Download Free North American Reliability Corp (NERC) Critical Infrastructure Protection (CIP) standards or simply NERC/CIP is a set of Cyber Security Framework standard that force of by law by the Federal Energy Regulatory Commission (FERC). This standard consist of several domain such as:

CIP-001-1 Sabotage Reporting
Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.

CIP-002-1 Critical Cyber Asset Identification
NERC Standards CIP-002 through CIP-009 provides a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

CIP-002-2 Cyber Security - Critical Cyber Asset Identification
NERC Standards CIP-002-2 through CIP-009-2 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

1. Ensuring the confidentiality and integrity of your organization’s data-in-transit to and from your public cloud provider

2. Ensuring proper access control (authentication, authorization, and auditing) to whatever resources you are using at your public cloud provider

3. Ensuring the availability of the Internet-facing resources in a public cloud that are being used by your organization, or have been assigned to your organization by your public cloud providers

Download Free SAS 70 (Statement on Auditing Standards no 70) Report Content Templates

The SAS 70 type ii report includes three required sections: the auditor’s opinion, the service organization’s description of controls, and tests of operating system effectiveness and the results of those tests. The report may also include an additional section with other information provided by the service organization (provided for informational purposes but not subject to audit).

Section I: Service Auditor’s Opinion
The following is example SAS 70 Type II audit opinion text for a scenario in which the service organization achieves the specified control objectives. The opinion would be modified to suit the circumstances of the specific audit.

Section II: Description of Controls
The service organization’s description of controls typically includes narrative descriptions of the following components:
• Overview of operations
• Description of services provided by the service organization that are covered in the report
• Control objectives and supporting control activities
• Control environment, risk assessment processes, and monitoring processes
• Information systems and communication processes
• User control considerations (i.e., controls that users of the service organization should have in place to address their responsibilities with regard to controls over the service)

1. Strategic alignment did not match the business goals.
2. There were communication breakdowns.
3. Up-front buy-in was not obtained.
4. User involvement was inadequate.
5. There were poor user inputs.
6. Stakeholder conflicts existed.
7. The requirements were vague.
8. User requirements were not firmly nailed down.
9. User requirements may have changed midway.
10. Poor cost and schedule estimates existed.

Download Free IT Contingency Plan Activation and Recovery Templates. This simple templates could be used for IT Contingency Plan Activation and Recovery.

1. NOTIFICATION AND ACTIVATION PHASE
This phase addresses the initial actions taken to detect and assess damage inflicted by a disruption to {system name}. Based on the assessment of the event, the plan may be activated by the Contingency Planning Coordinator.