GridUnity Certified Compliant with NIST 800-171 Cybersecurity StandardPosted May 05, 2020
Independent Audit Verifies GridUnity’s Information Security Controls and Processes using NIST 800-171
BOSTON, MA, – May 5, 2020 – GridUnity, developers of a software platform used by Independent System Operators and electric utilities to manage customer interconnections and perform advanced grid planning, today announced that they have received their Federal Information Security Management Act (FISMA) compliance audit, passing without a single compliance issue. GridUnity’s software enables the intelligent incorporation of renewable energy sources into the electric grid. This audit verifies that GridUnity ensures the highest level of data security by following a stringent set of baseline security controls from the National Institute of Standards and Technology (NIST) Special Publication 800-171.
GridUnity’s final compliance report on FISMA documents the physical, administrative, and technical safeguards they have implemented, the effectiveness of their risk management strategy, and how their controls achieve FISMA compliance. KirkpatrickPrice, a licensed CPA firm, helped GridUnity through the process of achieving compliance with FISMA, using NIST SP 800-171, and developing a maintenance plan to ensure that the company remains in compliance on an ongoing basis. Annual audits will ensure that GridUnity continues to follow current best practices.
NIST is responsible for developing standards and guidelines to ensure adequate information security for all U.S. federal agency operations and assets. However, the guidelines developed by NIST are not just for federal agencies but are designed to be used as guidance to protect Controlled Unclassified Information (CUI) within the information systems of nonfederal organizations.
“Attaining compliance is not a trivial undertaking, but we prioritized it and allocated the resources necessary to achieve it because we believe that energy data security is, and will continue to be, a critically important issue for utilities,” said GridUnity CEO Brian Fitzsimons. “Protecting our clients’ data with this level of attention to detail and care demonstrates that we share their concerns, which is why they trust us with their information and their customers’. It’s also one of the ways in which we distinguish ourselves in the market, as we are the only provider we know of who has achieved this milestone.”
“FISMA is a stringent framework built on guidelines issued by NIST,” said Joseph Kirkpatrick, Managing Partner with KirkpatrickPrice. “GridUnity’s clients, representing some of the most innovative utilities in the country, will be pleased to know that they have taken this step towards assessing and managing their risks while creating an increased awareness of information security.”
GridUnity® is a pioneer in cloud-based distributed energy analytics solutions. Our advanced grid planning and operations capabilities are leading the global shift toward highly reliable and responsive distributed energy operations. GridUnity is the only solution that integrates customer engagement, engineering automation and distribution system planning in one unified platform, enabling our clients to transform their customer service and operational model. Clients include North American investor owned utilities and independent system operators serving 17 U.S. states and 18% of the of the US population. For more information, please visit gridunity.com.
KirkpatrickPrice is a licensed CPA firm, PCI QSA, and a HITRUST CSF Assessor, registered with the PCAOB, providing assurance services to over 600 clients in more than 48 states, Canada, Asia, and Europe. The firm has over 13 years of experience in information security and compliance assurance by performing assessments, audits, and tests that strengthen information security and internal controls. KirkpatrickPrice most commonly provides advice on SOC 1, SOC 2, HIPAA, HITRUST CSF, PCI DSS, GDPR, ISO 27001, FISMA, and CFPB frameworks. For more information, visit www.kirkpatrickprice.com, follow KirkpatrickPrice on Twitter (@KPAudit), or connect with KirkpatrickPrice on LinkedIn.