Information

  • Document No.

  • Audit Title

  • Client / Site

  • Conducted on

  • Prepared by

  • Asset Personnel

1. ID Sections

Infrastructure Dependency Sections

  • Complete sections indicated as critical to assets core operations in the AMQ. Check all sections that have been completed during the IAV.

  • Electric Power Dependency

  • Natural Gas Dependency

  • Communications Dependency

  • Information Technology Dependency

  • Water Dependency

1.1 Electric Power Dependency

Electric Power Dependency

  • Asset Name/Critical Node Name

  • Is the electric power required for the facility for core operations (produce key services, goods)?

General Electric Power Detail

  • What is the primary use for electric power?

  • Describe

  • What primary electric power sources apply?

Internal Electric Power Sources

  • What is the Internal source?

  • What type of power cycle is used by the cogeneration unit? <br><br>* Enter only when you select “Cogeneration Unit on –site” for the types of internal electric power sources?

  • Which fuel(s) are used by the Power Plant/Cogeneration Unit?

  • Specify

  • Does Power Plant/Cogeneration Unit generate enough electricity to handle full facility load?

  • Percent of Peak Facility Demand generated.

  • Does Power Plant/Cogeneration unit provide electricity externally (i.e. the facility has the right to sell energy and capacity to its host utility or the grind)?

  • Electric Power Internal Source Briefing Notes

External Electric Power Sources

  • Electric Power Provider/Supplier Name

  • Unknown

  • Name or Location

  • Describe

  • Name or location (2nd substation)

Electric Power Protective Measures

  • How many electric service connections are there for the facility?

  • Can each service connection handle entire facility load?

  • If there are multiple service connections handle entire facility?

  • Describe

  • Service connections into the facility are located?

  • Are there service connections co-located with other utilities (e.g. utility corridors for natural gas, telecommunications, fiber, water, etc?)

  • Describe

  • Are there protective measures in place inside the building supporting the electrical system (e.g., locked electrical cabinet or room)?

  • Describe

  • Are there protective measures in place outside the building supporting the electrical system (but still within control of facility, e.g., bollards or box around facility-owned transformer)?

  • Describe

  • Electric Power Protective Measures Briefing Notes

Electric Power Back-Up Generation

  • On-Site Back-Up Generation

  • Backup Generator Exists?

  • Type of backup generator (diesel generator, natural gas, other)?

  • Specify

  • Is refueling necessary?

  • Fuel Supplier Name

  • Contracts or procedures are in place for refuel in emergency?

  • Duration of backup generation without refueling?

  • Refuel Unit

  • What is the purpose of backup generation?

  • Is back up routinely tested under load (e.g., with facility functions being served off of the generator in real-time, not just tested to see if it turns on)?

  • How often?

  • Describe

  • Uninterrupted Power System (UPS)/Battery back-up exists on site?

  • Duration of UPS/Battery back-up?

  • Duration Unit

  • What is the purpose of the UPS/Battery back-up?

  • Back Generation Briefing Notes

Electric Power Loss of Service

  • Has the facility experiences electric service outages within the last year?

  • Is there a Contingency/Business Continuity Plan with provider for restoration?

  • Explain

  • Does the facility participate in provider priority plan for restoration?

  • Explain

  • If all electric service is lost (without considering any back-up or alternative mode), how soon would the facility be severely impacted?

  • Once electric service is lost (and any back-up or alternative fuel is employed), what percentage of normal business functions are lost or degraded?

  • Electric Power Loss Briefing Notes

Overall Electric Power Comments

  • Overall Electric Power Comments

Electric Power Commendable

  • Electric Power Commendable

  • Add an additional Electric Power Commendable record

  • Electric Power Commendable
  • Electric Power Commendable

1.2 Natural Gas Dependency

Natural Gas Dependency

  • Asset Name/Critical Node Name

  • Is natural gas required for the facility for core operations (produce key services, goods)?

General Natural Gas Detail

  • What is the primary goal for natural gas?

  • Describe

External Natural Gas Sources

  • Natural Gas Supplier

  • How many natural gas service connections are there for the facility?

  • Can each service connection handle entire facility load?

  • If there are multiple service lines, where do the lines enter the facility?

  • Describe

  • Are the main service lines collocated with other utilities (e.g. water utility corridors with eclectic, communications, fiber, water, etc.)?

