Back to Blog

Personnel Screening Requirements Under NERC CIP

PSI Team | Uncategorized

Personnel Screening Requirements Under NERC CIP

In 1968, the electric utility industry formed an organization that would eventually become the North American Electric Reliability Corporation (NERC). This international, non-profit organization provides standards for the Critical Infrastructure industry that runs the bulk power systems in the United States, Canada, and parts of Mexico. These standards exist to prevent and address disasters and threats to the Bulk Electric System, ensuring the reliability and access of the North American power grid. As a result, a crucial part of these standards revolves around personnel background screening, training, and security. You can find everything your company needs to know about personnel screening requirements under NERC CIP with this guide.


When NERC was originally formed, the biggest threats to the North American power grid were natural disasters and mechanical errors. With the rise of computer technology and electronic operations, however, cybersecurity and digital threats became more and more significant. As a result, the NERC formed a set of Critical Infrastructure Protection (CIP) guidelines. This plan consists of nine standards and 45 requirements that focus on critical cyber assets and cybersecurity in the Bulk Electric System. The NERC CIP guidelines also address personnel training and security, which require a certain level of risk assessment regarding individuals who have authorization and access to critical cyber assets.

Personnel Screening Requirements Under NERC CIP

Energy and utility companies must do their part to help protect the Bulk Electric System. Part of this responsibility means making safe hiring decisions and holding employees accountable during their time at the company. The NERC Standard CIP-004-03a revolves specifically around “Cyber Training – Personnel & Training” and provides guidelines as to the appropriate amount of risk assessment for all personnel. Anyone who has authorized cyber access or unescorted physical access to critical cyber assets, including third-party contractors and vendors, should undergo this risk assessment. At minimum, this process must include identity verification and a seven-year criminal background check. Additionally, the company must update these risk assessments at least once every seven years. Companies must also thoroughly and accurately document all results of these risk assessments.

The Importance of Professional Screening for NERC CIP

Companies must follow the NERC CIP guidelines to ensure the safety and security of our national power system. That’s why it’s important to find a reliable and professional background screening service. Here at PSI Background Screening, we provide fully compliant NERC CIP background checks to keep your company and personnel accountable. Work with our team to ensure every hiring decision meets and exceeds these standards.