I'm looking forward to connecting here with other utilities who are using or are planning to deploy IdentityIQ and/or File Access Manager. For those who don't know my background, I've been responsible for identity governance at SMUD (Sacramento Municipal Utility District) for nearly 20 years now. I guess I would call myself something of an Identity Evangelist. Talk about an identity journey, I've only recently (past 3-4 years) become more heavily involved with NERC CIP. It was particularly challenging from the outset because of having my feet set firmly in the SailPoint space on the corporate side, and although not too many utilities were using IdentityIQ for NERC CIP just a short time ago, I knew IIQ could handle CIP-004. Why the challenge? Convincing my management and peers in compliance that IdentityIQ could handle it with flying colors. They had nothing to compare it to, and it was a matter of leveraging the trust I'd build up over the years at SMUD to convince them it would work. Fortunately, we had a small but strong technical team with good access to resources on the compliance side. We got our compliance system in place almost 3 years ago now, and it has proven very successful.
Frankly, one of the best rewards for me personally in getting our NERC CIP compliance IIQ instance up and running was the success we had with our tri-annual audit last year. Executive level visibility can put you on edge, but that just made the teamwork and the months of preparation leading up all the sweeter a success. I can't help but remember the SailPoint competitor telling me flat out that I was going to fail when SMUD picked IdentityIQ instead of their niche solution. I appreciate the nudge.
I've enjoyed meeting and talking to so many of you in the industry over the last few years, and if you've chosen to partner with SailPoint for your NERC CIP compliance needs, but haven't quite yet initiated your compliance journey, I'm always willing to lend an ear and pass along what advice I can. For those of you in the trenches like me, I'd love to hear what challenges you've come across, and maybe how you've been able to meet those challenges with all the creativity and integration possibilities that SailPoint's product offerings enable.
All the best,
We do continue to maintain both instances, since we have the one previously designated as an EACMS inside a protected services network to communicate directly with our CIP assets (i.e., our PACS). The corporate instance and the CIP instance share a common database where the corporate instance will write or remove authorizations for things that the CIP instance will provision or deprovision. The CIP instance aggregates from this shared DB regularly throughout the day.