Published on 10 October, 2011
|With Quantum Secure, Salt River Project aims to streamline its physical identity efforts and increase security|
Quantum Secure, the leading provider of enterprise software to manage and streamline security identities, compliance and events across disparate physical security systems, recently announced that Salt River Project (SRP) has selected the SAFE for Energy Facilities software suite for its physical identity, access and compliance management, including audit, attestation, remediation and compliance for relevant NERC CIP regulations.
Phoenix-based SRP is the third-largest public power utility in the country and serves more than 940,000 electric customers through a variety of resources, including solar, wind, landfill gas, hydroelectricity, natural gas, coal and nuclear. SRP is also the largest supplier of raw water in the greater Phoenix metropolitan area, normally delivering more than 1 million acre-feet annually.
With the Quantum Secure SAFE for Energy Facilities solution, SRP aims to significantly streamline its physical identity and access management efforts and simplify its NERC compliance challenges, resulting in increased security, simplified management of CIP controls and substantially reduced costs related to physical security operations.
Systematic physical identity, access and real-time policy enforcement across the utility infrastructure - including remote distribution electric substations and access to control rooms by employees and contractors - should reduce corporate risk and save operating costs.
The SAFE for Energy Facilities solution automates the compliance of key NERC standards CIP 004-3 through CIP 006-3, including specific controls related to authorised unescorted physical access to critical cyber assets and the automation of access revocation due to cert expiration or employment termination in near real time across the entire physical access environment based upon NERC policies and rules. These controls also cover issues such as background checks, training, the trending of alarm events and enterprise-wide reporting.
"As with most critical infrastructure organisations, compliance and reporting are a very important part or our security efforts," said Jay Spradling, security manager for SRP. "It is our hope that the Quantum Secure SAFE for Energy Facilities solution will not only make our compliance and reporting easier, but also provide a major step forward in streamlining our security efforts."
Key benefits of the SAFE for Energy Facilities solution include:
- Centrally automates identity related processes including on-boarding, off-boarding, physical access requisition, approval and provisioning, change management, badging etc.
- Includes out-of-the-box integrations with systems like HRMS, IDMS, training systems, personnel risk assessment (PRA) systems and physical access control systems (PACS) to ensure synchronised, policy-based logical and physical access provisioning
- Automates enforcement and monitoring of compliance to NERC CIP requirements through pre-defined controls and associated policies and reports
- Web-based badging offering that includes badge design, data capture, rule-based production and ongoing management of badges
- Provides automated reviews and audit trail of all transactions related to physical access controls, metal key
- Policy automation to automatically control physical access based on business and compliance guidelines and policies
- Provides pre-defined reports and interactive dashboard views into key process, operational and compliance metrics of interest to physical security
"Our SAFE for Energy Facilities solution is a major step forward in the energy space," said Ajay Jain, president and CEO of Quantum Secure. "As a chosen technology by several critical nuclear and non-nuclear labs of the U.S. Department of Energy, along with our other commercial energy customers engaged in production and distribution of gas and electricity, we are enabling utility companies and nuclear sites to systematically and cost-effectively improve their compliance and risk management posture."