Force 5 - Gatekeeper: Drastically Improving NERC CIP and OSHA Compliance in a Pandemic

James Evelyn, General Manager - Security and Compliance Offerings
Year after year, CIP-006 ranks as a top 10 NERC violation for power utilities due to the lack of modern and advanced visitor management controls needed to comply with the NERC’s audit requirements. The Covid-19 pandemic compounded the problem by burdening power utilities without a sophisticated visitor management system to fulfill their audit requirements. The business-as-usual approaches, such as manual logbooks, for example, made it virtually impossible to be compliant due to travel restrictions and non-essential visit controls implemented. These controls, while potentially limiting the spread of the virus, also prevented these same organizations from collecting logbooks, verifying their completeness, and meeting their compliance and reporting obligations.

Typical off-the-shelf visitor management solutions, access control systems, and paper logs simply can’t deliver accurate logging while enforcing policies because they primarily focus on checking in guests at a front desk. They often fall short of encompassing other critical sites found in power utilities, such as NERC CIP PSPs and OSHA Point-Of-Entries. Without feedback, strong controls, and situational awareness, these systems are rife with human performance errors, which is the primary root cause of CIP-006 R2 violations.

Because CIP-006 remains a top NERC violation in 2021 and due to the difficulties involved with compliance when using manual approaches such as logbooks before, during, and after a pandemic, FERC recently recommended power utilities automate their logging and review systems: “...entities should consider the guidance of the Physical and Environmental Protection (PE) family of the NIST SP 800-53. PE-8 recommends that, for high impact information systems, entities employ automated mechanisms to facilitate the maintenance and review of visitor access records.”– FERC, October 2, 2020

Founded in 2000, Force 5’s Gatekeeper was built together with one of the largest utilities in the country to meet the needs of power utilities.


Force 5’s Gatekeeper was built together with one of the largest utilities in the country to meet the needs of power utilities

Gatekeeper was designed to provide automated audit-ready evidence, constant situational awareness, actionable point of enforcement, and persistent risk assessment. It boasts robust components designed specifically for the environmental rigors of the power utility industry.

Gatekeeper is the only automated CIP escort-centric, self-service, physical access product built for compliance logging, validation, and policy enforcement. Strong internal controls also enforce corporate policies, including health screenings and attestations. This level of automation and remote collection of data can also be used for contact tracing while delivering real-time CIP compliance with violation-free audit reports at the push of a button.

This unique solution produces compliance-based evidence and forensics needed in an Enterprise Risk Management Solution for real-time risk analysis and audit-ready reporting in any condition, including health emergencies— helping power utilities achieve and maintain compliance and mitigate operational risk. Gatekeeper eliminates the age-old practice of logging access with paper logbooks, and provides awareness through dashboards, proactive notifications, and report generation.

Force 5 has been solving client problems for over 20 years, with effective technology solutions and a proven track record of success. “Always audit ready” is how one Force 5 customer described Gatekeeper. Another stated, “We had no violations or self-reports after Gatekeeper, and log remediation is done in minutes instead of weeks, and when needed it is done proactively.”

Company
Force 5 - Gatekeeper

Headquarters
Miami, FL

Management
James Evelyn, General Manager - Security and Compliance Offerings

Description
Founded in 2000, Force 5’s Gatekeeper was built together with one of the largest utilities in the country to meet the needs of power utilities. Gatekeeper was designed to provide automated audit-ready evidence, constant situational awareness, actionable point of enforcement, and persistent risk assessment. It boasts robust components designed specifically for the environmental rigors of the power utility industry. Gatekeeper is the only automated CIP escort-centric, self-service, physical access product built for compliance logging, validation, and policy enforcement. Strong internal controls also enforce corporate policies, including health screenings and attestations

Force 5 - Gatekeeper