  • Components of the natural gas supply located inside the building (but within control of facility) are protected from vandalism or accidental damage?

  • Components of the natural gas supply located outside of the building (but still within the control of facility) are protected from vandalism or accidental damage?

  • What is the natural gas distribution system?

  • Natural Gas protective Measures Briefing Notes

Natural Gas Back-Up

  • Is there backup gas or an alternative fuel source (e.g. propane or electricity)?

  • Describe

Natural Gas Loss of Service

  • Has the facility experienced natural gas service outages within the last five years?

  • Is there a Contingency/Business Continuity Plan with provider for restoration?

  • Explain

  • Does the facility participate in provider priority plan for restoration?

  • Explain

  • If all natural gas service is lost (without considering any back-up or alternative mode), how soon would the facility be severely impacted?

  • Once natural gas service is lost (and any back­ up or alternative fuel is employed), what percentage of normal business functions are lost or degraded?

  • Natural Gas Loss Briefing Notes

Overall Natural Gas Comments

  • Overall Natural Gas Comments

Natural Gas Commendables

  • Natural Gas Commendable

  • Add an additional Natural Gas Commendable

  • Commendable
  • Natural Gas Commendable

1.3 Communications

Communications Dependency

  • Asset Name/Critical Node

  • Are communications required for the facility for core operations (produce key services, goods)?

General Communications Detail

  • Which of these communication services are critical to facility operations?

  • What is the primary critical communications mode (mode the loss of which would result in the most severe impact to facility functions)?

Telephone Mode

  • What is the primary critical telephone usage?

  • What is the primary off-premises communications service is utilized?

Data Mode

  • What is the primary critical data services usage?

  • What is the primary off-premises communications service is utilized?

Radio Mode

  • What is the primary critical radio usage?

  • What is primary communication service utilized?

Protective Measures for Primary Critical Communications Mode and Service

  • What protective measures are employed for the primary telecommunication service?

  • Describe

Impact of Loss of Primary Communications Mode & Service

  • Has the facility experienced telecommunication service outages within the last year?

  • Is there a Contingency/Business Continuity Plan with provider for restoration?

  • Explain

  • Does the facility participate in provider priority plan for restoration?

  • Explain

  • If all primary telecommunications service is lost (without considering any back-up or alternative mode), how soon would the facility be severely impacted?

  • If primary mode of telecommunication service is lost, what would you use as back-up?

  • Once the facility is on back-up telecommunications service mode, what percentage of normal business functions are lost or degraded?

Communications Briefing Notes

  • Communications Briefing Notes

Overall Communications Comments

  • Communications Briefing Notes

Communications Commendables

  • Communications Commendable

  • Add an additional Communication Commendable

  • Commendable
  • Communications Commendable

1.4 IT Dependency

Information Technology Dependency

  • Asset Name/Critical Node Name

  • Is Information Technology required for the facility for core operations (produce key services, goods)?

General Information Technology Detail

  • Do you report cyber security events to external parties (e.g., State Computer Security Incident Response Teams, US-CERT, law enforcement, information sharing forums, others)?

  • Do you consult external sources of vulnerability information and solutions (e.g., United States Computer Emergency Readiness Team (US-CERT), Computer Emergency Response Team Coordination Center (CERT/CC), SysAdmin, Audit, Network, Security (SANS) Institute, system vendors, etc.)?

  • How often are external sources consulted?

Internet Services

  • Are Internet services required for facility core operations?

General Internet Services Detail

  • What are the critical uses for Internet service?

  • Business Network Description

  • What types of control systems are used?

  • SCADA Description

  • PCS Description

  • What is the primary critical Internet mode (mode the loss of which would result in the most severe impact to facility functions)?

  • From which is acquisition of primary critical Internet access obtained?

  • Supplier

  • Describe

Internet Services Protective Measures

  • Have critical systems and components for providing Internet service been identified?

  • Describe

  • Is there more than one service connection (location) at the facility?

  • Are they in different geo-locations?

  • Describe

  • Is the internet service connection co-located with server room?

  • Are service connections located underground?

  • Service connection terminate in a protected room/facility/building?

Internet Loss of Service

  • Has the facility experienced Internet service outages within the last 6 months?

  • Is there a Contingency/Business Continuity Plan with provider for restoration?

  • Describe

  • If primary mode of Internet access is lost completely (and no back-up is employed), within what time period would the facility be degraded?

