Ampyx Cyber Blog

The Intersection of Regulation & Resilience

Inside the ERPQ: How One Form Shapes Your Audit
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

Inside the ERPQ: How One Form Shapes Your Audit

NERC's Currently Compliant Episode 9 introduced the consolidated Entity Risk Profile Questionnaire (ERPQ). What the podcast did not draw is the bigger picture: with ICE eliminated and continuous internal controls evaluation now embedded across CMEP, the ERPQ is the entry point into how the ERO Enterprise sees you for every monitoring cycle.

Read More
CMEP Version 9: Maintenance on the Surface, Three Signals Underneath
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

CMEP Version 9: Maintenance on the Surface, Three Signals Underneath

NERC released CMEP Manual Version 9 on March 1, 2026. On the surface it is a maintenance release. Underneath, three signals matter: the Global Internal Audit Standards join the authoritative guidance stack, Rules of Procedure Appendix 4C moved, and a decade-old CIP Version 3 artifact got scrubbed from the Sampling Guide. None of it redraws CMEP. All of it reinforces v8's direction.

Read More