Ampyx Cyber Blog

The Intersection of Regulation & Resilience

Inside the ERPQ: How One Form Shapes Your Audit
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

Inside the ERPQ: How One Form Shapes Your Audit

NERC's Currently Compliant Episode 9 introduced the consolidated Entity Risk Profile Questionnaire (ERPQ). What the podcast did not draw is the bigger picture: with ICE eliminated and continuous internal controls evaluation now embedded across CMEP, the ERPQ is the entry point into how the ERO Enterprise sees you for every monitoring cycle.

Read More
How CMEP Version 8 Reshapes NERC’s Compliance Model
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

How CMEP Version 8 Reshapes NERC’s Compliance Model

The CMEP Version 8 does not rewrite NERC compliance, rather it stabilizes it. Building on years of evolution, the updated Manual reinforces risk-based oversight, professional judgment, technical competence, and enterprise consistency across all Reliability Standards. The result is a more mature, defensible compliance model that shapes how audits, enforcement, and reliability governance now operate.

Read More
From Spot Evaluations to Continuous Oversight: NERC’s New Internal Controls Model
Policy Pulse Patrick Miller Policy Pulse Patrick Miller

From Spot Evaluations to Continuous Oversight: NERC’s New Internal Controls Model

NERC’s December 2025 ERO Enterprise Guide replaces the old ICE model with continuous, risk based internal control oversight embedded across CMEP and Joint Monitoring. This shift makes control design, evidence, and effectiveness a core driver of Compliance Oversight Plans (COPs), audit depth, and how the Regions measure compliance maturity.

Read More