Asset To Vendor

Power Utilities and their Vendors
Share Many of the Same Challenges

  • Cybersecurity Threats
  • Compliance with NERC CIP standards
  • Limited Resources

Collaboration is the answer!

Introducing the
Asset to Vendor Network
(A2V)

Powered by Fortress written

A2V achieves security without compromising compliance

arrow in circle requirements icon

Access the latest and greatest in emerging industry requirements

pencil in message bubble informaiton icon

Receive instant industry information and continuous updates

down arrow cost icon

Reduce costs with our sharing model 50% SAVINGS

A2V is a network of power utilities who benefit from:

  • Shared costs of vendor risk assessments
  • Cyber asset vulnerability patches
  • Solutions to reduce duplication
  • Compliance requirements

Asset to Vendor Network

Delivering outcomes in a simple process

magnifying glass with arrow risk icon

Risk Identifications

Utility determines the right level of assessment – for the vendor and the product.

A2V offers risk ranking analytics.

magnifying glass over paper assesment icon

Assessment Selection

Utility submits the list of vendors requiring assessments.

Assessment availability and “Scheduled” or “Not Scheduled” status is appended with respective dates.

The utility selects assessments for purchase, whether it be an existing assessment or requirement to master a new one.

magnifying glass over people vendor icon

Vendor Engagement

Consent to share assessments is obtained by A2V vendors.

For new assessments, A2V works with vendors to complete.

New assessments (Masters) generate credits

Completed assessments are uploaded into the utility’s instance of the Fortress Platform, the A2V compliance system.

How does A2V compare to other assessment products?

A2V Assessment Products

A2V is aligned to industry guidance for risk identification and assessment methodologies, especially to CIP-013-1.

Why vendor assessments?

NATF points out that “the ERO has endorsed the practice of a Responsible Entity obtaining an independent assessment of the vendor’s production of BES Cyber Systems and/or related services as a means of complying with CIP-013-1.” NATF suggests:

  1. Asking vendors to provide independent assessments.
  2. Evaluating the auditor’s qualifications and cyber security framework used to perform the assessment.
  3. Evaluating the scope and results of the assessment.
  4. Documenting the process, conclusions and mitigating actions.
Comparison chart of A2V to competitors

A joint venture with Fortress, American Electric Power, and Southern Company

American Electric Power Logo

A2V is committed to helping American Electric Power and other leading utilities

Southern Company provides provide clean, safe, reliable and affordable energy to 9 million customers through their subsidiaries

A2V in the News

Asset to Vendor Logo

ASSET TO VENDOR
NETWORK

We love to help, contact us today.

Request a Demo

Request to speak to a solution specialist or schedule a demonstration.