  • If primary Internet mode is lost, what would be used for back-up at this facility?

  • Once the facility is on back-up mode, what percentage of normal functions are lost or degraded.

Internet Service Briefing Notes

  • Notes

Overall Internet Service Comments

  • Comments

Internal IT Systems

  • Are internal IT systems required for facility core operations?

General Internal IT Systems Detail

  • What are the critical uses for internal IT systems?

  • Business Network Description

  • What types of control systems are used?

  • SCADA Systems

  • PCS

  • What is the primary critical internal IT mode (mode the loss of which would result in the most severe impact to facility functions)?

Primary Internal IT Systems protective measures

  • Have critical systems and components been identified?

  • Describe

  • Are there redundant separated critical servers or network components?

  • Does the facility use Back-up Data Storage?

  • How often are back-ups performed?

  • Are data restores performed and verified (e.g., back-up data is restored and checked to see if it works)?

  • Is access to control/computer rooms and remote equipment is controlled?

  • Describe

  • Is there both a control and business network?

  • Is there network segmentation between control networks and business networks?

  • Describe Segmentation

Remote Access Policy

  • What is the remote access policy?

  • Are there user controls in place for staff?

  • Describe

  • Are there user controls in place for vendors?

  • Describe user controls

  • Can employees use remote access to continue operations during circumstances that may preclude access to the facility (e.g., hurricane aftermath or pandemic situations)?

  • Describe

Wireless Access Policy

  • What is the remote access policy?

Administration Policy

  • Has a cyber security assessment conducted? (internal only, external resources)?

  • Who conducted the cyber security assessment

  • Describe

  • How often?

  • Is there a cyber security plan?

  • Describe

  • Are employees trained on trained on appropriate security practices?

  • How often are Administrators trained on appropriate security practices?

  • How often are general employees trained on appropriate security practices?

  • Are security scans performed?

  • How often are security scans performed?

  • Is encryption used to transmit data?

  • Are standard configurations in place to harden Operating Systems?

  • If yes, select all that apply

  • Are isolated test beds used for configuration changes (e.g., isolated system to test new equipment and software)?

Impact of Loss of Primary Internal IT System

  • If primary mode of primary internal IT system is lost completely (and no back-up is employed), within what time period would the facility be degraded?

  • If IT systems are lost, what would be used for back-up?

  • Describe

  • Once the facility is on back-up IT mode, what percentage of normal functions are lost or degraded?

Internal IT System Briefing Notes

  • Notes

Overall Internal IT Systems Comments

  • Comments

Information Technology Commendables

  • IT Commendable

  • Add an additional IT Commendable

  • IT Commendable
  • IT Commendable

1.5 Water Dependency

Water Dependency

  • Asset Name/Critical Node name

  • Is water required for the facility for core operations (produce key services, goods)?

General Water Detail

  • What is the purpose(s) of water usage?

  • Describe why it's critical to facility operations

  • What primary water sources apply?

Internal Water Sources

  • What type of internal water sources apply?

  • Describe

  • Do on-site sources produce enough water to handle full facility load?

  • Percent of Demand

External Water Sources

  • Water Provider

  • How many water service connections are there for the facility?

  • Can each service connection handle entire facility load?

  • If there are multiple service lines, where do they enter the facility?

  • Describe

  • Are the main service lines collocated with other utilities (e.g., utility corridors with electric, Communications, fiber, etc.)?

  • Are components of the water service located inside of the building (but still within control of facility) protected from vandalism or accidental damage?

  • Describe

  • Are components of the water supply located outside of the building (but still within control of facility) are protected from vandalism or accidental damage?

  • Describe

Loss of Water Service

  • Has the facility experienced water service outages within the last 5 years?

  • Is there a Contingency/Business Continuity Plan with provider for restoration?

  • Explain

  • Does the facility participate in provider priority plan for restoration?

  • Explain

  • Is there on-site water storage?

  • Quantity

  • Quantity type

  • Can on-site storage support full core operations?

  • Duration

  • Duration Type

  • If all water service is lost (without considering any back-up or alternative mode), how soon would the facility be severely impacted?

  • If water service is lost (and any backup is implemented) what percentage of normal business functions are lost or degraded?

Water Briefing Notes

  • Notes

Overall Water Comments

  • Comments

Water Commendables

  • Commendable

  • Add an additional Commendable

  • Commendable
  • Commendable

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.