That’s right you have heard correct. The CIP V5 compliance effective date has been moved to July 1, 2016. This is great news and quite a bit of breathing room if you are an entity in scope for CIP V5 compliance. This does not mean to stop the momentum you have already have with your High and Medium Impact facilities. The date extension helps because it aligns all of the standards with a consistent implementation date.
On February 4, 2016, Trade Associations filed a request that the Commission grant an extension of time to defer the implementation of the CIP version 5 Reliability Standards for entities with High and Medium Impact BES Cyber Systems from April 1, 2016 to July 1, 2016 to align with the effective date for the revised CIP Reliability Standards approved in Order No. 822. You can read more below for the direct link to the Order FERC released.
When do I start my CIP training and awareness program?
Here is what we recommend. This time extension gives much needed breathing room on finishing up your CIP V5 training and awareness program. As we have discussed before, you need to start delivering your CIP training program at least 30 days before the effective date of compliance. So now that the date has been moved to July 1, 2016 you should starting your program at the latest by June 1, 2016. That gives you enough time to send notifications out and follow up with all of your staff, contractors, and vendors on completing CIP Training.
With the new revisions of Transient Cyber Assets and Removable Media now confirmed as part of the revisions in CIP-004 R2, these must be included in your CIP training program. There is no penalty for training early and in fact the sooner you get this done, the more you can focus on other compliance activities. If you haven’t put together a solid CIP compliance training program yet or don’t know where to start, feel free to reach out to Curricula and we will guide you in the right direction.