The Controls Guidance and Compliance Failure Points document guides registered entities in assessing risks associated with their business activities and designing appropriate internal controls in response. WECC has identified generic control objectives to mitigate the risks associated with the associated risk categories and CIP-012-2. You may want to consider these three objectives:
Control Objective 1: Identify applicable data used in RTA and RTM. (Relates to Entity Coordination)
Control Objective 2: Define protections for RTA and RTM data transmitted between Control Centers. (Relates to Identity Management and Access Control)
Control Objective 3: Establish protocols or procedures for use in case of a loss of timely availability of RTA or RTM data transmitted between Control Centers. (Relates to Entity Coordination, Identity Management and Access Control)