Digital illustration of a power grid with transmission towers and electrical substations, depicted in a dark theme with glowing lines connecting the structures, and small houses surrounding the area.

Supply Chain & CIP-013

Risk Consulting for Utilities and Critical Infrastructure

Eadric Group helps small and medium utility providers manage vendor, cyber, and physical supply chain risk. Starting with FERC-approved NERC CIP-013 and extending into the broader risks that impact reliability and resilience.

Our Services

Illustration of a power line tower with multiple electrical lines connecting to small houses and buildings, with small human figures nearby.

CIP-013 Supply Chain & Vendor Risk Readiness Review

A focused, remote engagement to get your CIP-013 program under control before the auditor does.

We review your policies, vendor processes, and sample contracts; talk with your team; and deliver a clear picture of where you’re strong, where you’re exposed, and what to fix first.

You get:

• Review of CIP-013 policy, procedures, and vendor risk processes

• Assessment of vendor onboarding, contract language, and ongoing monitoring

• Evaluation of how vendor access, updates, and changes are managed for critical systems

• Findings report with risk-ranked gaps and likely audit pain points

• Prioritized remediation roadmap

• Live readout session with Q&A

Illustration of a water tower and a gas tank with oil drop icons, surrounded by small houses and people, in a stylized, monochromatic blue tone.

Critical Infrastructure Vendor & Supply Chain Risk Review (Non-NERC Utilities)

For water, gas, and other utilities without NERC CIP, but with real vendor and supply chain exposure.

We adapt proven patterns from NERC CIP-013 and federal critical infrastructure work to fit your environment and regulatory context. We provide a clear view of your vendor, cyber, and physical supply chain risk posture and identify your most critical vulnerabilities.

We focus on both your cyber and physical supply chains:

Cyber supply chain:

  • OT/IT hardware and software vendors

  • Integrators, remote access providers, managed service providers

  • Firmware, patching, and update processes

  • How third parties connect to and support critical systems

Physical supply chain:

  • Clear view of your current vendor & supply chain risk posture

  • Practical recommendations you can implement with the team you have

  • A roadmap you can show to leadership, boards, and insurers

Illustration of a government building with a flag on top, surrounded by icons for shipping box, fuel droplet, gear, map location, and small houses, with small human figures nearby.

Government and Logistics Support

While our primary focus is supply chain and vendor risk for critical utilities, Eadric Group also supports logistics and government contracting efforts, especially in the federal and state public sector.

Our team’s background includes work with United States Special Operations Command (USSOCOM), the U.S. Department of Defense (DoD), the Cybersecurity and Infrastructure Security Agency (CISA), and the public utility and energy sector, as well as experience navigating federal acquisition and logistics environments. We leverage that experience to help:

  • Align logistics and supply support with mission and readiness requirements

  • Improve supplier performance, spares planning, and sustainment strategies

  • Support government contracting and proposal efforts related to supply chain, logistics, and critical infrastructure risk

  • Develop and deliver supply chain risk management (SCRM) training for leadership, program managers, and acquisition/logistics personnel

If you’re a federal or state agency or a prime contractor looking for a small, specialized partner with deep SCRM and logistics experience, we’re happy to discuss how we can fit into your team.

About
Eadric Group

Eadric Group is a Minnesota-based supply chain and critical infrastructure risk firm focused on small and medium utilities and public-sector clients.

Our leadership stood up the first supply chain risk management (SCRM) program within USSOCOM, supported CISA’s National Risk Management Center (NRMC) on U.S. critical infrastructure risk, and led a critical mineral dependency project on emerging technologies that was briefed to the National Security Council.

Our team includes:

• A software engineer with expertise in implementing technical controls and managing compliance evidence under NERC CIP and federal cybersecurity frameworks.

• A Supply Chain Risk Management (SCRM) specialist who has led SCRM efforts in high-impact operational settings, translating threat intelligence and supply chain insights into practical controls.

• A Senior IT & Network Security Specialist who designs and evaluates secure network architectures, segmentation, and remote access for critical systems.

• Logistics & Operations Specialists with deep experience in supplier performance, spares planning, and operational sustainment.

We bring national security and critical infrastructure work experience to small and medium electric, water, and gas utilities, as well as select government and prime contractor partners, in a way that is practical, right-sized, and focused on real risk reduction.

Contact US

Whether you’re preparing for a NERC CIP audit, facing questions from leadership or insurers, or just want an honest view of your vendor and supply chain exposure, we’d be happy to talk.