification and training. With fast, easy search and retrieval, access is controlled so that only those personnel who are allowed to view a given document can do so.
Training Management Ensure personnel are up to date on training, and properly qualified to perform tasks and work at all times. The software creates a permanent record and audit trail of personnel qualifications, training requirements and histories, and other regulatory compliance obligations in one database. Training tasks are tracked, and staff and supervisors are notified of upcoming and missed expiration dates and mandatory training.
Enterprise Risk Management Identify, assess and control enterprise risks to ensure reliability and meet compliance and business goals. Monitor risk related activities, and perform evaluations of financial, operational, and compliance impact. The software calculates probability, assigns priorities, and links risks to appropriate internal controls. Dashboards deliver risk and activity status, threat heat maps, and detailed metrics for trending. The system automatically launches corrective actions and tracks the resolution of issues—preventing avoidable threats.
Corrective Action Management Detect, correct and prevent recurrence of regulatory violations, procedural lapses, cyber incidents, equipment/test failures, and more with a closed-loop system. Issues initiated from any department are investigated, root causes identified, and corrective/preventive actions planned and implemented across operations. Dashboards show current and potential problems, and automated alerts instantly notify the proper personnel.
Audit ManagementPlan, schedule and manage internal quality and compliance audits end-to-end. Automatically log audit findings, manage responses, and launch corrective actions. Reports and dashboards provide live data for instant status and metrics.
Seamlessly integrated solutions work together using shared information. For example, when the Risk Management solution reveals a risk of noncompliance, the system can automatically trigger the Corrective Action solution to begin resolving the problem.
Dashboards & Performance MetricsPowerful, built-in analytics and reporting capabilities, delivered through a user-friendly system of dashboards, give managers a detailed real-time view into all activities, making trending and oversight simple. Instantly view reports and charts of performance, status or other metrics for the entire enterprise or by division, entity, department, group or individual. See overall compliance status, or that of a specific program, project or single task. Drill-down to individual records from any chart or report.
About AssurX, Inc.With decades of expertise built into their quality management and regulatory compliance software, AssurX helps highly regulated companies exceed quality expectations, ensure compliance, manage risks and better govern their enterprise. AssurX is a highly versatile set of software solutions that unites and coordinates information, activities and documentation in one reliable enterprise system, letting you easily orchestrate operations; detect, correct and prevent problems; and improve the bottom line.
Other Standard Features�� Uniquely configurable applications
that are incredibly quick and simple to setup, deploy and modify
�� Easily adjusts to fit any established or changing process, requirement or organization
�� Includes ready to use workflow processes that can be modified with point-and-click tools requiring NO programming
�� Zero-client architecture runs on all browsers and operating systems
�� Available as OnDemand (SaaS), or traditional OnPremise (licensed software). OnDemand option comes with the ability to bring your system in-house at any time
�� Particularly well suited for highly regulated industries, all AssurX solutions are designed at their core to ensure compliance and security
�� Secure, scalable system with built-in audit trail and electronic signatures
�� Sophisticated access restrictions—limit who can login, view or edit records, etc.
�� Easy to use ad-hoc query tools for creating, saving and exporting data
�� Full integration among all AssurX solutions (e.g., risk management, audits, corrective actions, document management, etc.)
�� Integrate with external systems or databases such as learning management, work order, internally developed applications, databases, etc., using a flexible open integration interface
�� Comprehensive support, training, maintenance and consulting
Built-in management dashboards: Monitor live performance metrics, activities and compliance status across solutions and your organization.
