Power Utilities and their Vendors Share Many of the Same Challenges

  • Cybersecurity Threats
  • Compliance with NERC CIP standards
  • Limited Resources

COLLABORATION IS THE ANSWER!

Introducing the
Asset to Vendor Network
(A2V)

 

A2V achieves security without compromising compliance

<p style="text-align:center;">Access the latest and greatest in emerging industry requirements</p>

Access the latest and greatest in emerging industry requirements

<p style="text-align:center;">Receive instant industry information and continuous updates</p>

Receive instant industry information and continuous updates

<p style="text-align:center;">Reduce costs with our sharing model 50% SAVINGS</p>

Reduce costs with our sharing model 50% SAVINGS

A2V is a network of power utilities who benefit from:

  • Shared costs of vendor risk assessments
  • Cyber asset vulnerability patches
  • Solutions to reduce duplication
  • Compliance requirements

Asset to Vendor Network

Delivering outcomes in a simple process

<p style="text-align:center;">Utility determines the right level of assessment – for the vendor and the product.</p><p style="text-align:center;">A2V offers risk ranking analytics.</p>

Risk Identifications

Utility determines the right level of assessment – for the vendor and the product.

A2V offers risk ranking analytics.

<p style="text-align:center;">Utility submits the list of vendors requiring assessments.</p><p style="text-align:center;">Assessment availability and “Scheduled” or “Not Scheduled” status is appended with respective dates.</p><p style="text-align:center;">The utility selects assessments for purchase, whether it be an existing assessment or requirement to master a new one.</p>

Assessment Selection

Utility submits the list of vendors requiring assessments.

Assessment availability and “Scheduled” or “Not Scheduled” status is appended with respective dates.

The utility selects assessments for purchase, whether it be an existing assessment or requirement to master a new one.

<p style="text-align:center;">Consent to share assessments is obtained by A2V vendors.</p><p style="text-align:center;">For new assessments, A2V works with vendors to complete.</p><p style="text-align:center;">New assessments (Masters) generate credits</p><p style="text-align:center;">Completed assessments are uploaded into the utility’s instance of the Fortress Platform, the A2V compliance system.</p>

Vendor Engagement

Consent to share assessments is obtained by A2V vendors.

For new assessments, A2V works with vendors to complete.

New assessments (Masters) generate credits

Completed assessments are uploaded into the utility’s instance of the Fortress Platform, the A2V compliance system.

How does A2V compare to other assessment products?

A2V Assessment Products

A2V is aligned to industry guidance for risk identification and assessment methodologies, especially to CIP-013-1.

Why vendor assessments?

NATF points out that “the ERO has endorsed the practice of a Responsible Entity obtaining an independent assessment of the vendor’s production of BES Cyber Systems and/or related services as a means of complying with CIP-013-1.” NATF suggests:

  1. Asking vendors to provide independent assessments.
  2. Evaluating the auditor’s qualifications and cyber security framework used to perform the assessment.
  3. Evaluating the scope and results of the assessment.
  4. Documenting the process, conclusions and mitigating actions.

A joint venture with Fortress, American Electric Power, and Southern Company

A2V is committed to helping American Electric Power and other leading utilities

Southern Company provides clean, safe, reliable and affordable energy to 9 million customers through their subsidiaries

A2V in the News

Request a Demo

Request to speak to a solution specialist or schedule a demonstration.

Reports requested: