Welcome! [] Two Presentation.pdf · • Regional staff and registered entity trainings will be rescheduled to after September 15 at the earliest; based on the schedule set up by NERC

RELIABILITY | RESILIENCE | SECURITY

Welcome!NERC 2019 Compliance and Standards Workshop Embassy Suites by Hilton Minneapolis

July 24, 2019

RELIABILITY | RESILIENCE | SECURITY2

It is NERC’s policy and practice to obey the antitrust laws and to avoid all conduct that unreasonably restrains competition. This policy requires the avoidance of any conduct that violates, or that might appear to violate, the antitrust laws. Among other things, the antitrust laws forbid any agreement between or among competitors regarding prices, availability of service, product design, terms of sale, division of markets, allocation of customers, or any other activity that unreasonably restrains competition.

NERC Antitrust Compliance Guidelines


Participants are reminded that this meeting is public. Notice of the meeting was posted on the NERC website and widely distributed. The notice included the number for dial-in participation. Participants should keep in mind that the audience may include members of the press and representatives of various governmental authorities.

Public Announcement


• 8:00 – 8:15 a.m.: Opening Announcements Chris Boyd-Witherspoon

• 8:15 – 9:00 a.m.: Compliance Certification Committee Update Jennifer Flandermeyer Steven Noess

• 9:00 – 10:00 a.m.: Compliance Oversight Program Jeff Hargis Jeff Norman Yvette Landin

• 10:00 – 10:15 a.m.: Updates on 2019 Technology David Calderon

• 10:00 – 10:30 a.m.: Break

Today’s Agenda


• 10:30 – 11:00 a.m.: Updates on 2019 Technology Ryan Stewart

• 11:00 – 11:30 a.m.: Coordinated Oversight of Multi Region Registered Entities (MMRE): Fahad Ansari

• 11:30 – 12:00 p.m.: Internal Controls Enforcement Ed Kichline

• 12:00 – 1:00p.m.: Lunch• 1:00 – 1:45 p.m.: CMEP and Compliance Guidance Updates Kiel Lyons Ryan Mauldin

Today’s Agenda


• 1:45 – 2:30 p.m.: CIP Update – Supply Chain and CIP Practice Guides Lonnie Ratliff

• 2:30 – 2:45 p.m.: Break• 2:45 – 3:15 p.m.: Standards Under Development Updates Howard Gugel

• 3:15 – 3:45 p.m.: Standards Efficiency Review Chris Larson

• 3:45 – 4:15 p.m.: Registration and Certification Updates Ryan Stewart

• 4:15 – 4:35 p.m.: General Q&A Chris Boyd-Witherspoon

• 4:35 – 5:00 p.m.: Closing Announcements Steve Noess

Today’s Agenda



Compliance Certification Committee UpdateJennifer Flandermeyer, Evergy, Director, Federal Regulatory Policy, Chair NERC CCCSteven Noess, NERC, Director, Regulatory Programs2019 Compliance and Standards WorkshopJuly 24, 2019


NERC Standing Committees

Compliance and Certification Committee

Reliability Issues Steering Committee

Critical Infrastructure Protection Committee

Standards Committee

Operating Committee

Planning Committee

Advisory Committees Technical Committees

Compliance and Certification Committee (CCC) Advises NERC Board of Trustees and Senior Staff


CCC Background

NERC Board-appointed

stakeholder committee

Engages with, supports, and advises

the NERC Board regarding the Compliance

Monitoring and Enforcement Program (CMEP), Organization

Registration and Certification program

(ORCP)

Monitors NERC’s compliance with the Rules of Procedure for these programs

Monitors NERC’s compliance with the Rules of Procedure

regarding the Reliability Standards

development process

• Exception of appeals


Membership

• Investor-Owned Utility• State/Municipal Utility• Cooperative Utility• Federal or Provincial Utility/

Federal Power Marketing Administration• Transmission Dependent• Merchant Electricity Generator• Electricity Marketer• Large End-use Electricity Customer• Small End-use Electricity Customer• Independent System Operator/

Regional Transmission Organization• Regional Entity• Government


Industry Partnership


• Provide advice and support for CMEP as well as Registration and Certification processes

• Participate in development of ERO Stakeholder Effectiveness Survey

• Partner with ERO Enterprise related to review and comment of draft RSAWs

• Develop NERC criteria for Regional oversight• Provide input on development of

Implementation Guidance process• Provide Stakeholder input on the ERO

Enterprise Program Alignment Process• Participate in discussions to identify

emerging risks to reliability

CCC Work Plan


Feedback Loops

Members active involvement in

compliance forums

Barometer for NERC on

compliance and enforcement

initiatives

Liaisons to trade organizations,

membership forums, industry forums,

regional compliance committees

RE


Key Support Efforts

• Enterprise Wide Risk Committee participation

• Key partnership in Program Alignment

• Partnership with Standards Committee on Standards

Efficiency Review (SER) – SER Advisory Group member

• Stakeholder Survey (Program Focused)

• Collaboration with NERC on Technology Projects (Align, CORES)

• Stakeholder Feedback Loop on Guidance

• Feedback Loop for CMEP Implementation and Design Resources


COLLABORATION IS KEY

Key Collaboration Initiatives

Key Partners – Compliance Assurance, Enforcement and Internal Audit

Industry Outreach

Stakeholder Survey and Feedback

Focus Discussion

Topics

ERO Program

Alignment

Compliance Guidance


ERO Program Alignment Working Group

NERC Initial Review

Resolution of Issue and Posting Results

Issue Raised by Registered Entity

Input from CCC and Program Alignment

Working Group

• Aids in the screening of information, as appropriate

• Supports further investigation of a potential issue as requested by NERC

• Providing suggested resolutions, as appropriate

• Works directly with stakeholders to shape issue to be reviewed


• Test Testo Test

– Test

Program Alignment Process

•Program Oversight and Monitoring•Survey Responses•Stakeholder Reporting•NERC Central Repository

TrackIdentify & Capture Issues

•NERC Initial Screening•Regional Input and CCC Alignment Working Group Engagement•Materiality and Priority•Responses and Recommendations

TriageClassify, Analyze, &

Prioritize

•Program Alignment – Issues and Recommendations Tracking•Quarterly Reporting•Regional Program Information

Transparent Post & Report


Resources

Regional Program Information Resources

Consistency Reporting Tool

Issues & Recommendations

Tracking


• Test Testo Test

– Test

Program Alignment Page


Regional Program Information Matrix


Issues and Recommendations/Resolutions

Issues and Recommendations/Resolutions


Issues and Recommendations/Resolutions Tracking


• Program Alignment enables stakeholders to raise perceived alignment issues

• NERC is committed to providing transparency to the submitter and stakeholders

• Industry alone, and through the CCC, participates in the process • ERO Enterprise needs stakeholder input to improve alignment

Closing



Compliance Oversight Plan Process EnhancementsJeff Hargis, Texas RE, Manager of Risk Assessment Jeff Norman, MRO, Director of Compliance Monitoring Yvette Landin, NERC, Compliance Assurance Advisor2019 Compliance and Standards WorkshopJuly 24, 2019


Overview

• Maturation of risk-based assessment processes• Compliance Oversight Plan (COP) Process Highlights• Inputs – Qualitative and Quantitative Data• Targeted Oversight Risk Categories

• Oversight Strategies• Performance Impact • Contents of the COP Report• Implementation Timeline• Q&A


Maturation of Risk-based Assessment Processes

2016 2018 2019 - 2020

IRA Process Harmonization

COP Process Harmonization

Transition Period


Updated COP Process Highlights

Enhanced AnalysisAnalysis of

inherent and performance

data provides an understanding of an entity’s overall inherent risk and

performance profile

Targeted Oversight

Provides considerations for

an entity’s continuous

improvement and a focus to a

Regional Entity for its compliance

monitoring activities

Prioritized MonitoringIdentifies target

interval for oversight, primary

monitoring tools, and informs

annual planning

Single Report

One report to provide both inherent risk assessment

results and the compliance

oversight plan


Inputs – Quantitative and Qualitative Data

Inherent risk assessment – quantitative entity data such as what you own or operate

Performance assessment – qualitative entity data such as internal controls, culture of compliance, compliance history, event data

Enhanced Analysis


Targeted Oversight

Provides considerations for an entity’s continuous improvement

Provides focus for Regional Entity for its compliance monitoring activities

COPs will communicate the Regional Entity’s current understanding of aRegistered Entity’s inherent risk and performance profile

COPs will include selected Risk Categories for monitoring

Targeted Oversight


Risk Categories

Asset/System Identification

Entity Coordination

Identity Management and Access Control

Emergency Operations Planning

Operating During Emergencies/Backup & Recovery

Asset/System Management and Maintenance

Training

Modeling Data

Asset/System Physical Protection

Long-term Studies/Assessments

Operational Studies/Assessments

System Protection

Normal System Operations


Prioritized Monitoring


Identifies target interval for oversight, primary monitoring tools, and informs annual planning



1 1 – 3 YearsHigher inherent risk without demonstrated positive performance

2 Higher inherent risk with demonstrated positive performance 2 – 4 Years

3 Moderate inherent risk without demonstrated positive performance 3 – 5 Years

4 Moderate inherent risk with demonstrated positive performance 4 – 6 Years

5 Lower inherent risk without demonstrated positive performance 5 – 7 Years

6 Lower inherent risk with demonstrated positive performance

6 + Years


Performance Impact

Category 1

The target monitoring interval for a higher risk entity without demonstrated positive performance is once every 1 – 3 years.

A Regional Entity will use one or a combination of the following CMEP Tools:• Audit (on or off-site)• Self-Certifications• Spot Check

Category 2

The target monitoring interval for a higher risk entity with demonstrated positive performance is once every 2 – 4 years.

A Regional Entity will use one or a combination of the following CMEP Tools:• Audit (on or off-site)• Self-Certifications• Spot Check

COPs establish target intervals for engagements based off of inherent risk and performance profile


Contents of the COP Report

1. Purpose

2. Analysis and Results

3. Oversight Strategy

App. A: IRA Results Summary

App. B: Standards and Requirements for Monitoring

Single Report


COP Process Implementation Timeline

• Throughout the second half of 2019, Regional Entities will begin implementation of new COP summaries.

• Industry outreach will begin in July 2019 and continue through 2020.



Align Project Update

David Calderon, NERC, Senior Engineer, Grid Planning & Operations Assurance 2019 Compliance and Standards WorkshopJuly 24, 2019


What is Align?

• Single, common portal for registered entities, enabling consistency of experience.

• Real-time access to information, eliminating delays and manual communications.

• Improved capability to support the Risk-Based Compliance Oversight Framework.

• Enhanced quality assurance and oversight, enabling consistent application of the CMEP.


Align Release 1: What to expect as a registered entity?

Stakeholder Group

Release 1 Functionality

• Create and submit Self-Reports and Self-Logs

• Create and manage mitigating activities (informal) and Mitigation Plans (formal)

• View and track Open Enforcement Actions “EAs” (resulting from all monitoring methods)

• Receive and respond to Requests for Information “RFIs”

• Receive notifications and view dashboards on new/open action items

• Generate report of Standards and Requirements applicable to your entity

• Manage user access for your specific entity

Registered Entities


Update on Development

• Development and testing will require a 6-8 week extension.• Revised deployment approach .• Will provide a more manageable go live for NERC and the

Regions.• NERC will go live with two Regions; MRO and Texas RE, by

September 30th.• The remaining regions will onboard by November 1st.


Update on Training

• The following roles need training for Release 1: Primary Compliance Contact (PCC), Alternate Compliance Contact (ACC),

Authorizing Officer (AO)

• Regional staff and registered entity trainings will be rescheduled to after September 15 at the earliest; based on the schedule set up by NERC.

• Will be supported with training materials and process documentation.

• Entities should coordinate with their Regional Align contacts for additional training and timing related questions.


Regional Contacts

Region Contact Name Contact EmailMRO Desiree Sawyer

Marissa [email protected]@mro.net

NPCC Jason Wang [email protected] Ray Sefchick [email protected] Todd Curl [email protected] RE Rochelle Brown [email protected] Michael Dalebout [email protected]

mailto:[email protected]









BreakWebinar participants: We will return at 10:30 a.m. Central


Centralized Organization Registration ERO System (CORES) UpdateRyan Stewart, NERC, Senior Manager of Registration and Certification2019 Compliance and Standards WorkshopJuly 24, 2019


• CORES Concept Video Demonstration https://vimeopro.com/nerclearning/cores-video-library/video/337820719

• Overview of CORES• Registered Entity Pilot Sessions and Outreach Engagements• Training and Outreach Events• Rollout Strategy

Agenda

https://vimeopro.com/nerclearning/cores-video-library/video/337820719


• The objective of the Centralized Organization Registration ERO System (CORES) project is to create a centralized registration system for the Electric Reliability Organization (ERO). This project will address: Processing of registration requests Granting of a NERC Compliance Registry (NCR) identification number The information collected in CORES will be based upon the existing

Common Registration Form that each Regional Entity currently uses for processing registration requests

Link to CORES project page – FAQs, timeline, opportunities for engagement (https://www.nerc.com/pa/comp/Pages/CORESTechnologyProject.aspx)

CORES Overview

https://www.nerc.com/pa/comp/Pages/CORESTechnologyProject.aspx


• The CORES application is hosted on the ERO Portal Each entity user that will register or modify registration with NERC will

need an ERO Portal account https://eroportal.nerc.net/

• Registered entities will not need to register again• The process for collecting data is different – the data is virtually

the same• Initial training videos developed – more in the works

Key Points About CORES Transition

https://eroportal.nerc.net/


ERO Portal Access


• CORES will expand current functionality, align regional registration processes, and provide an improved system-based approach to processing registration requests.

• Central repository for collecting registered entity data• New functionality for entities in multiple regions Coordinated Oversight now captured

• Easily update information in a central location

Benefits


• CORES is not currently planned to be used for: Compliance Monitoring and Enforcement Functions – see the Align project.o https://www.nerc.com/ResourceCenter/Pages/CMEPTechnologyProject.aspx

Certification or Certification Reviewso No system in place for Certification or Certification reviews at this time

BES Exceptionso BES Exceptions will continue to utilize the BESnet application for processing

Key Points About CORES Transition

https://www.nerc.com/ResourceCenter/Pages/CMEPTechnologyProject.aspx


• Focus Group• AWG• ORCS• CCC• Bulletins• Regional Workshops• Registered Entity Pilots – Testing• Training

Outreach and Engagements


• Registered Entity Pilot Sessions May 14 | RF Hosted Reg. Entity Pilot Roadshow May 16 | Texas RE Hosted Reg. Entity Pilot Roadshow May 21 | NPCC Hosted Reg. Entity Pilot Roadshow May 23 | NERC/Slalom Hosted Reg. Entity Pilot Roadshow

Registered Entity Pilot Sessions


• Planned Training Dates (subject to change) June 6/7 | Begin to Post Training Materials July 10| NERC hosted ERO WebEx (pre-release)* July 15-19 | Expected CORES System Release* End of July| NERC hosted ATL ERO In-person & WebEx, open Q&A, (post-

release)* End of July| NERC hosted ERO WebEx (*in-person), open Q&A, (post-

release)*

*Expected based on when this material was developed

Training and Outreach Events


• ERO is currently developing the rollout strategy• Initial group will include pilot session and focus group

participants• Each Regional Entity will work with their unique registered

entities on certain milestones ERO Portal accounts created Contact information verified Data validation from the migration of existing data Entering of other information

• NERC will work with all Regional Entities for those registered in multiple Regions

Rollout Strategy


Website



Multi-Region Registered EntityCoordinated Oversight Program

Fahad Ansari, NERC, Senior Compliance Auditor 2019 Compliance and Standard WorkshopJuly 24, 2019


Terminology


• Streamline ERO Enterprise activities for the registered entities by eliminating unnecessary duplication of administrative tasks

• Focus on risk to reliability, while improving efficiency and consistency of Compliance Monitoring and Enforcement Program (CMEP) Activities

• Coordinate Lead Regional Entity (LRE) and Affected Regional Entity (ARE) oversight responsibilities to work collectively and collaboratively to support risk-based compliance monitoring and effective implementation of the Program

Program Objectives


• Self-Reports• Compliance Audits and Spot Checks• Self-Certifications• Periodic Data Submittals• Complaints• Technical Feasibility Exceptions (TFEs)• Mitigation Plan Review and Verification• Enforcement Coordination• System Events• Organization Registration• NERC Alerts

Activities Under Coordinated Oversight


Current MRRE Program Breakdown

• 50 MRRE Groups in Coordinated Oversight (210 registered entities)

Distribution of 47 MRRE Groups by LRE

MRO, 17

NPCC, 1

RF, 11

SERC, 6

Texas RE, 9

WECC, 6


• Registered Entity Inclusion Criteria Operates in or owns assets in two or more Regional Entity jurisdictions Verifies its Primary Compliance Contact (PCC), Authorizing Officer (AO) or

Primary Compliance Officer (PCO) contact information is accurate prior to submitting request for inclusion

Designates a PCC Common (integrated) Compliance Program across all NCRs and programs

Program Criteria


• LRE Selection Criteria Bulk power supply (BPS)/Bulk Electric System (BES) reliability

considerations Registered entity operational characteristics Resource considerations

Program Criteria


• Focus on Key Program Initiatives Clearly defined roles/responsibilities Timing of conducting Inherent Risk Assessment (IRA) and Compliance

Oversight Plan (COP) CMEP Technology Project

• Onboarding meeting for new participants• Post-audit feedback survey• Publicly posted FAQs and MRRE Coordinated Oversight guide

Stakeholder Communication


• Am I an MRRE?• I am registered in multiple regions under different NCRIDs, can I

participate in the Coordinated Oversight Program?• Upstream owner is not a registered entity, what now?• After participating in the Program, does the number of Regional

Entities reduce to one?• Do I have to respond to NERC Alerts for all NCRIDs in my MRRE

Group?• Why do I have to submit MiDAS reporting in ARE footprint?

Other Questions



Internal Controls in Enforcement

Ed Kichline, NERC, Senior Counsel and Director of Enforcement Oversight2019 Compliance and Standards WorkshopJuly 24, 2019


• Enforcement’s role in the risk-based Compliance Monitoring and Enforcement Program

• Identification and reporting of noncompliance• Risk assessment of noncompliance• Mitigation of noncompliance

Overview


• Outcomes for noncompliance are based on risk• Risk is based on specific facts and circumstances• Mitigation required for all noncompliance• Continuous evaluation and communication of risks Analysis and lessons learned shared publicly Input to risk identification

Risk-Based Enforcement


• Overarching goal of sustainable compliance Focus on robust mitigation to reduce risks and likelihood of recurrence Establishing cultures of continuous learning Meaningful engagements and interactions between Regional Entities and

registered entities throughout resolution of noncompliance

• Value of internal controls to foster lasting solutions

Goals and Principles of Enforcement Activities


• Describe the internal control that led to discovery of the noncompliance Effect on extent of condition review

• Determine whether a preventive control did not work as designed Opportunity for mitigation

Internal Controls in Identifying and Reporting Noncompliance


• Preventive controls that reduce incident probability Reduce the likelihood of something occurring

• Detective internal controls Periodic reviews to identify possible issues

• Corrective internal controls that reduce the length of the noncompliance

Internal Controls in Risk Assessment


• Redundancy in processes that have been drilled and practiced• Walkdowns for additional visibility of facilities and equipment• Automated tools CIP-004-6 R3 CIP-007-6 R5

• Alarms• Checks to ensure the controls are functioning as designed

Controlling risks


• Strengthen the preventive controls that may have failed• Opportunities for improved detective controls• Value of details on your internal controls What will be done Who will do it How often will it be done

Internal Controls in Mitigation


• Report the results of your completed mitigation Any adjustments to ratings or settings? Any applicable patches missed? Any events in unreviewed logs?

Results of Mitigation


• Tasks with checklists Requirements to be kept on hand during performance of tasks Checkbox to confirm use of checklists

• Administrative barriers that cannot be avoided in completion ofactivities CIP-010

• Physical barriers vs. Written policies and warning signs• Requiring sign-off on results of testing, inspection, or

maintenance activity• Revise procedures to include explicit process steps addressing

the missed activity

Effectiveness of internal controls


• Training Recurring mandatory training For new employees soon after onboarding Demonstrating comprehension of training

• Change management Mergers and restructuring Additions of assets and facilities

Effectiveness of internal controls


• PRC and MOD Biannual review of new facilities to identify new equipment to add to the

Protective System Maintenance Program GRC tracking tool with notifications to internal personnel and outside

consultant Preventive Maintenance work orders to ensure completion of periodic

activities

• FAC-008-3 R6 Require two planners to enter and verify data for new facilities and

equipment

• Tracking new or revised Standards to ensure more effective implementation

Examples of internal controls in mitigation


• Greater reliance on what you report• Protection against harm from the noncompliance• Reduced likelihood of recurrence of the noncompliance• Sustainable compliance Enhanced reliability and security

The Benefits of Internal Controls



LunchWebinar participants: We will return at 1:00 p.m. Central


Compliance Guidance

Kiel Lyons, NERC, Senior Manager, Grid Planning and Operations Assurance2019 Compliance & Standards Workshop July 24, 2019


• Background• Compliance Guidance Policy• Types of Guidance• Prequalified Organizations• Endorsement Process• Implementation Guidance Development Aid• Current Guidance• Compliance Guidance Web Page• Resources• Key Take-Aways• Questions and Answers

Overview


Transformation of Guidance Documents• FERC Interpretations• Implementation Guidance• CMEP Practice Guides• Compliance Process Bulletins (being retired)• Directives and Bulletins for Regional Entities (being retired)• Compliance Application Notices (CAN) (being retired)• Compliance Analysis Report (CAR) (being retired)

Background


• Purpose of policy Industry implement Reliability Standards ERO CMEP staff execute duties

• Compliance Guidance team Reviewed role, purpose, development, use, and maintenance Recommended use of examples

• NERC Board or Trustees approved Compliance Guidance Policy

Compliance Guidance Policy


Principles• Cannot change scope of Reliability Standard• May be developed concurrently with Reliability Standard,• Should not conflict• Should be developed collaboratively• Not only way to comply• Additional Considerations: Finite and limited set Related guidance in one location Consider revising standard Apply professional judgment Feedback loops

Compliance Guidance Policy


Compliance Guidance

Implementation Guidance

CMEP Practice Guides

Types of Guidance


• Developed by industry, for industry• Endorsed by the ERO Enterprise• Given deference during monitoring by the ERO Enterprise• Examples or approaches One of several possible approaches

• Developed by: Standard Drafting Team (SDT) Pre-Qualified Organization

Implementation Guidance


• Developed by ERO Enterprise, for ERO Enterprise May be initiated through industry discussions Publically posted

• ERO Enterprise CMEP staff approach Fosters consistency

• All guidance reviewed by NERC Vice President, Deputy General Counsel, and Director of Enforcement

CMEP Practice Guides


Approved by Compliance and Certification Committee (CCC) • The organization must: Be actively involved in NERC operations Have methods to assure technical rigor Possess ability to vet content

Pre-Qualified Organizations


Applicant applies with

the CCC

CCC Reviews Application

CCC notifies the applicant of approval

Applicant is added to Pre-

Qualified Organization

List

Pre-Qualified Organizations

Pre-Qualified Organization Application Process


• Standard Drafting Teams (SDTs) Identifies examples Reviews existing guidance

• Examples vetted by industry through comment/ballot process• Decision to submit for ERO Enterprise endorsement made by Project Management and Oversight Subcommittee (PMOS) liaison NERC standards developer

• May not submit guidance after standard is approved Must be submitted by Pre-Qualified Organization

Standard Drafting Teams


Endorsement of Implementation Guidance• Pre-Qualified Organization or SDT submit proposed guidance Email to [email protected] Include Implementation Guidance Submittal Form

• NERC: Acknowledges receipt Posts proposed guidance Distributes to ERO Enterprise SMEs

• ERO Enterprise endorses or declines to endorse• Publicly posted Non-endorsed noted in spreadsheet

Endorsement Process


http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified_org_submittal_with_form.pdf


Development Aid


• Ensure guidance provides specific examples or approaches to compliance.

• Ensure guidance provides specific examples or approaches to compliance.

• Ensure guidance does not conflict with, or contradict, previously approved documents

• Ensure guidance capitalizes terms defined in the NERC Glossary of Terms when the term is intended to have the same meaning as defined in the Glossary.

• Ensure guidance does not add compliance obligations to an entity that is not specifically required by the subject Reliability Standard and Requirement.

Development Aid


• Ensure guidance does not make the subject Reliability Standard and Requirement less restrictive.

• Ensure guidance does not include language that attempts to describe an audit approach.

• Ensure guidance does not introduce new terminology, attempt to define a term, interpret a term, or clarify an ambiguity in the subject Reliability Standard and Requirement.

• Ensure guidance correctly references footnotes, citations, active links, illustrations, table numbers, attachments, addendums, appendices, etc.

• Ensure guidance does not skip steps or stop short of complying with the subject Reliability Standard and Requirement by addressing the entire Requirement in sufficient detail.

Development Aid


• Consider using the specific language of the subject Reliability Standard and Requirement when possible.

• Consider avoiding terms that were used in previous versions of a Reliability Standard, but are no longer in use in the current version of the subject Reliability Standard and Requirement.

• Consider using illustrations such as diagrams, sample records, flowcharts, templates, etc.

• Consider using softer words such as “should consider”, “may want to”, “recommended”, etc. when the processes, procedures, or approaches described are examples and are not prescriptive and mandatory.

Development Aid


Website


Website


Website


Website


• Compliance Guidance web page http://www.nerc.com/pa/comp/guidance/Pages/default.aspx

• Compliance Guidance Policy http://www.nerc.com/pa/comp/Resources/ResourcesDL/Compliance_Guidance_Policy_FINAL_Board_Accepted_Nov_5_201

5.pdf

• Implementation Guidance Under Consideration http://www.nerc.com/pa/comp/guidance/Pending%20Implementation%20Guidance/Implementation%20Guidance%20Und

er%20Consideration%20or%20Development.pdf

• Pre-Qualified Organization list http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified%20organizations.pdf

• Procedure to Become a Pre-qualified Organization http://www.nerc.com/comm/CCC/Related%20Files%202013/Final%20CCCPP-011_May_BOTCC_updated.pdf

• Pre-Qualified Organization Application http://www.nerc.com/pa/comp/guidance/Documents/Application_Pre-Qualified_Organization.pdf

• How to Submit Proposed Guidance http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified_org_submittal_with_form.pdf

• U.S. Standards One-Stop Shop http://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xls

Resources

http://www.nerc.com/pa/comp/guidance/Pages/default.aspx

http://www.nerc.com/pa/comp/Resources/ResourcesDL/Compliance_Guidance_Policy_FINAL_Board_Accepted_Nov_5_2015.pdf

http://www.nerc.com/pa/comp/guidance/Pending%20Implementation%20Guidance/Implementation%20Guidance%20Under%20Consideration%20or%20Development.pdf

http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified%20organizations.pdf

http://www.nerc.com/comm/CCC/Related%20Files%202013/Final%20CCCPP-011_May_BOTCC_updated.pdf

http://www.nerc.com/pa/comp/guidance/Documents/Application_Pre-Qualified_Organization.pdf

http://www.nerc.com/pa/comp/guidance/Documents/Pre-qualified_org_submittal_with_form.pdf

http://www.nerc.com/pa/Stand/Standard%20Purpose%20Statement%20DL/US_Standard_One-Stop-Shop.xls


• Implementation Guidance Developed by industry for industry, and vetted by industry Endorsed by the ERO Enterprise

• CMEP Practices Guides Developed by ERO Enterprise for ERO Enterprise

• During development of guidance reference the Implementation Guidance Development Aid

• Review the Compliance Guidance Policy document for more details

• Check Compliance Guidance webpage regularly for changes

Key Takeaways



ERO Enterprise CMEP IP Updates

Ryan Mauldin, NERC, Compliance Assurance Advisor2019 Compliance and Standards WorkshopJuly 24, 2019


• Purpose of the Compliance Monitoring and Enforcement Program (CMEP) Implementation Plan (IP) Annual CMEP-related operating plan for NERC and Regional Entities Implementation of risk-based approach for CMEP activities

• Timeline NERC posts on or about September 1 of preceding year Regional Entities submit Regional IPs on or about October 1 NERC reviews and posts combined IP in November Updates may occur throughout year

Implementation Plan Background


• Roles Highlight risks that merit increased focus for CMEP activities Used in prioritizing and evaluating monitoring scopes Not exclusive list of all risks to reliability of the bulk power system (BPS)

• Enhancements Reflects maturing risk-based program Better articulated as discrete issues Clearer focus in the plan on specific Reliability Standard requirements

• Enables feedback mechanism for future plans Evaluates how risks are being prevented or mitigated Results used to shape and impact future monitoring focus

Risk Element Overview


• Several inputs Compliance findings and Enforcement data Event Analysis experience Prioritized or emerging risks Critical Infrastructure Protection themes Reliability Issues Steering Committee’s ERO Reliability Risk Priorities

• Risk elements written to consider potential impact or emerging risk Does not mean all risks Provides actionable information to shape areas of focus

• Risk Elements and areas of focus inform entity-specific COPs and monitoring activities When needed, Regional Risk Elements are used to identify region wide

risks

Establishing Risk Elements


2019 Risk Elements Comparison


• Improper Management of Employee and Insider Access This risk element focuses on the human element of security, one of the

descriptors of cybersecurity vulnerabilities identified in the 2018 Reliability Issues Steering Committee (RISC) report. Regardless of the sophistication of a security system, there is potential for human error.

2019 Risk Elements

Standard Requirements

CIP-004-6 R1, R2, R3, R4

CIP-005-5 R2

CIP-006-6 R1, R2, R3

CIP-007-6 R2, R3, R5

CIP-010-2 R1, R2, R3, R4

CIP-011-2 R1, R2


• Insufficient Long-Term Planning Due to Inadequate Models Adequately modeled planning cases become increasingly critical as a

changing resource mix, deployment of new technologies, etc., affect the risk to BPS reliability.

2019 Risk Elements

Standard Requirements

FAC-002-2 R1, R2, R3, R4, R5

MOD-032-1 R2

MOD-033-1 R1, R2

TPL-001-4 R1, R2, R3, R4


• Insufficient Operational Planning Due to Inadequate Models More comprehensive dynamic load models will be needed to sufficiently

incorporate behind-the-meter generation and distributed load resources such as demand-side management programs. Also, with the recent and expected increases of both utility-scale solar resources and distributed generation, the causes of a sudden reduction in power output from utility-scale power inverters need to be widely communicated and addressed by the industry.

2019 Risk Elements

Standards Requirements

MOD-032-1 R2

MOD-033-1 R1, R2

TOP-003-3 R1, R2

TPL-001-4 R1, R2, R3, R4


• Spare Equipment with Extended Lead Time Spare equipment strategy is an important aspect of restoration and

recovery. The RISC report identifies that the failure to maintain equipment is a reliability risk exacerbated when an entity either does not have replacement components available or cannot procure needed parts in a timely fashion. The failure to properly commission, operate, maintain, prudently replace, and upgrade BPS assets generally could result in more frequent and wider-spread outages, and these could be initiated or exacerbated by equipment failures.

2019 Risk Elements


CIP-014-2 R1, R5

TPL-001-4 R2.1.5


• Inadequate Real-time Analysis During Tool and Data Outages Entities are to be encouraged to have realistic plans to continue real-time

analysis during outages of tools, loss of data, or both. This risk element is made more important in situations where planning models may not keep pace with increasing BPS complexity and accurately reflect area specific dependencies on inverters, natural gas, or other items.

2019 Risk Elements


IRO-008-2 R4

TOP-001-4 R13


• Improper Determination of Misoperations The 2018 RISC report includes a key point that the ERO Enterprise, the

impacted organizations, and the respective forums and trade organizations should perform post-event reviews to capture lessons learned and how to reduce the impact of future events. These reviews will be incomplete if not every event is noticed because the relay operations were not reviewed by qualified personnel. The report also identifies the risk posed by the increasing complexity in protection and control systems, further emphasizing the importance of a skilled workforce analyzing events and relay operations.

2019 Risk Elements


PRC-004-5(i) R1, R3


• Inhibited Ability to Ride Through Events Generating plant protection schemes and their settings should be

coordinated with transmission protection, control systems, and system conditions to minimize unnecessary trips of generation during system disturbances. Increased implementation of inverter-based resources has brought a focus on this issue.

2019 Risk Elements


PRC-019-2 R1

PRC-023-4 R1, R2, R6

PRC-024-2 R1, R2

PRC-025-2 R1


• Gaps in Program Execution Where records are not kept up to date, inaccurate models and damaged

equipment can result. Failing to keep accurate inventories of responsibilities and equipment following asset transfers, addition of new equipment, or mergers and acquisitions, is causing incomplete entity programs in Facility Ratings and vegetation management.

2019 Risk Elements


FAC-003-4 R1, R2, R3, R5, R6, R7

FAC-008-3 R6

PRC-005-6 R3


Looking Ahead to 2019


• 2019 ERO Enterprise CMEP IP V2 https://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/2019_ERO_CMEP_Implementation%20Plan_V2%20November%202018.pdf

Resources

https://www.nerc.com/pa/comp/Reliability%20Assurance%20Initiative/2019_ERO_CMEP_Implementation%20Plan_V2%20November%202018.pdf



BCSI / Cloud Update

Lonnie Ratliff, NERC, Senior Manager Cyber and Physical Assurance2019 Industry Compliance and Standards WorkshopJuly 23, 2019


• Awareness / Meetings ERO Enterprise / FedRAMP

• CIWG Tabletops Microsoft Azure TBD

• Moving Forward BCSI Practice Guide Project 2019-02

Overview


• The Federal Risk and Authorization Management Program (FedRAMP) Government-wide program Standardized approach to security assessment, authorization,

and continuous monitoring for cloud products and services• Enables Agencies to rapidly adapt from old, insecure legacy IT to

mission-enabling, secure, and cost effective cloud-based IT• Established a mature marketplace to increase utilization and

familiarity with cloud services • Facilitating collaboration across government through open

exchanges of lessons learned, use cases, and tactical solutions.

FedRAMP


• FedRAMP Project Management Office onsite Evidence Review Third party assessment organization (3PAO) reports

• Coalfire (3PAO)• Microsoft (Cloud Service Provider) Azure Implementation Guide

April ERO Enterprise Meeting


• Examine existing Azure FedRAMP Moderate / High evidence. • Assist the ERO Enterprise in determining the suitability of

FedRAMP evidence to demonstrate compliance to the NERC CIP standards

Microsoft Azure Visit Objectives


• ERO Enterprise All Regions and NERC represented

• CIWG Representation• Reviewing Evidence Offsite review of Security Analysis

Report Detailed review of evidence provided Reviewing Microsoft created RSAWs

• Azure Cloud Options Azure Moderate / High Azure Government

Microsoft Azure Visit


• Objectives Consistent application of controls Consistent evidentiary requirements Reasonable assurance across multiple CSP’s

• Who / What / How Possible same ERO Enterprise Team Different Cloud Service Provider Different 3PAO Similar type of review

Additional Tabletop(s)


• Purpose Provide direction to ERO Enterprise CMEP staff around BCSI

• Released – April 26, 2019• Focus Access and Authorization (the ability to both obtain and use) Securely handling in storage, transit, and use

• Considerations Encryption, with key management Data could be on premise or off premise

• Possibly retire when Project 2019-02 is complete

ERO BCSI Practice Guide


• BackgroundCreating increased choice, greater flexibility, higher availability, and reduced-cost options for entities to manage their BES Cyber System Information, by providing a secure path towards utilization of modern third-party data storage and analysis systems. In addition, the proposed project would clarify the protections expected when utilizing third-party solutions.

• History Submitted by Tri-State Generation Discussed through CIWG

• Standards Authorization Request Drafting Team June 18 – 19, 2019 face-to-face meeting Standards / Requirements need clarification or modification

Project 2019-02 BCSI Access Mgt



BreakWebinar participants: We will return at 2:45 p.m. Central


Standards Update

Howard Gugel, NERC, Vice President of Engineering and StandardsCompliance and Standards Workshop July 24, 2019


• Revisions to FAC-011 Working to clarify System Operating Limit(SOL) Exceedances (Requirement

R6) Conducting a data analysis to understand the impact of proposed revisions

to industry

• Revisions to FAC-015 Working to make revisions based on industry comment regarding

Coordination of Planning Assessments with the Reliability Coordinator’s SOL Methodology

• Next 45-day formal comment period and additional ballot scheduled for late August 2019.

Project 2015-09 Establish and Communicate SOLs


• Phase I: Proposed Standard BAL-003-2 modifies the currently-effective standard

and process documents to address: o The inconsistencies in calculation of Interconnection Frequency Response

Obligation(IFRO)s due to Interconnection Frequency Response performance changes of Point C and/or Value B;

o The Eastern Interconnection Resource Loss Protection Criteria (RLPC); o The frequency of nadir point limitations (currently limited to t0 to t+12); o Clarification of language in Attachment A, i.e. related to Frequency Response

Reserve Sharing Groups (FRSG) and the timeline for Frequency Response and Frequency Bias Setting activities; and

o The BAL-003-1.1 FRS Forms enhancements that include the ability to collect and submit FRSG performance data.

Initial Posting - 45-day comment and ballot period December 4, 2018-January 17, 2019, with 96.41% approval and 92.02% quorum.

NERC Board Adoption November 2019

Project 2017-01Phase I Modifications to BAL-003


• Phase II will consider: Revisions to the Reliability Standard to address the Real-time aspects of

Frequency Response necessary to maintain reliability; Ensuring comparability of and applicability to the appropriate responsible

entities; Developing measurements to incorporate Real-time and resource and load

characteristics; and Ensuring equitability of performance.

• Informal comment period August 2019• NERC Board Adoption May 2020

Project 2017-01Phase II Modifications to BAL-003


Project Scope:

• Update the PRC-024 ride-through curves to clarify that the area outside the “No Trip” zone is not a “Must Trip” zone

• Clarify inconsistencies to ensure that instantaneously calculated frequency is not permissible to define the trip parameters

• Clarify the Curve Details section of the “Voltage Ride-Through Curve Clarifications”

• Consider whether the to reinforce that the requirements pertain to the point of interconnection

Project 2018-04 Modifications to PRC-024


• Clarify if the voltage and frequency protective functions within an inverter control system that trip the inverter are subject to of PRC-024

• Clarify that plant auxiliary equipment protection systems are not subject to the requirements of PRC-024.

• Clarify whether the use of momentary cessation within the “No Trip” zone of PRC-024 does not comply with the standard.

• Consider whether Interconnection-specific modification(s) or Regional Variance(s) are necessary for the voltage ride-through time duration curve(s) in Attachment 2.

Project Scope


• The Supplemental Standards Authorization Request (SAR) expands the scope of the project to eliminate identified reliability issues by: Requiring all voltage and frequency protection up to the point of

interconnection (the high voltage side of the generator step-up (GSU) or collector transformer) to adhere to PRC-024;

Requiring those Transmission Owners that own the GSU or collector transformers and the associated voltage and frequency protective relays to be compliant with the standard.

Project Scope – Supplemental SAR


• The SDT is still considering comment from the initial posting that closed on May 31, 2019

• Supplemental SAR comment period closes – July 26, 2019• SDT Meeting to review SAR comments and modify SAR, if

necessary – July 31, 2019• Updated SAR submitted to SC – August 21, 2019• Next in-person SDT meeting – September 4–6, 2019 ERCOT offices (Austin, TX)

• 45-day additional ballot scheduled – September 13 – October 28, 2019

• SDT Meeting (in-person or remotely) – November 5–6, 2019

Project Timeline


• FERC Order No. 851 directs NERC to develop and submit modifications to Reliability Standard TPL-007-2: to require the development and implementation of corrective action plans

to mitigate assessed supplemental Geomagnetic Disturbance (GMD) event vulnerabilities; and

to authorize extensions of time to implement corrective action plans on a case-by-case basis.

• Initial Ballot and Comment Period scheduled July 26, 2019 through September 8, 2019

• NERC Board Adoption May 2020• Regulatory Filing deadline July 2020

Project 2019-01 Modifications to TPL-007-3


• Bulk Electric System (BES) Cyber System Information Access Management To clarify the CIP requirements and measures related to both managing

access and securing BES Cyber System Information.

• SAR Drafting Team (DT) met on June 18-19, 2019 to make revisions to the SAR and respond to industry comments.

• SAR will be presented to the Standards Committee for Authorization on July 24, 2019 NERC

• Standard Drafting Team’s first meeting is tentatively scheduled for August 6-7, 2019.

Project 2019-02 BCSI Access Management


• FERC Order No. 850 directs NERC modify the Supply Chain Standards to address EACMSs, specifically those systems that provide electronic access control to high and medium impact BES Cyber Systems.

• NERC Supply chain report also recommends addressing Physical Access Control Systems (PACS) that provide physical access control (excluding alarming and logging) to high and medium impact BES Cyber Systems.

• SAR Comment Period July 2, 2019 – August 1, 2019• NERC Board Adoption November 2020• Regulatory Filing deadline December 2020

Project 2019-03 Cyber Security Supply Chain Risks


• CIP-002-6 Ballot Passed with 87.39% approval

• Virtualization Updates What we heard… Definitions CIP-005-7

Project 2016-02 Modifications to CIP


• Initial Ballot September 14 – October 30, 2017 TO Control Center (TOCC)

• Additional Ballot March 16 – April 30, 2018 (TOCC)• Additional Ballot – Added IROL SAR | August 23 – October 9,

2018• Additional Ballot CIP-002-6 w/TOCC & Planned / Unplanned

Change & Removed IROL Modifications | July 17, 2019

CIP-002-6 Timeline


• What we heard • Virtualization Case for Change White Paper Overwhelmingly positive response (85%+) Discussion of current configurations…

Virtualization Updates


• Cyber Asset (CA)• Electronic Security Perimeter (ESP)• BES Cyber System (BCS)• External Routable Connectivity (ERC)

Definitions - Unchanged


• Virtual Cyber Asset (VCA):A logical instance of an operating system, firmware, or self-contained application hosted on SCI.

• Shared Cyber Infrastructure (SCI):Programmable electronic devices whose compute, storage, or network resources are shared with one or more Virtual Cyber Assets or that perform logical isolation for an ESZ. This includes its management systems.

• Electronic Security Zone (ESZ):A security zone is a segmented section of a network that contains systems and components to create logical isolation.

New Definitions


• BES Cyber Asset (BCA) – to include Virtual Cyber Asset and exclude Shared Cyber Infrastructure.

• Transient Cyber Asset (TCA) - to include Virtual Cyber Asset & SCI connectivity

• EACMS -> EACS + EAMS - to include Virtual Cyber Asset • PACS -> PACS + PAMS - to include Virtual Cyber Asset • Protected Cyber Asset (PCA) - to include Virtual Cyber Asset &

those VCAs that share memory and CPU with a BCS• Removable Media (RM) – to include SCI connectivity

Updated Definitions


• Allow old style to remain: ESP, BCS, ERC scoping, etc.

• Create virtualization specific controls alongside for: ESZ, SCI, Virtualized BCAs, EACMS, PACS, PCAs etc.

• Test with many samples (Pinecone Power)

Requirements Approach


• Move toward technology agnostic requirements. • New terms to help describe the virtual environment. Clarify new requirements for the virtual environment.

• Preserve Cyber Asset term for backwards compatibility.

How We Can Move Forward


• Continue Virtualization Standard Drafting Efforts: Thursday Conference Calls (noon – 2:00 p.m. Eastern) July 16-19, 2019 in-person CIP SDT Meeting – NERC, D.C. August 27-29, 2019 in-person CIP SDT Meeting – NERC, Atlanta September 24-26, 2019 in-person CIP SDT Meeting – NPCC NYNY

• Upcoming postings Informal posting of CIP-005-7, July 23, 2019* Informal posting of CIP-007 & CIP-010, November

Next Steps



Standards Efficiency Review

Chris Larson, NERC, Manager of Standards Information 2019 Compliance & Standards WorkshopJuly 24, 2019


Overall: Evaluate NERC Reliability Standards using a risk-based approach to identify potential efficiencies through retirement or modification of Reliability Standard Requirements. This project seeks to identify potential candidate requirements that are not essential for reliability, could be simplified or consolidated, and could thereby reduce regulatory obligations and/or compliance burden.

SER Project Scopes

Phase 2: Evaluate NERC Reliability Standards (O&P and CIP), as informed by implementation experiences and compliance practices, to develop and recommend standards-based solutions intended to reduce inefficiencies and unnecessary regulatory burdens for the purpose of supporting continued safe, secure and reliable operations.


Phase 1

SER Working Teams & Timeline

RTOP

LT

2018-03 SDT

P2

1

23

4

2018-03 SDT

P2

CIPSER

2017 2018 2019 2020

CIPSDT

New scope

Phase 2 Concepts

Modifications


Multi-phase Approach

Project 2018-03 SER Retirements (Phase 1)• Focused primarily on retirements• Three working teams consisted of 50+ industry participants• Initial SAR proposed 107 Requirements, list trimmed to ~84 after

further discussions with NERC and FERC• Final ballot: April 23-May 2Phase 2:• Six efficiency concepts presented in February 2019 webinar • Industry survey 75 participants of ended March 22• Evaluate & prioritize concepts• Modifications of and dependencies with requirement(s) Sub-team of Phase 1 and Phase 2 members

CIP SER: define scope, approach, and timeline; form working team


Phase 1 Deliverables

• Focused primarily on retirements• Revised SAR submitted to Standards Committee (Summer 2018)• Appointed Project 2018-03 SER Drafting Team (October 2018)• Initial comment and ballot period closed (April 2019) Ballot pools of 300+ voters with ~97% approval average

• Final ballot ended (May 2019)• Presented to NERC Board of Trustees (May 2019)• NERC staff submitted two petitions to FERC (June 2019)


Phase 2 Deliverables

• Form SER Phase 2 team by supplementing with new CCC & SC members (complete)

• Clarify and adjust scope of work for Phase 2 (complete)• Identify key issues to address with Advisory Group (complete)• Review alternatives and concepts proposed by Phase 1

(complete)• Develop new efficiency concepts (complete)• Evaluate and identify best efficiency concepts (complete)• Draft recommendations for prioritized concepts (2019 Q4 - 2020)


Phase 2 Industry Survey

• Gauged level of support (1-10) of each concept from 75 participants, equally weighted Concept 1: Evidence Retention (8.12) Concept 5: Consolidate Information/Data Exchange Requirements (8.11) Concept 3: Move Requirements to Guidance (7.85) Concept 2: Prototype Standard (7.78) . Concept 6: Relocate Competency-based Requirements to the Certification

Program/Controls Review process (6.85) Concept 4: Consolidate & Simplify Training Requirements (6.19)

• Reviewed industry survey responses, comments, and concerns• Evaluated and prioritized concepts based on potential benefit,

feasibility and effort of implementation


CIP SER

• CIP SER: using a risk-based approach, evaluate NERC CIP Reliability Standards in order to identify potential efficiencies through retirement or modification of Reliability Standard Requirements

• Approach is very similar to SER Phase 1• Key considerations: Focus first on retirements, then on modifications Relationship & communications with active drafting teams Industry input in parallel with working team formation CIP has less history of mandatory and enforceable

• Working team nominations ends August 16• Industry input using SER Matrix ends August 26• Analysis of industry feedback (August - September)


Resources

• Project 2018-03 SER Retirements• Standards Efficiency Review Phase 2 • CIP Standards Efficiency Review

https://www.nerc.com/pa/Stand/Pages/Project-2018-03-Standards-Efficiency-Review-Retirements.aspx

https://www.nerc.com/pa/Stand/Pages/Standards-Efficiency-Review.aspx

https://www.nerc.com/pa/Stand/Pages/CIP-Standards-Efficiency-Review.aspx



NERC Registration and Certification Updates

Ryan Stewart, NERC Sr. Mgr. of Registration and Certification2019 Compliance and Standards WorkshopJuly 24, 2019


• Overview of Certification and Registration Programs• The Organization Registration and Certification Subcommittee

(ORCS) and Organization Registration and Certification Group (ORCG)

• Project and Focus Areas

Agenda


NERC ORCP Team


• Overview of Registration Program NERC Rules of Procedure (ROP) Section 500 and Appendices 5A and 5B Program put in place to clearly identify those entities that are responsible

for compliance with the FERC approved Reliability Standards NERC established and maintains a NERC Compliance Registry (NCR) Various registration options Daily Registration Processingo Common Registration Formo Information Technology (IT) System Work Flows

Regional Entity Oversight NERC-led Review Panels

Overview of Certification and Registration Programs


• Overview of Certification Program NERC Rules of Procedure (ROP) Section 500 and Appendix 5A Program put in place to certify a new Reliability Coordinator (RC),

Balancing Authority (BA), and/or Transmission Operator (TOP) has the tools, processes, procedures, and capabilities to reliably operate for that function

Program includes process for entities to maintain Certification Regional Entity Oversight

Overview of Certification and Registration Programs


• Electric Reliability Organization (ERO) group for managers, engineers, analysts, etc. Work pertaining to Registration, Certification, BES Exceptions, IT efforts,

NERC-led Review Panels, etc.

• NERC co-chairs the ORCG with a Regional member• Group has an annual Work Plan• ORCG conducts bi-weekly calls and meets on a periodic basis in-

person

Organization Registration and Certification Group (ORCG)


• Industry group, reporting to the Compliance and Certification Committee (CCC)

• NERC acts as secretary• Purpose: Advise and provide support to NERC and the Regional Entities with

development and implementation of organization registration and certification processes (i.e., ROP 500 & Appendix 5), and

Advise and provide ongoing support to NERC and the Regional Entities relating to approved organization registration and certification processes.

Organization Registration and Certification Subcommittee (ORCS)


• NERC Registration team managed the SPP RE transition process• Supported FRCC RE transition• Western Interconnection RC transition• IT applications CFR Tool CORES

• Possible NERC Rules of Procedure changes Certification review “trigger” language Coordinated Functional Registration (CFR) and Joint Registration

Organization (JRO) language clarity RBR implementation

Projects and Focus Areas




Closing Announcements

Steven Noess, NERC, Director of Regulatory Programs 2019 Compliance and Standards WorkshopJuly 24, 2019