PRA Service
Why outsource your PRA service to Ampyx Cyber?
Ampyx Cyber provides Personnel Risk Assessment (PRA) services to assist utilities subject to the NERC CIP Standards. Streamline your approach and reduce administrative burden for your organization to comply with CIP-004 Requirement 3 Personnel Risk Assessment requirements. Our process confirms the individuals’ identities, performs a criminal history search and evaluations of the results. An audit-ready, final report is created for each PRA and provided to you as time-stamped evidence of the assessment. Assessment criteria is developed to meet your internal processes, best practices, and comply with PRA requirements.
Audit-Ready Documentation
Your PRA documentation will impress auditors with the attractive format and easy to digest layout - as well as the attention to detail and helpful direct references to the CIP standard.
Senior-Level Staff
Ampyx Cyber uses only the most senior-level staff in the conduct of your PRA – serious ex-utility professionals with decades of security and compliance experience. The quality of our work is unmatched. See our credentials here.
fast and efficient
Most of our PRAs are completed within two days or less - from initial request to report. We have a light touch with minimal impact to staff that won’t waste your time or consume resources.
screening details are optional
Some organizations don’t want the details, they just want to know pass/fail. Our service gives you the option to know - or not know - the details from the background screen. If you want the details, all findings and concerns are fully discussed and validated to ensure you are in the loop.
CIP Consulting Included
Ampyx Cyber PRA professionals are highly experienced with the NERC CIP standards and, while engaged in your PRA, are available to answer to your CIP compliance questions. The benefit of having one Ampyx Cyber consultant on your project means you have immediate access to the full body of knowledge of our entire team.
CIP Compliance PRA Coverage range
CIP-004-6 R3.1 - Process to confirm identity: Ampyx Cyber utilizes Social Security Number (SSN) validation to confirm the identity of the individual.
CIP-004-6 R3.2 - Process to perform a seven year criminal history records check as part of each personnel risk assessment that includes:
CIP-004-6 R3.2.1 - current residence, regardless of duration; and
CIP-004-6 R3.2.2 - other locations where, during the seven years immediately prior to the date of the criminal history records check, the subject has resided for six consecutive months or more.
Ampyx Cyber utilizes the following criminal history databases to ensure a complete check is performed capturing all potential criminal history records:
County Criminal (Past 7 Years Criminal)
Federal Criminal (Past 7 Years Criminal)
Enhanced Nationwide Criminal (7 Years Criminal - Max 1 Jurisdiction)
International Criminal (7 Years Criminal - Max 1 Jurisdiction) – only performed if the individual has/had international residency
CIP-004-6 R3.2 - If it is not possible to perform a full seven year criminal history records check, conduct as much of the seven year criminal history records check as possible and document the reason the full seven year criminal history records check could not be performed.
In the event a full check is not able to be performed, Ampyx Cyber will evaluate all available records and document the reason a full seven year history was not able to be performed in a final PRA Assessment Report created for each individual candidate.
CIP-004-6 R3.3 - Criteria or process to evaluate criminal history records checks for authorizing access:
Criteria is developed separately for each entity, allowing us to customize criteria based upon your organization’s requirements for any prospective candidates and existing employees or contractors. Ampyx Cyber uses your criteria when analyzing criminal history records to provide you a final pass or fail result and justification for the final result. We have the ability to construct a final report to any level of detail required by your organization.